How to Create New Users & Groups in Linux - Cloud Network

Networking | Support | Tricks | Troubleshoot | Tips

Buymecoffe

Buy Me A Coffee

Wednesday, September 3, 2014

How to Create New Users & Groups in Linux

User Permission

###User Account & Password Management###

There are three type of user account in Red hat Linux .
1.    Super user or Administrative account
2.    Regular user account
3.    service account

1.    Super User created automatically at the time of installation.
2.    Regular user Account:-
a.    Using command line method useradd or adduser command
b.    Graphical method by using Red hat user manager utility
 
# adduser user_name (Recommended : minimum 6 character used  in password)
# passwd user_name

Example:-
#adduser rakesh
#passwd rakesh
 Now open the file /etc/passwd to check the entry of user

#vi /etc/passwd
it contain 7 entry of each user
1.    Username
2.    Password
3.    userid
4.    groupid
5.    blank (User information field ) comment
6.    home directory
7.    login shell

password entry for each user will be stored in /etc/shadow
# vi /etc/shadow

now in order to check the Userid, Group we use /etc/login.def

# vi /etc/login.def
when any user account is created then user will get userid, groupid automatically from /etc/login.def

5th field is used for user information or comment

6th field is used for home directory. When any user is created its default home directory is created inside /home/rakesh

7th field is login shell. Default shell for user is /bin/bash different shells are used
    ksh, sh, csh, tcsh,zsh

shell is an user interface between user and O.S.

linux command shell is a prompt that allow us to interact with our system by executing various command.

In order to check the shell available use /etc/shells
# vi /etc/shells

in order to get the information about the group we need /etc/group
#vi /etc/group
it contain four field
1.    Group name
2.    password
3.    GroupId
4.    Member of group

# finger:this command is used to get the information about the user

Syntax:
    #finger username
    #finger rakesh

#id:this command is used to get userid, groupid of the user

syntax:
    #id username
    #id rakesh

Creating Group:
Syntax:
#groupadd groupname
 #groupadd g gid groupname
Example:
    #groupadd raj

Exercise:
Create a user that should have uid=1000 shell=sh description and home directory as /data
Sol:
    #useradd u 1000 c rakeshpundir s /bin/sh d /data rakesh
    #passwd rakesh

Grpahically
System Setting :-> User & Group
OR

#system-config-user

Every user have two group one is elementary group or primary group and secondary group
    -g    :    Primary Group
    -G    :    Secondary Group

Creating Group
#groupadd g1
#groupadd g2

Steps:
1.    adding group to the user
#usermod g g1 G g2 rakesh
2.    To change id of the user
#usermod u 1001 rakesh
3.    change comment
#usermod c rakeshsingh
4.    change home directory
#usermod d /rakesh-home rakesh –m
5.    change shell
#usermod s /bin/bash rakesh
6.    change user login name
#usermod l newname oldname
#usermod l rajesh rakesh
7.    Change Group name
#groupmod n newname oldname
#groupmod n group1 g1
8.    change Group id
#groupmod g 2005 group1

------------------------------------------------------------------------------------------
###User/Group Management###
--------------------------------------------------------------------------------------
Features:
 1. The ability to control users and groups

Primary tools:
 1. useradd - used to add users and modify group membership
 2. system-config-users

Task:
 1. Create a user named 'student1' using 'useradd'

Note: Default user settings derive from: /etc/login.defs
 a. useradd student1
 b. set password for user 'student1': passwd student1


Default User Accounts DB: /etc/passwd
student1:x:501:501::/home/student1:/bin/bash

username:shadow_reference:uid:gid:Description(GECOS):$HOME:$SHELL
Note: /etc/passwd is a world-readable file
Note: /etc/shadow now stores passwords in encrypted form
Note: /etc/shadow is NOT world-readable

Fields in /etc/shadow:
student1:$1$XSFMv2ru$lfTACjN.XxaxbHA0EkB4U0:13891:0:99999:7:::

