Linux

Linux Users

Like Windows OS, Linux sytem having username for each user. A user can access the system by using username. Each user on Linux system is assigned a unique user identification number, also known as a UID. UIDs below 500 are reserved for system users such as the root user. When a user is added, a private user group is created, about group, will be discussed in group chapter.

Adding Users

In order to add a new user, use the useradd command. The basic syntax is useradd username. After creating user, create password for the user by using passwd username, password creation will unlock the account. Whenever a user is created then a directory of user with same name of user automatically created in /home directory
Example
# useradd mohit
# passwd mohit
enter unix password *****
retype *****
update successfully
You can see all option of useradd by using man command. If you create a user mohit open the home directory now you would see a directory mohit This (mohit) is the home directory of user mohit, user mohit have full permission to read, write Execute any this in this directory by default.

Super user can change the permission of any user even for his home directory.



Options of useradd

Here are some option of useradd

-d

-d use for change the location of home directory. By default, the user's home directory is /home/username (for example, if the login is game, the home directory would be /home/game). When creating a new user, the user's home directory gets created along with the user account. So if you want to change the default to another place, you can specify the new location with this parameter - for example, -d /home/ad/game.
User -d
change the location of home directory

-e expire-date

It is possible for an account to expire after a certain date. By default, accounts never expire. To specify a date, be sure to place it in MM/DD/YY format (specify 00 for the year 2000 for this system)-for example, use -e 06/05/2011 for the account to expire on june 05, 2011.
User -e
expire-date of user

-M

This option tells the command not to create the user’s home directory.
User -M
not to create the user's home directory
Consequently No directory named harsh found in below figure
User -M
No home directory is created for harsh

Similar readers you can try

-G

This option allows you to specify additional groups to which the new user will belong. If you use the -G option, you must specify at least one additional group. You can, however, specify additional groups by separating them with commas. For example, to add a user to the project and admin groups, you should specify -G project,admin.

-u uid

By default, the program will automatically find the next available UID and use it. If for some reason you need to force a new user's UID to be a particular value, you can use this option. Remember that UIDs must be unique for all users.

useradd command cannot do anything for existing user


Userdel

The userdel removes existing users. The userdel command use only one option.
Syntax
userdel [-r] username
if you use only username with userdel like userdel raj, all of the entries in the /etc/passwd and /etc/shadow files, and references in the /etc/group file, are automatically removed. If you use userdel -r raj all of the files owned by the user in his home directory are removed as well.

Modifying Users with usermod command

The usermode command used to modify the options for existing user.
Syntax
[root@localhost ~]#usermod <options> <username>
Now let us see the command with options

-L

This option lock a user's password. This puts a ! in front of the encrypted password in /etc/shadow file. Let us see the figure.
User -L
usermode to lock username

Open the /etc/shadow file it would be like this.
User -L
lock user in /etc/shadow

Red circle ! shows the lock user.

-U to unlock the user

This option unlock a user's password. This removes the ! in front of the encrypted password in /etc/shadow file.
User -U
-U to unlock the user

Again open the /etc/shadow file to know the status of user.
User -U
Unlock the user in /etc/shadow

No ! mark here means user is unlock.

-l to change the user name old to new

# usermod -l <new name> <old user name>
But this is not change the old use home directory home directory name remain same. You can see the effect of command by opening the file /etc/passwd.

-u uid

This option would give you the numerical value of the user's ID. See the below figure.
User -U
Shows the UID

You can check in the /etc/passwd file
User -U
Shows the UID in passwd file

Try -e expire_date and -c comment.
Open the /etc/passwd file.
User -U
Comment in /etc/shadow

The red rectangle is showing the comment field. Readers must see the man page of usermod command. And practice more switches or options.

Password Aging

Linux system provides another option chage for password age configuration.
To list current password aging values, use the chage -l <username> command. As shown in figure.
chage -l
Password Aging

-m mindays

This options sets the minimum amount of time permitted between password changes.
e.g
#chage -m 2 <username>
user can change his password for only 2 days.

-M max days

With the -M option, the value of maxdays is the maximum number of days during which a password is valid.

Parameter Description:
-d      Set the number of days since the password was last changed.
-E      Set the date the password will expire.
-I      Set the number of days of inactivity after the password expires to lock the account.
-m      Set the minimum number of days between password changes.
-W      Set the number of days before the password expires that a warning message appears.


passwd

The passwd command give quick and easy way to change just the password for a user. Any user in the system can change their own password, but only the root user has power to change someone else's password.
passwd
Change the password

Here wisdom user changed their password just simply by command passwd. Sometimes it give error if your password is very week, so use strong password.
Consider root(superuser) wants to change the password of normal user say wisdom. Type command
[root@localhost]# passwd <username>
Doesn't need to give old password. This is the power of superuser.
passwd
password changed by root

passwd -l

This option is used to lock the specified account and it available to root only. As shown in figure below. The root user lock the user mohit.
passwd -l
password locked by root

To verify this open the file /etc/shadow. It would be like this shown in figure below.
passwd -l
password locked by root in passwd file

passwd -u

This is the reverse of -l option, it unlock the password by removing the the ! prefix. How to use, shown in figure below.
passwd -u
password unlocked by root

Consequently effect on /etc/shadow file.
passwd -u
password unlocked by root in passwd file


/etc/passwd

Now let us discuss some points about /etc/passwd.
/etc/passwd
/etc/passwd
  1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root.
  4. Group ID (GID): The primary group ID. (stored in /etc/group file)
  5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell.

/etc/shadow

Now let us discuss some points about /etc/shadow.
/etc/shadow
/etc/shadow
  1. User name : It is your login name.
  2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits.
  3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed.
  4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password.
  5. Maximum: The maximum number of days the password is valid. (after that user is forced to change his/her password)
  6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed.
  7. Inactive : The number of days after password expires that account is disabled.
  8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.

Viewing login and process information

To view current and past login information , you can use one of the following commands:

last - Displays historical login information.
who - Displays information about currently logged in users.
w - Displays a user's currently running process.
use man page to know its options

In next page you will see the about Linux group




admin