UNIX Sysadmin Boot Camp: User ManagementPosted by Ryan Robson in SoftLayer, Technology, Tips and Tricks
Now that you’re an expert when it comes to bash, logs, SSH, and passwords, you’re probably foaming at the mouth to learn some new skills. While I can’t equip you with the “nunchuck skills” or “bowhunting skills” Napoleon Dynamite reveres, I can help you learn some more important — though admittedly less exotic — user management skills in UNIX.
The root user — also known as the “super user” — has absolute control over everything on the server. Nothing is held back, nothing is restricted, and anything can be done. Only the server administrator should have this kind of access to the server, and you can see why. The root user is effectively the server’s master, and the server accordingly will acquiesce to its commands.
Broad root access should be avoided for the sake of security. If a program or service needs extensive abilities that are generally reserved for the root user, it’s best to grant those abilities on a narrow, as-needed basis.
Creating New Users
Because the Sysadmin Boot Camp series is geared toward server administration from a command-line point of view, that’s where we’ll be playing today. Tasks like user creation can be performed fairly easily in a control panel environment, but it’s always a good idea to know the down-and-dirty methods as a backup.
useradd command is used for adding users from shell. Let’s start with an example and dissect the pieces:
useradd -c "admin" -d /home/username -g users\ -G admin,helpdesk -s\ /bin/bash userid
-c "admin" – This command adds a comment to the user we’re creating. The comment in this case is “admin,” which may be used to differentiate the user a little more clearly for better user organization.
-d /home/username – This block sets the user’s home directory. The most common approach is to replace
username with the username designated at the end of the command.
-g users\ – Here, we’re setting the primary group for the user we’re creating, which will be
-G admin,helpdesk – This block specifies other user groups the new user may be a part of.
-s\ /bin/bash userid – This command is in two parts. It says that the new user will use
/bin/bash for its shell and that
userid will be the new user’s username.
Root is the only user that can change other users’ passwords. The command to do this is:
If you are a user and want to change your own password, you would simply issue the
passwd command by itself. When you execute the command, you will be prompted for a new entry. This command can also be executed by the root user to change the root password.
The command for removing users is
userdel, and if we were to execute the command, it might look like this:
userdel -r username
–r designation is your choice. If you choose to include it, the command will remove the home directory of the specified user.
Where User Information is Stored
/etc/passwd file contains all user information. If you want to look through the file one page at a time — the way you’d use
/p in Windows — you can use the
Keep in mind that most of your important configuration files are going to be located in the
/etc folder, commonly spoken with an “et-see” pronunciation for short. Each line in the
passwd file has information on a single user. Arguments are segmented with colons, as seen in the example below:
Argument 1 –
username – the user’s username
Argument 2 –
password – the user’s password
Argument 3 –
12345 – the user’s numeric ID
Argument 4 –
12345 – the user group’s numeric ID
Argument 5 –
"" – where either a comment or the user’s full name would go
Argument 6 –
/home/username – the user’s home directory
Argument 7 –
/bin/bash – the user’s default console shell
Now that you’ve gotten a crash course on user management, we’ll start going deeper into group management, more detailed permissions management and the way shadow file relates to the
passwd usage discussed above.