All the things you should know about Linux Server User Management

      Comments Off on All the things you should know about Linux Server User Management

We have two ways to manage linux users. One we can manage users by creating single users and give them access to particular shells and restrict them to access certain stuffs inside our machine and another one way is managing user by creating groups.

What is a User : User is a person who can use the machine with some specific set of permissions.

What is a Group : Group is a logical entity. Many persons can have access to do certain things when they connect to the specific group.

==> When we create a user, a group with the same name of user will also be created automatically. This group is the primary group of the user and this both user and group will have the same id.

==> Usually user id[UID] will start from 0 and UID from 0 to 499 would be reserved for system in previous versions of Linux, In newer versions of Linux dist reserved UIDs are from 0 to 999. When we create the first user it will create the user with UID 1000.

==> UID 0 will be assigned to root and UIDs from 1 to 999 well be reserved for system and application users. For example when we install apache we server it will create a user by the name of apache with a UID range with in 0 to 999 and also with nologin shell [/sbin/nologin].

Database Files of user and group:

1, /ect/password:

==> This passwd file will contain the information about the users, we can add, delete and modify users behaviour by editing this file. When we open this file with cat command it will be bit leangthy so i would always open it with tail or head command, we should be careful when we editing this file. Colon (:) separated.

# head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
bin : x : 1 : 1 : bin : /bin

/sbin/nologin

User

Password field

UID

GID

Comment GECOS

User’s home directory

Login shell

* root is also similar to this.

When we give nologin shell to one user, that user can’t login to the system. We would give nologin shell to applications for security.

# tail -1 /etc/passwd
admin:x:1001:1001:Devops Admin:/home/admin:/bin/bash

admin :

x : 1001 : 1001 :

Devops Admin :

/home/admin

/bin/bash

User

Password field

UID

GID

Comment GECOS

User’s home directory

Login shell

How to add user:

# useradd admin

It is the command we should use to create users in Linux dist, we can use # adduser command in ubuntu for customization.

How to delete user:

# userdel admin

This command will delete the user, to delete the user with his home directory we should use -r with this command.

How to modify one user:

# usermod [OPTION]

This is the command to modify the user

To add comment name to an user we have to use usermod command,

# usermod -c “Devops Admin” admin

To change shell of user we should use,

# usermod -s /sbin/nologin admin

=> This will change the user admin’s login shell from /bin/bash to /sbin/nologin, so he can’t login again.

To find the available login shells, we should use,

# cat /etc/shells
/bin/sh
/bin/dash
/bin/bash
/bin/rbash

=> This command will give you the available shells in the system..

2, /etc/shadow:

==> This file will contain the information about the users password. When we give a password to one user, that password will be stored into this file in encrypted form. Colon (:) separated.

# head -1 /etc/shadow
root:*LOCK*:14600::::::

==> This will lock the password login of user to avoid remote ssh access with password into the system as root.

# tail -1 /etc/shadow
admin:$ajWUIiduC642yq3.JDKUNzhs.gPqRbV.dHoMiMA2W1:17077:0:99999:7:::

Here you can see encrypted password $ajWUIiduC642yq3.JDKUNzhs.gPqRbV.dHoMiMA2W1.

Structure:

admin

$ajWUIiduC642yq3.JDKUNzhs.gPqRbV.dHoMiMA2W1

17077

0

99999

7

User

password

Password age

m

M

W

I

E

User

Encryptedpassword

Paaword age

Minimum days to change password

Max days to change the password

Warning

[only 7 days left for password expire]

Inactive date, next day of password expire

Password expire date

==> “Password Age” is the days of the user created after 1970 january 1. 1970 jan 1 is the day which unix operating system was created.

==> “m” is nothing but minimum days required to change the password, 0 means user can change password anytime, if we give 30 then user can’t change password before 30 days.

==> “M” is maximum days require to change password. User should change password before M number of days.

==> “W” is the warning days before password expires.

==> “I” is inactive date. This is the date next to expire date.

==> “E” is expire date, if we give 30 then password will expire after 30days of creation.

How to change password permissions:

use the following command’

# chage -m 10 -M 6666 -W 3 -I 17001 -E 17000 admin

3, /etc/group:

==> This file will contain the information of groups. Colon (:) separated.

# head -1 /etc/group
root:x:0:admin
# tail -1 /etc/group
testinggrp:x:1002:admin,dinesh

Structure:

testinggrp x 1002 admin,dinesh
Group name Group password GID Members

==> When we come to groups, we have two types of groups,

1, Primary group -> group which created when creating the user with same name and ID.

2, Secondary group -> Group which we are adding the group after the user created to provide specific permission.

==> Any primary group can be secondary group of other group.

Adding User to Group:

==> To add one use to one specific group we should use the following command,

# usermod -aG <groupname> <username>

=> To check whether it is added or not,

# id <username>

It will show the name and id group which the user has added.

To move the user from one group to other group we should use,

# usermod -G <groupname> <username>

==> To change the password of one group use,

# gpasswd admin

4, /etc/gshadow:

==> This file will contain the encrypted password information about the groups. Colon (:) separated.

# head -1 /etc/gshadow
root:*::admin

=> It seems no password to root group and admin user is in root group.

# tail -1 /etc/gshadow

admin:$6$zYau1Dtbnz/X0c$G6rGw9Ko3.BF6L9v9p/tZDihGbfatIOi/P:admin:dinesh,test

Structure:

admin

$6$Yau1Dtbnz/X0c$**

admin

dinesh,test

Group name

Encrypted password

Group Admin

members

=> when we add one group by writing into /etc/group file we should add that group in this file also otherwise users can’t access the group.

=> To add administrator to one group use,

# gpasswd -A <adminname> <groupname>

==> Other database files are,

5, /home/username:

==> Home directory of users where all the data of users will be stored.

Eg, /home/admin

6, /var/spool/mail/username:

==> Mail file for user where all the mails for the user will be stored.

Eg, /var/spool/mail/admin

Sharing is caring!

About Dinesh Sobitharaj C

An IT professional having multiple years of experience in IT Infrastructure planning, System integrations, Project implementation and delivery. Devops Enthusiast skilled with broad ranges of technology adoption. Well versed with Cloud Computing and Application Service Offerings such as SaaS/PaaS/IaaS. Expert in aligning business goals, mission and process to architect innovative solutions and strategies.