RH033 3. USER ADMINISTRATION LINUX

There are three basic types of Linux user accounts: administrative (root), regular, and service.

The Linux administrative root account is automatically created when you install Linux, and it has administrative privileges for all services on Linux Operating System. The root account is also known as super user

Regular users have the necessary privileges to perform standard tasks on a Linux computer such as running word processors, databases, and Web browsers. They can store files in their own home directories. Since regular users do not normally have administrative privileges, they cannot accidentally delete critical operating system configuration files.

Services such as Apache, Squid, mail, games, and printing have their own individual service accounts. These accounts exist to allow each of these services to interact with your computer.

Each user on a Red Hat Enterprise Linux system is assigned a unique user identification number, also known as a UID. UIDs below 500 are reserved for system users such as the root user and service users.

uid is unique num given to user, gid is unique num given to group. Whnever u add a user, automatically group is created in his name.


                         uid                    gid
root                      0                              0
systemuser      1-499                    1-499
normaluser      500 onwards   500 onwards



USER ADD COMMAND :


* Creating user with all the default options, and with his own group.


#  useradd suma
#  passwd   suma


Create user with    changing  the default shell from /bin/bash to /bin/sh during user creation.

useradd -s  /bin/sh   sumaramesh


Create user with    changing  the default  homedirectory shell from  /home/sumaramesh  to   /home/suma  during user creation.

useradd -d /home/suma  sumaramesh


Create user with    comments   during user creation.

useradd -c  'Suma is Admin' sumaramesh





When user is added it updates 4 files automatically  /etc/passwd,/etc/group,/etc/shadow,/etc/gshadow. Lets understand  fields of those  files....

* Understanding fields of  /etc/passwd

sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin

Sabayon:  Username:   It is used when user logs in. It should be between 1 and 32 characters in length.


x  :Password:  An x character indicates that encrypted password is stored in /etc/shadow file.

86 : User ID: Each user must be assigned a user ID (UID). 

86 :  Group ID (GID): The primary group ID (stored in /etc/group file)

sabayon user:Comment field: It allow you to add extra information about the users such as user's full name, phone number etc.

/home.sabayon:   Home directory:  The absolute path to the directory the user will be in when they log in. 

/sbin/nologin:  Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell.





* Understanding fields of  /etc/shadow

suma_ramesh:$1$HsgHRhZb$66kEfE.ts1ZfrLHNL95v./:13543:0:99999:7:::


suma_ramesh   User name : It is your login name
1$HsgHRhZb$66kEfE.ts1ZfrLHNL95v             

Password:   It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits 

13543:Last password change. Days since Jan 1, 1970 that password was last changed

0 :  Minimum: The number of days left before the user is allowed to change his/her password 99999                                                                                  
Maximum:The maximum number of days the password is valid (after that user is forced to change his/her password)

7 :   Warn : The number of days before password is to expire that user is warned that his/her password must be changed

::   Inactive :   The number of days after password expires that account is disabled 

::   Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used






* Understanding fields of  /etc/group.

suma_ramesh:x:sumaramesh:ramesh,rajesh



suma_rameshgroup_name:  It is the name of group. If you run ls -l command, you will see this name printed in the group field

:x:  Password:  Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups

sumaramesh Group ID (GID):  Each user must be assigned a group ID. You can see this number in your /etc/passwd file.

ramesh,rajesh Group List:  It is a list of user names of users who are members of the group. The user names, must be separated by commas.



* Understanding fields of  /etc/gshadow
    
suma_ramesh:x:sumaramesh:ramesh,rajesh

suma_ramesh  Group name    The name of the group. Used by various utility programs as a human-readable identifier for the group. Encrypted password            

 x The encrypted password for the group. 

sumaramesh Group administrators    Group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command. 

ramesh,rajesh Group members    Group members listed here (in a comma delimited list) are regular, non-administrative members of the group.


No comments:

Post a Comment