Manage Users and Groups

Question 1

create a new user

Answer 1

#useradd user1    by default a home directory is created under /home
#useradd -c "Full name" user1
# useradd -s /bin/tcsh user2  change user's shell
# useradd -c "full name" -d /home/location user   change user's home directory location
#useradd -G wheel bob   add bob the wheel's group as the account is created
#useradd -u 504 -g 505 bob   add user bob with uid 504 and GID 505, the gid must already exist

Question 2

delete a user

Answer 2

# userdel user1    by default userdel doesn't remove the home directory, nor delete mailbox
#userdel -r user1   removes user's home directory & mailbox
# userdel -f bob   also remove home directory & mail spool even if the user is logged on

Question 3

modify user’s account using usermod

Answer 3

usermod uses some of the same commands as useradd
#usermod -c "full name" user2
#usermod -s /bin/bash bob  change bob's shell to bash
#usermod -a -G sales bob  modify bob to be in the sales group
#usermod -l usr user  change the name of a user account(from usr-user)

Question 4

How to add/remove/modify users from the GUI

Answer 4

You might need to install it first
# yum -y install system-config-users
# system-config-users
or from the GUI
System -> Administration -> users & groups

Question 5

change user’s password

Answer 5

#useradd -p test123 newUser    create user with a password
#passwd user   change user's password
account is disabled if no password is provided

Question 6

locking and unlocking a local user’s account

Answer 6

#passwd -l user   to lock a user's account
#passwd -u user  to unlock a user's account
#usermod -L username   locks an account
#usermod -U username  unlocks an account

Question 7

Setting user’s password expiration

Answer 7

By default there is no expiration set for a user's password, but you can set that using the chage command
#chage -M 90 user1    set password expiration to 90 days(user must change in 90 days)
#change -E 2012-5-25 user   set expiration for a user on a specific day
You can also use the passwd command to set expiration for a user's password
#passwd -x 30 user  set password to expire in 30 days

Question 8

Other chage commands

Answer 8

#chage -l user   check a user's policy
Also this command will let you see the status of an account
     #passwd -S user
#chage -w 2 user   set warning to 2 days prior to password expiration
#change -m 10 user  allow a user to change their password every 10 days and no more. 
#chage -d 0 user  apply immediate expiration

Question 9

chage command line options and meanings

Answer 9

• m -> specifies the minimum number of days between which the user must change password. if the value is 0, the password does not expire
• M -> specifies the maximum number of days for which the password is valid
• d -> specifies the number of days since Jan 1 1970 the password was changed
• I -> specifies the number of inactive days after the password expiration before locking the account. If set to 0, the account is not locked after the password expires
• E -> specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of says since Jan 1 1970 can also be used
• W -> specifies the number of days before the password expiration date to warn the user

Question 10

To create a group

Answer 10

#groupadd research
for new group memebership to take effect after adding a user to a group, a user must log out, then log back in or run
#newgrp groupname

Question 11

to check which groups user belongs to

Answer 11

#groups   as the user
#groups user   as root

Question 12

to modify group’s attribute

Answer 12

groupmod -n group1 group2

Question 13

Change group id

Answer 13

groupmod -g 1000 group2

Question 14

granting non-root user right to add users to a group

Answer 14

#gpasswd -A user groups2   user acting as group administrator
now as the group administrator
#gpaswd -a user5 group2

Question 15

to delete a group

Answer 15

#groupdel group2
you can also use the user & group gui tool to add/delete groups

Question 16

adding and removing a user from a group

Answer 16

#groupmems -g sales -a bob   add user bob to the sales group
#groupmems -g sales -d tom  remove user tom from the sales group

Question 17

listing contents of the group file

Answer 17

The group file is located /etc/group, but you can also list its contents
#getent group2

Question 18

adding user to LDAP(lightweight directory access protocol)

Answer 18

From the GUI

System -> administration -> authentication

Question 19

GUI LDAP configuration

Answer 19

You might have to install
#yum -y install openldap-client system-config-authentication
#system-config-authentication   calling the GUI from the terminal

Question 20

terminal LDAP configuration

Answer 20

yum install -y openldap-clients nss-pam-ldapd

run the authentication menu from the terminal
# authconfig-tui

choose the following options

• Cache Information
• Use LDAP
• Use MD5 Passwords
• Use Shadow Passwords
• Use LDAP Authentication
• Local authorization is sufficient

in the LDAP settings, type:
Use TLS
ldap://instructor.example.com
dc=example,dc=com

test the connection to the ldap server
# getent passwd ldapuser02