Manage Local Users and Groups - RHCSA (RH124)
0 likes3,029 views
The document covers user and group management in a system, detailing the different types of users, their permissions, and account management commands. It includes instructions on creating, modifying, and deleting users and groups, as well as managing passwords and permissions. Additionally, it discusses the configuration of elevated privileges through the sudoers file and user authentication logging.
![To display the username of the current user
● Command: whoami
Add a new User (or Regular User account)
● Command: useradd-c ‘<user_info’ <user_name> OR
adduser <user_name> [works in Debian based dist.]
Machine Name (Hostname)
Managing Users](https://image.slidesharecdn.com/03-managelocalusersandgroups-240919005605-4c23a417/85/Manage-Local-Users-and-Groups-RHCSA-RH124-8-320.jpg)
![List or change user password expiry information (-l to list the info)
● Command: chage [options] <user_name>
Machine Name (Hostname)](https://image.slidesharecdn.com/03-managelocalusersandgroups-240919005605-4c23a417/85/Manage-Local-Users-and-Groups-RHCSA-RH124-21-320.jpg)
![Modify group properties (add user1,student using-U in student_group)
● Command: groupmod [options] <group_name>
Verify by getent group command whether users added or not
● Command: getent group <group_name>
Machine Name (Hostname)](https://image.slidesharecdn.com/03-managelocalusersandgroups-240919005605-4c23a417/85/Manage-Local-Users-and-Groups-RHCSA-RH124-26-320.jpg)
Manage Local Users and Groups - RHCSA (RH124)
- 1. Manage Local Users and Groups
- 3. Root User System User Regular User Purpose Full Administrative access Run specific system services/processes General user activities UID Range 0 1 to 999 1000 and above Home Dir /root Typically none or service specific /home/username Login Shell /bin/bash or other Usually /usr/sbin/nologin or /bin/false /bin/bash or other login shells Permissions Unlimited, Full system access Limited to specific services Limited to user specific actions Creation & Management Default user created during installation and managed by system admin Created and managed by system or package installation scripts Created and managed by system admin for general use Example root ‘Chrony’, ‘systemd-oom’ ‘User1’ , ‘coder’
- 4. ○ Managing Users (Creating, modifying, and deleting) ○ Managing passwords ○ Group memberships ○ Setting file/directories permissions ○ Granting Elevated privileges ○ User Login User Account Management
- 5. lists all known users on the system with detailed information ● Command: lslogins Machine Name (Hostname) List all Users
- 6. -s option is used with lslogins to display system accounts(UID < 1000 by default). ● Command: lslogins-s Machine Name (Hostname) List System Users
- 7. Machine Name (Hostname) -u option is used with lslogins to list all user accounts including root (UID >= 1000 by default). ● Command: lslogins-u List Root & Regular Users
- 8. To display the username of the current user ● Command: whoami Add a new User (or Regular User account) ● Command: useradd-c ‘<user_info’ <user_name> OR adduser <user_name> [works in Debian based dist.] Machine Name (Hostname) Managing Users
- 9. Checking Current Users ● Command: cat /etc/passwd
- 10. /etc/passwd : User account info file Note : "x" placeholder denotes that the encrypted password is stored in the /etc/shadow file for security.
- 11. Display user and their group information ● Command: id <user_name>
- 12. Modify user account properties (-s is to change the user's login shell) ● Command: usermod-s <new_shell> <user_name> Machine Name (Hostname)
- 13. Use-d with usermod command to change the user's home directory ● Command: usermod-d <new_dir> <user_name>
- 14. Add a user to a secondary group (-aG is used to append a user to additional groups without removing them from their existing groups) ● Command: usermod-aG <group_name> <user_name>
- 15. Delete user(-r is used for deleting user along with its home directory and mail spool) ● Command: userdel-r <user_name>
- 16. Add user with all parameters set ● Command: useradd-g testers-s /bin/bash-c 'John Doe'-m -d /home/john john ● -g testers: Assigns the user to the "testers" group. ● -s /bin/bash: Sets the default shell to Bash. ● -c 'John Doe': Adds a comment (full name) for the user. ● -m: Creates a home directory for the user. ● -d /home/john: Specifies the home directory. ● john: Username of the new user.
- 17. Set or change user password ● Command: passwd <user_name> OR ● Command : echo ‘<user_name>:<password>’ | chpasswd Managing Password
- 18. ● Checking Users password ○ Command: cat /etc/shadow ● Placeholder '!' for No Password ● Stores hashed passwords with salt ● Salt adds randomness to hashed passwords
- 21. List or change user password expiry information (-l to list the info) ● Command: chage [options] <user_name> Machine Name (Hostname)
- 22. ● Users Sharing Common Permissions User Groups
- 23. lists all groups on the system ● Command: getent group Machine Name (Hostname) List all groups
- 24. ● Primary Group: For ‘student’ and ‘user1’ primary groups are there with same name ● Secondary Group: ‘student_group’ is another group which has two users ‘student’ and ‘user1’
- 25. Create a new group ● Command: groupadd <group_name> Verify group creation by retrieving group information ● Command: getent group <group_name> Machine Name (Hostname)
- 26. Modify group properties (add user1,student using-U in student_group) ● Command: groupmod [options] <group_name> Verify by getent group command whether users added or not ● Command: getent group <group_name> Machine Name (Hostname)
- 27. ● /etc/group file : Stores group information like group names and IDs
- 28. Delete a group & verify by getent group command ● Command: groupdel <group_name> Machine Name (Hostname)
- 29. ● Access controls: ○ Who can access a file or directory. ○ What actions they can perform on them. File/Directory Permission
- 30. Change group ownership of files ● Command: chgrp <user_name> Machine Name (Hostname)
- 31. ● Authorizing users to perform administrative tasks or run all commands Granting Elevated privileges Verify whether user have sudo access or not ● Command: sudo-l-U <user_name>
- 32. ● Sudoers file in Linux specifies who can run commands with elevated privileges. ● Edit sudoers file using vi editor ○ Command: vi /etc/sudoers
- 33. ● Find this section ● Add your user in same format and save the file
- 34. ● student : Specifies the user granted sudo privileges ● ALL: Allows sudo on any host ● ALL : Permits running commands as any user ● ALL: Authorizes execution of any command.
- 35. ● Verify whether user got sudo access or not
- 36. ● /etc/login.defs : used for configuring global user authentication settings, such as password aging, login restrictions, and default user environment settings. User Login
- 38. User Login Switch user ● Command : su-<user_name>
- 39. ● /var/log/secure: Logs authentication-related events, including login attempts and authentication activities. ● All login , logout and authentication failures events are logged. Logs