Modifying



4910455-3175009525078105mobile itnTSolutions, LLC.00mobile itnTSolutions, LLC.4572002857500Linux Systems AdministratorProgramClass Notes:“Working with Users, Groups, and Permissions”Part II00Linux Systems AdministratorProgramClass Notes:“Working with Users, Groups, and Permissions”Part IIWorking with Users, Groups, and Permissions – Part IIModifying and Deleting User Accounts:By this time you know how to create a user , therefore , modifying an existing user account is simple as wellThe "usermod" command is used for this purposeIt employs many of the same options that are used with "useradd " oExample : usermod -g 101 linda(sets the new primary group ofuser linda to a group with the unique ID 101)usermod options: Current Home directory# grep -E --color '/home/usrname' /etc/passwdChange home directory:# usermod -m -d /usr/usrname usrnamechange home directory from whatever it was to "/usr/home/"Check the current account expiry status using the "chage" (change user password expiry information) command:# chage -l usrnameChange expiry Status of a User# usermod -e 2016-05-01 usrnameChange User Primary Groupcheck current group: # id usrnameSet "babin" as primary group: # usermod -g babin usrnameAdd Group to existing User:# usermod -G newGrp usrnameAppend another Group to User (keeps current Group as well):# usermod -a -G newGrp usrnameChange User Login Name:# usermod -l newusrname oldusrnameNow check change: # id newusernameLock User Account:# usermod -L usrnamecheck for locked acct: # grep -E --color 'usr' cat /etc/shadowan "!" signifies account is lockedUnlock User Account:# usermod -U usrnameMove User Home Directory to New Location:check acct/current home dir: grep -E --color 'usr' /etc/passwdlist files owned by usr: ls -l /home/usr/Now move home directory from old to new location:# usermod -d /var/usr/ -m usrnameNext, verify chg: # grep -E --color 'usr' /etc/passwdcheck it: ls -l /var/usr/home/usr/Create Un-encrypted Password for User:This shows the password in the /etc/shadow file# usermod -p redhat usrnamecheck: # grep -E --color 'usrname' /etc/shadowChange User Shellto change usr from /bin/bash to /bin/sh:# grep -E --color 'usr' /etc/passwd# usermod -s /bin/sh usrAFter changing user shell.. verify:# grep -E --color 'usr' /etc/passwdChange User ID(UID):Verify: # grep -E --color 'usr' /etc/passwd OR # id usrChange the UID: # usermod -u 888 usrverify change: # id usrcheck for the group which all "usr" been member:# grep -E --color 'usr' /etc/groupchange UID and GID of a User:# usermod -u 666 -g 777 usrverify change: # id usrAnother command that will be occasionally needed is the "userdel " commandUse this command to delete accounts from your serverExample :userdel linda (deletes user linda from your system)However , if used this way , userdel will leave the home directory of your user untouchedThis may be necessary to ensure that your company still has access to the work of a user : however , it may be necessary to delete the user 's home directory as wellTo do so, use the -r option with "userdel" commandHowever , if there are files that are not owned by user"linda" in this home directory , "userdel" can 't remove itTo fix this, add the -f option(this will make sure that all files are removed from the home directory , even if the specified user being deleted does not own the filesExample : userdel -rf lindaBut what about other files created in other directories on your system... How would you remove them?Use the find command to locate all files and remove them : f ind I-user "linda" -exec rm { } \ ;Not really a good option to do as soon as a user leaves and no longer needs a user account.. could cause problems later on, if files the user created were needed by your company for whatever reason .Another option would be to copy the files somewhere and allow enough time to pass before deleting themUse: f ind I-user "linda" -exec mv { } / trash/ linda\;The following command finds all files created by linda and mv to the /trash/linda created directoryBehind the Commands : Configuration Files:In the previous section, you learned all of the commands required to manage users from a console/terminal environmentThese commands also put all user-related information in some configuration filesA configuration file is also used for default settings that are applied when managing the user environmentThe goal is to give you some general knowledge into the use of these files:/etc/passwd:The 1st and probably the most important , of all user-related configuration filesThis file is the primary database where user information is storedThe most important user properties are stored in this fileSee file Below :Users in /etc/passwdDifferent fields are used in /etc/passwdFields are separated with a colonLet me break it down : oUsername :The user 's login name is stored in the first field .In older UNIX versions , there was a maximum -length limitation on login names (8 characters)In modern Linux distros , this limitation no longer existsPassword :In old days of UNIX , encrypted passwords were stored in this file... No longer does that exist because it posed a security risk ..passwords are stored in the configuration file "/etc/shadow"UID :As you have already learned , every user has a unique user ID?GID :Red Hat starts numbering local user IDs at 500 and typically the highest number that is used is 60000Every user has a primary group.. the group ID of this primary group is listed thereOn Red Hat , every user is also a member of a private group that has the name of the userGECOS:The General Electric Comprehensive Operating System (GECOS) field is used to include some additional information about the user .This field can contain anything you like, such as user department, phone number , etcThis is an optional field Directory:Home DirectoryThis field points to the directory of the user 's home directoryShell :The last field in /etc/passwd is used to refer to the program that is started automatically when a user logs in... most often this will be /bin/bashFor the administrator , it is perfectly acceptable to edit /etc/passwdand the related file /etc/shadow manually.Make sure to use the "vipw" command to edit the files to prevent locking issues if other users or commands are editing the files at the same timeTo check the integrity of any of these two files, use the "pwck " command ..oShow exampleNext :/etc/shadow:The encrypted user passwords are stored in /etc/shadowInfo related to password expiry is also kept hereDisplaying user information in /etc/shadow:As in "/etc/passwd ", the lines in "/etc/shadow are also organized in different fields .For most administrators , only the first two fields matter oThe ist field is used to store the name of the user0The2 nct field is used to store the encrypted passwordIn the encrypted password field, a ! and an * can be used. If an ! is used, login is currently disabledIf an * is used, it is a system account that can be used to start services, but that is not allowed for interactive shell loginBy default, an encrypted password is stored there, but it is also possible to store a non-encrypted password/etc/login .defs :This is a configuration file that relates to the user environment but is used completely in the backgroundSome generic settings are defined in this configuration file oThese settings determine all kinds of information relating tothe creation of usersYou 'll find variables that specify the default values used when users are createdlogin.defs contains variables that are used when users are createdExercise Time:Creating Users ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download