Manage Users and Groups Flashcards

1
Q

create a new user

A
#useradd user1    by default a home directory is created under /home
#useradd -c "Full name" user1
# useradd -s /bin/tcsh user2  change user's shell
# useradd -c "full name" -d /home/location user   change user's home directory location
#useradd -G wheel bob   add bob the wheel's group as the account is created
#useradd -u 504 -g 505 bob   add user bob with uid 504 and GID 505, the gid must already exist
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

delete a user

A
# userdel user1    by default userdel doesn't remove the home directory, nor delete mailbox
#userdel -r user1   removes user's home directory & mailbox
# userdel -f bob   also remove home directory & mail spool even if the user is logged on
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

modify user’s account using usermod

A
usermod uses some of the same commands as useradd
#usermod -c "full name" user2
#usermod -s /bin/bash bob  change bob's shell to bash
#usermod -a -G sales bob  modify bob to be in the sales group
#usermod -l usr user  change the name of a user account(from usr-user)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How to add/remove/modify users from the GUI

A
You might need to install it first
# yum -y install system-config-users
# system-config-users
or from the GUI
System -> Administration -> users & groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

change user’s password

A
#useradd -p test123 newUser    create user with a password
#passwd user   change user's password
account is disabled if no password is provided
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

locking and unlocking a local user’s account

A
#passwd -l user   to lock a user's account
#passwd -u user  to unlock a user's account
#usermod -L username   locks an account
#usermod -U username  unlocks an account
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Setting user’s password expiration

A
By default there is no expiration set for a user's password, but you can set that using the chage command
#chage -M 90 user1    set password expiration to 90 days(user must change in 90 days)
#change -E 2012-5-25 user   set expiration for a user on a specific day
You can also use the passwd command to set expiration for a user's password
#passwd -x 30 user  set password to expire in 30 days
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Other chage commands

A
#chage -l user   check a user's policy
Also this command will let you see the status of an account
     #passwd -S user
#chage -w 2 user   set warning to 2 days prior to password expiration
#change -m 10 user  allow a user to change their password every 10 days and no more. 
#chage -d 0 user  apply immediate expiration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

chage command line options and meanings

A
  • m -> specifies the minimum number of days between which the user must change password. if the value is 0, the password does not expire
  • M -> specifies the maximum number of days for which the password is valid
  • d -> specifies the number of days since Jan 1 1970 the password was changed
  • I -> specifies the number of inactive days after the password expiration before locking the account. If set to 0, the account is not locked after the password expires
  • E -> specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of says since Jan 1 1970 can also be used
  • W -> specifies the number of days before the password expiration date to warn the user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To create a group

A
#groupadd research
for new group memebership to take effect after adding a user to a group, a user must log out, then log back in or run
#newgrp groupname
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

to check which groups user belongs to

A
#groups   as the user
#groups user   as root
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

to modify group’s attribute

A

groupmod -n group1 group2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Change group id

A

groupmod -g 1000 group2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

granting non-root user right to add users to a group

A
#gpasswd -A user groups2   user acting as group administrator
now as the group administrator
#gpaswd -a user5 group2
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

to delete a group

A
#groupdel group2
you can also use the user & group gui tool to add/delete groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

adding and removing a user from a group

A
#groupmems -g sales -a bob   add user bob to the sales group
#groupmems -g sales -d tom  remove user tom from the sales group
17
Q

listing contents of the group file

A
The group file is located /etc/group, but you can also list its contents
#getent group2
18
Q

adding user to LDAP(lightweight directory access protocol)

A

From the GUI

System -> administration -> authentication

19
Q

GUI LDAP configuration

A
You might have to install
#yum -y install openldap-client system-config-authentication
#system-config-authentication   calling the GUI from the terminal
20
Q

terminal LDAP configuration

A

yum install -y openldap-clients nss-pam-ldapd

run the authentication menu from the terminal
# authconfig-tui

choose the following options

  • Cache Information
  • Use LDAP
  • Use MD5 Passwords
  • Use Shadow Passwords
  • Use LDAP Authentication
  • Local authorization is sufficient

in the LDAP settings, type:
Use TLS
ldap://instructor.example.com
dc=example,dc=com

test the connection to the ldap server
# getent passwd ldapuser02