Users and Groups management in Linux (Redhat/CentOS/Fedora)

Users and Groups management in Linux (Redhat/CentOS/Fedora)

Target Audience: Technical people who knew or already know (to some extent) - just wanna review

Yes, from my history

622 echo "dec 25th, 2017 - sayed"


User and password related files

623 cat /etc/passwd
624 cat /etc/shadow
625 cat /etc/group
626 cat /etc/gshadow

There are some backup files for them as well
629 cat /etc/passwd-
630 cat /etc/group-
631 cat /etc/shadow-
632 cat /etc/shadow-
633 cat /etc/gshadow-

try to understand the format of the passwd, shadow, and group files

passwd file format: userid: password - or password space holder:user id: group id: comments: user home directory: user shell

shadow file format: userid : encrypted password: password last changed in timestamp format: min days - min days the password must be ket before changing: max days - max days the current password can be kept: warn days - user will get warning to change password: inactive days - how many inactive days allowed: disable days - account expiry date: not used field - kept for future use

cat /etc/group

format for /etc/group file: group name: password place holder: group id: group members - comma seprated

cat /etc/gshadow

gshadow file format: group name: encrypted group password: group admins: group members

why group password? when we want to restrict users to  assign them to the groups

cat /etc/login.defs
647 vim /etc/login.defs
648 /etc/login.defs : defines default values for users and groups - some of these values are used at the time of user and group creation and modifications - i.e. some values are taken from this file (when not specified at creation/modification time)

649 pwck checks for integrity among user/permission related files
650 pwck
651 grpck

653 vipw -> passwd file: lock for others and read-only for others. admins use this command


655 cat /etc/sudoers
656 users or groups can be defined in /etc/sudoers file who can run commands with su or sudo
657 vim /etc/sudoers


658 su user1 (switch user)
659 usermod -G wheel user1  (assign users to groups)
660 user1 is added to wheel group. wheel is a sudo group
661 su user1


Graphical user management tool:

662 system-config-users


663 managing groups
664 groupadd, groupmod, groupdel
665 groupadd -g 5000 linuxadm
666 groupadd -o -g 5000 sales
667 groupmod -n mgmt sales
668 groupmod -g 6000 linuxadm
669 usermod -a -G linuxadm user1

672 id user1
673 su user1
674 groupdel mgmt
675 gpasswd -> add admins to groups, group password assign/change, add users to groups and similar
676 gpasswd -A user1, user20new linuxadm

681 gpasswd -a user20new, user1 linuxadm

684 su user20new


Needed some adjustments for the user: user20new, it was locked,  shell was assigned to /sbin/nologin
685 usermod -U user20new (unlock user)
686 gpasswd -a user20new, user1 linuxadm
687 grep user20new /etc/passwd
688 usermod -s /bin/sh user20new
689 gpasswd -a user20new, user1 linuxadm
690 grep user20new /etc/passwd
691 cat /etc/passwd
692 usermod -s /bin/bash user20new
693 su user20new


694 gpasswd -a user20new, user1 linuxadm
696 su - user20new
697 su user1
699 su -

713 vipw
714 ls /etc/passwd.edit
715 pwck
716 grpchk
717 grpck
719 vigr
720 vigr -s


//enable disable shadow files

721 pwconv
722 cat /etc/passwd
723 pwunconv
724 cat /etc/passwd
725 pwunconv : do not use shadow file : move passwords back to passwd file
726 pwconv
727 cat /etc/passwd
728 grpconv
729 grpunconv
730 cat /etc/gshadow
731 cat /etc/group
732 grpconv
733 cat /etc/gshadow

cat in the above lines was to check - if the changes wee done or not


734 user related commands: useradd, usermod, userdel, chage, passwd
735 cat /etc/default/useradd
736 cat /etc/login.defs

See defaults
738 useradd -D
739 change default user home directory location
740 useradd -D -b /usr/home
741 useradd -D
742 useradd -D -b /home
743 useradd -D
744 useradd -D -b /usr/home

745 grep ^# /etc/login.defs
746 grep -v ^# /etc/login.defs
747 grep -v ^# /etc/login.defs > show-lines-from-login.defs-that-does-not-start-with-#--comment lines will not be shown
748 grep -v ^# /etc/login.defs | grep -v ^$
749 grep -v ^# /etc/login.defs
750 grep -v ^# /etc/login.defs | grep -v ^$



751 useradd user2
752 mkdir -p /usr/home
753 useradd user2
754 useradd user20
755 passwd user20
756 cd /etc; grep user20 passwd shadow group gshadow
757 useradd -u 5000 -g 5000 -m -d /home/user30 -k /etc/skel -s /bin/bash user30
758 useradd -u 5000 -g 1000 -m -d /home/user30 -k /etc/skel -s /bin/bash user30
759 create user with no login: just point shells to no login
760 useradd -s /sbin/nologin user40
761 su - user40
762 su user40


changing: min days, max days, expiry, and password

763 passwd -n 7 -x 28 -w 8 user20
764 chage -l user20
765 chage -m 10 -M 30 -W 7 -E 2017-12-31 user30
766 chage -l user30


767 modifying users
768 usermod -u 2000 -m -d /home/user20new -s /sbin/nologin -l user20new user20
769 grep user20new /etc/passwd
770 chage -l user30
771 chage -l user20
772 chage -l user20new
773 chage -d 0 -m 5 -E -1 user30
774 chage -l user30

775 lock a user
776 usermod -L user20
777 usermod -L user20new

778 userdel -r user30
781 usermod -U user20new

782 su user1
784 usermod -U user20new


//assign users to groups

785 gpasswd -a user20new linuxadm
786 gpasswd -a user1 linuxadm

787 useradd user4
788 passwd user4
789 gpasswd -M user4 linuxadm


791 cat /etc/group
792 gpasswd -M : replace existing group members with the new user assigned
793 set group password
794 gpasswd linuxadm
795 groups
796 su user4


800 su user4
801 newgrp the user can execute this to change primary group

802 important shell startup files : /etc/bashrc /etc/profile /etc/profile.d

Series Navigation<< NTP related commands/LinuxOn File Systems and Linux Commands (Redhat/CentOs/Fedora) >>

Permanent link to this article:

%d bloggers like this: