If you’re administering a Linux server, chances are you have a lot of user accounts to handle and, along with these, a great deal of files and settings to control. Here are some commands and problems that are necessary in setting up and managing user accounts and gain access to rights.Dealing with IDs
First, in handling
user accounts, you need to be familiar with both user IDs (UID) and group IDs (GID). The majority of accounts are set up with each user being the sole member of a group that has the exact same name as the user’s account. In truth, both are set up when an account is developed utilizing the useradd command. When you list a user’s home directory site, you must see something like this:$ ls- ld/ home/dbell drwxr-xr-x. 8 dbell 4096 Mar 23 2021/ home/dbell ^ ^|| user group Note that the username and groupname are both”dbell”. To see the numerical equivalent of these worths, utilize a command like this one instead:$ ls -ldn dbell drwxr-xr-x. 8 1003 1003 4096 Mar 23 2021 dbell ^ ^ |
| UID GID The numerical worth is 1003 for both the username and groupname. The details displayed is derived from the/ etc/passwd and/ etc/group files, which connect the names to their numerical worths.$grep dbell/ etc/passwd/ etc/group/ etc/passwd: dbell: x:1003:1003: Dana Bell:/ home/dbell:/ bin/bash/ etc/group: dbell: x:1003: Working with essential files Some of the most essential files that you require to deal with when managing user accounts are the/ etc/passwd,/ etc/shadow and/ etc/group files. As revealed above, the/ etc/passwd and/ etc/group files hold the UIDs and GIDs together with the users ‘house directory sites. Any groups that the user is a member of– including their personal group– are kept in the/ etc/group file. The/ etc/shadow file contains the password hash and aging parameters that guarantee password security and can force users to alter their passwords periodically.These entries are established when you utilize the useradd command which includes lines to the/ etc/passwd file, the/ etc/group file and the/ etc/shadow file.
$sudo useradd newuser $sudo grep newuser/ etc/passwd/ etc/group/ etc/shadow/ etc/passwd: newuser: x:1019:1019::/ home/newuser:/ bin/bash/ etc/group: newuser: x:1019:/ etc/shadow: newuser:!!:19372:0:99999:7::: Keep in mind that sudo is required for producing accounts and for looking at the/ etc/shadow file. The UID for a brand-new account will automatically be designated the next available number for user accounts. On most Linux systems,
the first user account will have the value 1000, and each additional user will be one greater than the previous one. UIDs with smaller values are system accounts. As displayed in the bottom line in the above output, there is no password hash when an account is at first established. That field will show up as!! up until a password is designated. When a password is established, a long string representing the password hash will replace the 2 exclamation points. Sysadmins will often set up a short-lived password for a new user and after that use a command like the 2nd sudo command revealed listed below to expire that password which then requires the user to set a new password on very first login. In this method, only the user knows the password to the account. $sudo passwd newuser New password: Retype new password:$ sudo passwd-e newuser The fifth( colon-separated )field in the/ etc/passwd file is for the user’s complete name and/or description– often described as the comment field.This can
be added when … Source
