Mar 18, 2015 | ADMINISTRATION, Fedora, Fedora Command, HOWTO, Learn and Teach, Linux Command, Operation System, SHELL
User and Group Management Tools
3.3. User and Group Management Tools
Managing users and groups can be tiresome; this is why Fedora provides tools and conventions to make this task easier to manage.
The easiest way to manage users and groups is through the graphical application,
User Manager(
system-config-users). For more information on
User Manager, refer to
Section 3.2, “User Manager Tool”.
The following command line tools can also be used to manage users and groups:
-
useradd, usermod, and userdel — Industry-standard methods of adding, deleting and modifying user accounts
-
groupadd, groupmod, and groupdel — Industry-standard methods of adding, deleting, and modifying user groups
-
gpasswd — Industry-standard method of administering the /etc/group file
-
pwck, grpck — Tools used for the verification of the password, group, and associated shadow files
-
pwconv, pwunconv — Tools used for the conversion of passwords to shadow passwords and back to standard passwords
3.3.1. Command Line Configuration
If you prefer command line tools or do not have the X Window System installed, use following to configure users and groups.
Adding a User
To add a user to the system:
-
Issue the useradd command to create a locked user account:
useradd username
-
Unlock the account by issuing the
passwd command to assign a password and set password aging guidelines:
passwd username
[ads1]
Table 3.1. useradd Command Line Options
| Option |
Description |
-c ‘comment‘ |
comment can be replaced with any string. This option is generally used to specify the full name of a user. |
-d home_directory |
Home directory to be used instead of default /home/username/. |
-e date |
Date for the account to be disabled in the format YYYY-MM-DD. |
-f days |
Number of days after the password expires until the account is disabled. If 0 is specified, the account is disabled immediately after the password expires. If -1 is specified, the account is not be disabled after the password expires. |
-g group_name |
Group name or group number for the user’s default group. The group must exist prior to being specified here. |
-G group_list |
List of additional (other than default) group names or group numbers, separated by commas, of which the user is a member. The groups must exist prior to being specified here. |
-m |
Create the home directory if it does not exist. |
-M |
Do not create the home directory. |
-N |
Do not create a user private group for the user. |
-p password |
The password encrypted with crypt. |
-r |
Create a system account with a UID less than 500 and without a home directory. |
-s |
User’s login shell, which defaults to /bin/bash. |
-u uid |
User ID for the user, which must be unique and greater than 499. |
Adding a Group
To add a group to the system, use the command groupadd:
groupadd group_name
Table 3.2. groupadd Command Line Options
| Option |
Description |
-f, --force |
When used with -g gid and gid already exists, groupadd will choose another unique gid for the group. |
-g gid |
Group ID for the group, which must be unique and greater than 499. |
-K, --key key=value |
Override /etc/login.defs defaults. |
-o, --non-unique |
Allow to create groups with duplicate. |
-p, --password password |
Use this encrypted password for the new group. |
-r |
Create a system group with a GID less than 500. |
Password Aging
For security reasons, it is advisable to require users to change their passwords periodically. This can be done when adding or editing a user on the Password Info tab of the User Manager.
Shadow passwords must be enabled to use chage
Table 3.3. chage Command Line Options
| Option |
Description |
-d days |
Specifies the number of days since January 1, 1970 the password was changed. |
-E date |
Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used. |
-I days |
Specifies the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires. |
-l |
Lists current account aging settings. |
-m days |
Specify the minimum number of days after which the user must change passwords. If the value is 0, the password does not expire. |
-M days |
Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the -d option is less than the current day, the user must change passwords before using the account. |
-W days |
Specifies the number of days before the password expiration date to warn the user. |
[ads2]
If the chage command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed interactively.
You can configure a password to expire the first time a user logs in. This forces users to change passwords immediately.
-
Set up an initial password — There are two common approaches to this step: the administrator can assign a default password, or he can use a null password.
To assign a default password, type the following at a shell prompt:
passwd username
To assign a null password instead, use the following command:
passwd -d username
Avoid using null passwords whenever possible
Using a null password, while convenient, is a highly insecure practice, as any third party can log in first and access the system using the insecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
-
Force immediate password expiration — Type the following command:
chage -d 0 username
This command sets the value for the date the password was last changed to the epoch (January 1, 1970). This value forces immediate password expiration no matter what password aging policy, if any, is in place.
Upon the initial log in, the user is now prompted for a new password.
3.3. User and Group Management Tools
3.3. User and Group Management Tools
[ads1]
Mar 18, 2015 | ADMINISTRATION, Fedora, Fedora Command, HOWTO, Linux Command, SHELL
3.3. User and Group Management Tools
3.3. User and Group Management Tools
Managing users and groups can be tiresome; this is why Fedora provides tools and conventions to make this task easier to manage.
The easiest way to manage users and groups is through the graphical application,
User Manager(
system-config-users). For more information on
User Manager, refer to
Section 3.2, “User Manager Tool”.