1. username:
2. encrypted_password:
3. Days_since_Unix_epoch_password_was_changed (01/01/1970)
4. Days before password may be changed
5. Days after which the password MUST be changed
6. Days before password is to expire that user is warned
7. Days after password expires, that account is disabled
8. Days since Unix epoch, that account is disabled
9. Reserved field (currently unused)

2. Modify user 'student1' to have password expire after 45 days
a. usermod

Groups:
 1. groupadd - adds new group
 2. groups - lists groups on the system: /etc/group
/etc/group - maintains group membership information

Task: Create a 'sales' group and add 'linuxcbt' and 'student1' as members
 1. groupadd sales
 2. usermod -G sales linuxcbt
 3. usermod -G sales student1

Note: 2 types of groups exist:
 1. Primary - used by default for a user's permissions
 2. Supplemental - used to determine effective permissions

Note: use 'id' to determine the group information of user
Note: Create a new shell session to realize new group membership information

userdel/groupdel are used to delete users and groups, respectively

Features:
 1. The ability to restrict/control access to files

Note: 10 bits represent permissions for files (including directories)

Note: use 'ls -l' to examine permissions or GUI application like 'Nautilus'

-rwxrwxr-x 1 linuxcbt linuxcbt  681 Jan 13 11:31 regextest.pl

1st bit = file type. '-' = file, 'd' = directory
2nd - 4th bits = owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0

5th - 7th bits = group owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0

8th - 10th bits = everyone (world)
r = read = 4
w = write = 2
x = execute = 1
- = none = 0

Task:
1. Manipulate file permissions using 'chmod'
a. chmod -x regextest.pl

-rw-rw-r-- 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl
rw = 6 or 4+2 for owner
rw = 6 or 4+2 for group owner
r = 4 for everyone else (world)

Octal notation: 664 for file 'regexetest.pl'

chmod 664 regextest.pl - removes execution for ALL users
chmod 775 regextest.pl - enables execution for ALL users


 2. Ensure that 'regextest.pl' is rw by owner and noone else
 a. chmod 600 regextest.pl

Note: File will now be rw by owner (linuxcbt) and 'root'

 3. Ensure that 'regextest.pl' is r by owner and noone else
 a. chmod 400 regextest.pl && ls -l regextest.pl

Note: chmod supports string values, which represent octal values
chmod +/- x file
chmod +/- w file
chmod +/- r file

chmod +/- u+x file - updates owner's execute permissions on the file
chmod +/- o+x file - updates other's execute permissions on the file
chmod +/- g+x file - updates group's execute permissions on the file

chmod a+rwx = chmod 777

chown - permits changing of ownership of files
 a. chown root regextest.pl - changes ownership to 'root'
 b. chown linuxcbt:sales regextest.pl - changes owner and group to 'linuxcbt:sales'

Task:
 Update 'regextest.pl' so that owner and group owner may modify the file

 a. chmod 660 regextest.pl

SETUID:
 Features:
  1. ability to execute file as owner

chmod 4760 regextest.pl - this will ensure that the perl script always executes as the user 'linuxcbt'
-rwsrw---- 1 linuxcbt sales 787 Jan 13 16:08 regextest.pl

's' in the execute position means that the program will execute as that user


SETGID:
 Features:
  1. Ability to enforce permissions to a directory structure

mkdir /sales
chmod 2775 /sales

Create a file in the '/sales' directory as 'linuxcbt'
seq 1000000 > linuxcbt.1million.txt


chgrp:
 Permits updating of group permissions


Sticky Bit:
 Features:
  1. Ability to ensure that users cannot delete others' files in a directory

drwxrwxrwt 23 root root 4096 Jan 13 15:05 /tmp/


/tmp - users cannot delete other user's files in '/tmp'

chmod 3777 /sales - ensures that /sales will not lose files from incorrect users

Task:
 1. Set '/sales' using sticky bit and test
  a. chmod 3777 /sales && ls -ld /sales OR chmod 777 /sales && chmod +t /sales


Thanking You
Hope U Like it......

Ubuntu 14.04

Linux Mint 17

Python

Nagios

Oracle Linux 7
Reset Root Password