LPI 101-500 – 107.1: Manage user and group accounts and associated system files
- useradd, userdel, passwd
In the working life of a system engineer or classic administrator. We will often be confrontated with topics from the following lessons because this is about users in general create users, create groups, change passwords, delete users and so on. So let’s maybe be start by creating a user. The command for this is user ad. Let’s take a look at the man page user at user ad create a new user or update default new user information. Of course we have various options here which are very important in this case because we will need a few of them in a moment. I would now make myself root for this lesson because you need root rights for almost every command that we are going to learn here.
And so I can save myself the constant pseudo. Now I’m root in theory it is sufficient to simply execute the user at command with an appropriate name. For example user ad tone no error message the user was created. In practice, however, that’s not quite enough. Why not? Let’s just log in as tom and we see an error message right here. We are logged in as tom, but the account doesn’t really seem to have been created correctly. What does this error message mean? It means that the user tom does not have his own home directory. Perhaps you remember in the 101 part I mentioned that each user has his own home directory. Of course this should and must be the case.
But as we can see here, if a user is not created correctly, it does not have its own home directory. So let’s see where we are right now. And you see we are in the root directory right now. That means in order to create a user, we still have to give a few options. Among other things, we still have to tell the system where the future home directory is located and ideally that this directory should also be generated or created directly. Okay, first I’ll leave the user tom again and I would say we delete the user tom again. To do this we use the user dell command userdell tom and the user tom is now deleted.
So what could the extended user add command look like? For example, as follows I explain what it all means right away user at option d home tom option s okay, use that. Of course use that. The u option means that we are assigning a user ID to the user. We have chosen the ID 1500 here. If we omit this option, the system automatically assigns a user ID. The D option specifies the new user’s home directory, in this case home tom. The m option ensures that the home directory is also created automatically when the user is created. The s option specifies which shell should be used when the user logs in. In this case bin bash.
The C option is just a comment. So this comment at this point is test user and at the very end is the username of the new user tom. Even if we do not need it ourselves. At this point in real life, we have to assign the user a start password. We use the password command for this tom and here I choose a corresponding password and enter it twice. And now the user tom has a start password. By the way, every user can change his own password with a password command even if he does not have root permissions. The password of other users can of course only be changed by root. Okay, let’s log in again with the new user tom and this time we don’t get an error message.
And obviously we have our home directory too. We will check it. And we are now in the home directory of tom home tom. So let’s take a look at the contents of the home directory. And we see that we already have some files. We have here the logout file, the bashrc file and the dot profile file. And we know the files from a previous lesson. Where do these files come from? When the directory is created, these files are automatically copied over from the etsy skel directory. So let’s look at the content of this directory ll at cskgl and we see that they are exactly the same files. This means that if we want to change the content of the dot bear RC file, for example, then you can either do this for an individual user in their home directory or do it globally in the etsy skel directory.
Then all future users will receive the changed bashrc file. You can also create your own directory and use it instead of etsy skel. Let’s try it out. I’m root again. And then for example, let’s see skel two and of course there’s nothing in yet. We just create a file here. For example touch bash RC two and yeah, let’s create another user. For example user one test user. Here k is the option that allows us to specify our own directory instead of at cskel. We used now our own directory at cskel too. Again, to repeat, the content of the etsy skel directory is always and automatically created in the home directory of the new user. With the option k, you can specify an alternative directory which we have done now here with etsy skel two we now log in as a test user.
And we can see here that I’m now logged in as test user. We can also see that we are in the test user home directory. The font is not green this time, however, and our alias ll will no longer work. This is because this time the beschrc file was not copied from the at CSK el directory to our home directory. We should now find an empty file called beshrc two instead because that was the only file that was in the etsy skel two directory. And here we have confirmation. We have our C two file and it’s zero bytes, so no content here. Where are these newly created users stored in the first place? That would be the file at the password, so we can take a look at it password all users who are created on this system are stored in this file.
There are also users here who were automatically created by some applications, which is why this list seems so extensive. Let’s take a look at the last line. So this one here there is more information about the user here which we can take from this line. All of this information is separated from each other by a colon. The user name is always on the far left here test user. As I said, the colon separates this information from the next information. So we have here colon and then we have our second column. The next piece of information is an X. X is the placeholder for the user’s password. The password used to be in plain text here. Today the password has been outsourced and is encrypted in the file at c shadow.