The following command line tools can also be used to manage users and groups:
-
useradd,usermod, anduserdel— Industry-standard methods of adding, deleting and modifying user accounts
-
groupadd,groupmod, andgroupdel— Industry-standard methods of adding, deleting, and modifying user groups
-
gpasswd— Industry-standard method of administering the/etc/groupfile
-
pwck,grpck— Tools used for the verification of the password, group, and associated shadow files
-
pwconv,pwunconv— Tools used for the conversion of passwords to shadow passwords and back to standard passwords
3.3.1. Command Line Configuration
If you prefer command line tools or do not have the X Window System installed, use following to configure users and groups.
Adding a User
To add a user to the system:
-
Issue theuseraddcommand to create a locked user account:
useradd username
-
Unlock the account by issuing the
passwdcommand to assign a password and set password aging guidelines:
passwd username
Table 3.1. useraddCommand Line Options
| OPTION |
DESCRIPTION |
-c ‘comment‘ |
commentcan be replaced with any string. This option is generally used to specify the full name of a user. |
-d home_directory |
Home directory to be used instead of default/home/username/. |
-e date |
Date for the account to be disabled in the format YYYY-MM-DD. |
-f days |
Number of days after the password expires until the account is disabled. If0is specified, the account is disabled immediately after the password expires. If-1is specified, the account is not be disabled after the password expires. |
-g group_name |
Group name or group number for the user’s default group. The group must exist prior to being specified here. |
-G group_list |
List of additional (other than default) group names or group numbers, separated by commas, of which the user is a member. The groups must exist prior to being specified here. |
-m |
Create the home directory if it does not exist. |
-M |
Do not create the home directory. |
-N |
Do not create a user private group for the user. |
-p password |
The password encrypted withcrypt. |
-r |
Create a system account with a UID less than 500 and without a home directory. |
-s |
User’s login shell, which defaults to/bin/bash. |
-u uid |
User ID for the user, which must be unique and greater than 499. |
Adding a Group
To add a group to the system, use the commandgroupadd:
groupadd group_name
Table 3.2. groupaddCommand Line Options
| OPTION |
DESCRIPTION |
-f,--force |
When used with-g gidandgidalready exists,groupaddwill choose another uniquegidfor the group. |
-g gid |
Group ID for the group, which must be unique and greater than 499. |
-K,--key key=value |
Override/etc/login.defsdefaults. |
-o,--non-unique |
Allow to create groups with duplicate. |
-p,--password password |
Use this encrypted password for the new group. |
-r |
Create a system group with a GID less than 500. |
Password Aging
For security reasons, it is advisable to require users to change their passwords periodically. This can be done when adding or editing a user on the Password Info tab of the User Manager.
Shadow passwords must be enabled to use chage
Table 3.3. chageCommand Line Options
| OPTION |
DESCRIPTION |
-d days |
Specifies the number of days since January 1, 1970 the password was changed. |
-E date |
Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used. |
-I days |
Specifies the number of inactive days after the password expiration before locking the account. If the value is0, the account is not locked after the password expires. |
-l |
Lists current account aging settings. |
-m days |
Specify the minimum number of days after which the user must change passwords. If the value is0, the password does not expire. |
-M days |
Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the-doption is less than the current day, the user must change passwords before using the account. |
-W days |
Specifies the number of days before the password expiration date to warn the user. |
chage interactivity
If thechagecommand is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed interactively.
You can configure a password to expire the first time a user logs in. This forces users to change passwords immediately.
-
Set up an initial password — There are two common approaches to this step: the administrator can assign a default password, or he can use a null password.
To assign a default password, type the following at a shell prompt:
passwd username
To assign a null password instead, use the following command:
passwd -d username
Avoid using null passwords whenever possible
Using a null password, while convenient, is a highly insecure practice, as any third party can log in first and access the system using the insecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
-
Force immediate password expiration — Type the following command:
chage -d 0 username
This command sets the value for the date the password was last changed to the epoch (January 1, 1970). This value forces immediate password expiration no matter what password aging policy, if any, is in place.
Upon the initial log in, the user is now prompted for a new password.
3.3. User and Group Management Tools
3.3. User and Group Management Tools
تحرير
Mar 18, 2015 | Uncategorized
User and Group Management Tools
Managing users and groups can be tiresome; this is why Fedora provides tools and conventions to make this task easier to manage.
The easiest way to manage users and groups is through the graphical application,
User Manager(
system-config-users). For more information on
User Manager, refer to
Section 3.2, “User Manager Tool”.
The following command line tools can also be used to manage users and groups:
-
useradd, usermod, and userdel — Industry-standard methods of adding, deleting and modifying user accounts
-
groupadd, groupmod, and groupdel — Industry-standard methods of adding, deleting, and modifying user groups
-
gpasswd — Industry-standard method of administering the /etc/group file
-
pwck, grpck — Tools used for the verification of the password, group, and associated shadow files
-
pwconv, pwunconv — Tools used for the conversion of passwords to shadow passwords and back to standard passwords
3.3.1. Command Line Configuration
If you prefer command line tools or do not have the X Window System installed, use following to configure users and groups.
Adding a User
To add a user to the system:
-
Issue the useradd command to create a locked user account:
useradd username
-
Unlock the account by issuing the
passwd command to assign a password and set password aging guidelines:
passwd username
[ads1]
Table 3.1. useradd Command Line Options
| Option |
Description |
-c ‘comment‘ |
comment can be replaced with any string. This option is generally used to specify the full name of a user. |
-d home_directory |
Home directory to be used instead of default /home/username/. |
-e date |
Date for the account to be disabled in the format YYYY-MM-DD. |
-f days |
Number of days after the password expires until the account is disabled. If 0 is specified, the account is disabled immediately after the password expires. If -1 is specified, the account is not be disabled after the password expires. |
-g group_name |
Group name or group number for the user’s default group. The group must exist prior to being specified here. |
-G group_list |
List of additional (other than default) group names or group numbers, separated by commas, of which the user is a member. The groups must exist prior to being specified here. |
-m |
Create the home directory if it does not exist. |
-M |
Do not create the home directory. |
-N |
Do not create a user private group for the user. |
-p password |
The password encrypted with crypt. |
-r |
Create a system account with a UID less than 500 and without a home directory. |
-s |
User’s login shell, which defaults to /bin/bash. |
-u uid |
User ID for the user, which must be unique and greater than 499. |
Adding a Group
To add a group to the system, use the command groupadd:
groupadd group_name
Table 3.2. groupadd Command Line Options
| Option |
Description |
-f, --force |
When used with -g gid and gid already exists, groupadd will choose another unique gid for the group. |
-g gid |
Group ID for the group, which must be unique and greater than 499. |
-K, --key key=value |
Override /etc/login.defs defaults. |
-o, --non-unique |
Allow to create groups with duplicate. |
-p, --password password |
Use this encrypted password for the new group. |
-r |
Create a system group with a GID less than 500. |
Password Aging
For security reasons, it is advisable to require users to change their passwords periodically. This can be done when adding or editing a user on the Password Info tab of the User Manager.
Table 3.3. chage Command Line Options
| Option |
Description |
-d days |
Specifies the number of days since January 1, 1970 the password was changed. |
-E date |
Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used. |
-I days |
Specifies the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires. |
-l |
Lists current account aging settings. |
-m days |
Specify the minimum number of days after which the user must change passwords. If the value is 0, the password does not expire. |
-M days |
Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the -d option is less than the current day, the user must change passwords before using the account. |
-W days |
Specifies the number of days before the password expiration date to warn the user. |
[ads2]
If the chage command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed interactively.
You can configure a password to expire the first time a user logs in. This forces users to change passwords immediately.
-
Set up an initial password — There are two common approaches to this step: the administrator can assign a default password, or he can use a null password.
To assign a default password, type the following at a shell prompt:
passwd username
To assign a null password instead, use the following command:
passwd -d username
Using a null password, while convenient, is a highly insecure practice, as any third party can log in first and access the system using the insecure username. Always make sure that the user is ready to log in before unlocking an account with a null password.
-
Force immediate password expiration — Type the following command:
chage -d 0 username
This command sets the value for the date the password was last changed to the epoch (January 1, 1970). This value forces immediate password expiration no matter what password aging policy, if any, is in place.
Upon the initial log in, the user is now prompted for a new password.
3.3. User and Group Management Tools
3.3. User and Group Management Tools
[ads1]
Mar 18, 2015 | delete user, Fedora Command, finger command, Linux Command, remove user, system management commands, userdel command
Delete user, remove user on Linux Fedora, using userdel command
The deluser command can be very useful to remove user account or todelete user account on Linux Fedora machine. The article below show the step by step to remove user or some say to delete user for Linux Fedora machine.
Command use:
# finger [username] <– Verify user account on the Linux system
# userdel [username] <– Remove user account from Linux system
# userdel -r [username] <– Delete user account, remove home directory including their files and remove mail spool
Verify the existents of user with username john on the system:
[root@fedora ~]# finger john
Login: john Name: (null)
Directory: /home/john Shell: /bin/bash
Never logged in.
No mail.
No Plan.
[root@fedora ~]#
Remove user account or delete user account.
[root@fedora ~]# userdel john
[root@fedora ~]#
Remove user or delete user account along with their user home directory and user mail spool.
[root@fedora ~]# userdel -r john
[root@fedora ~]#
Verify the user deleted from the system.
[root@fedora ~]# finger john
finger: john: no such user.
[root@fedora ~]#
Sorry mate: No deluser command available right now… maybe soon…
[root@fedora ~]# deluser
-bash: deluser: command not found
[root@fedora ~]#