We will look at this file later. The third column contains the user ID, in this case 15 one. In the fourth column we find a group ID. This is usually the same as the user ID because when a user is created, a group is automatically created for this user. This group then always has the same name as the user and also the same ID as the user ID. The fifth column lists the comment. Here we have the comment another test user. Then in the next column we find the home directory and in the 7th and last column we can see which shell is used when the user logs in. In this case bin bash. For some users we see something like that. Here user has been no log in bin false bin faults.
Normally there is also just aspin no login without user, but in this case I cannot find it. Okay, we have bin faults and we have user spin no login. This entry or these entries mean that this user cannot log in. All these users here, which were automatically created by the system for any tools, cannot log in. Which of course also makes sense because there are only system users under whose name certain applications run and nobody has to log in manually. Of course there are also exceptions. For example, if you install an Apache web server on a or a tomcat, there is also a tomcat user or an Apache user here. Suppose we just installed a tomcat, but for some reason it does start.
In this case you can change the entry as bin no log in of the user tomcat to bin bash in order to be able to log in as tomcat. And here you usually find out where the error is. For example by having no access to a certain directory that you need we can try that out with a test user. We will just edit the etsy password file and we change the entry here from bin to user as bin no login. I save that. And now we log in as test user and we get the message. This account is currently not available, so we can no longer log in as test user. And you can see, I’m still logged in as root. Another possibility to forbid the login of a user is the command chsh. Chsh stands for change shell.
The command does what it says, namely change a user’s shell. To change a user’s shell, use the s option. So in this case chshshsh and then bin bash test user. And now we should be able to log in again. Let’s try it out. This time it works. Another possibility instead of user as bin no log in would be bin. False. We had already seen this in the password foot file. See it SHS. And then bin fault test user. Sorry, I didn’t see that. I’m still logged in as test user now. And this time we don’t get an error message. But we cannot log in. You see here I’m still logged in as root. And let’s do it again with chshtest user. And now the login works again. You.
- groupadd, groupdel, etc-group, getent
We have now discussed everything that is user related. It is very similar with groups. To repeat with user ad we create a user and with group ad we create a group with group app group ad however, we don’t have to use as many options. Often group ad will use a g option with which we can specify a group ID. For example group at 600 test group in which file can we display the group? That would be the file at c group watch out. It’s called group which means singular and not groups plural. This is important and it may be that such a question is asked on the exam. And here we see the groups that are stored on the system. In the first column we find the group name.
So here test group. In the second column we find the x again and this is again the placeholder for a password. You can assign a password to the group. The p option would be used for this, but it is not recommended because a standard user might see the password in the process list encrypted, but you still want to avoid this. In the third column we see the group ID that we have just assigned. In the fourth column, which is empty. In this case we see the members of the corresponding group. Or maybe let’s look at this here the user group name Manuel. Here is the placeholder for the password. Here we have the group ID and here we have the members of the group.
And a member of this group is Thomas. The group mod command can be used to change the properties of groups.For users, it is user mod, which we will talk about in detail in another lesson. For groups it is group mod, so it’s very easy to remember. For example, we can change the group ID by entering group mod g 1700 for example and then test group. We check it with test group and here we have the confirmation the group ID was changed to 1700. With the n option you can change the group name. For example group n test group two test group the new group name is therefore mentioned before the current group name.
Okay, let’s check it again with test grab test group etsy group and here is the confirmation that the group is now called task group two. To delete a group, there is the group dell command, analogous to the user dell command group dell test group two and then here we can’t find the entry anymore. At the end of this lesson we come to the last command. That is the command getent getand accesses the etsy and a switch conf file. Let’s look at the file and we see various entries here, for example, also password group shadow gshadow, which is by the way, the file for the group passwords.
So shadow is for the user passwords g shadow is for the user password. So what we are currently dealing with. Let’s enter the following command password and you see the result is exactly the same as cat at the password. Getend is used, for example, when users are not created locally on the system, but rather via LDAP or Active Directory. So when the users are somewhere in the network on another server, which is standard in company networks, the address for the server and the corresponding file should then be in the admin CNS switch. com file and we could then access this with Getten.