Click on each book below to review & buy on Amazon.
As an Amazon Associate, I earn from qualifying purchases.
RHCSA - Manage Users & Groups: Create, Delete, & Modify Local User Accounts
/etc/passwd File
The /etc/passwd
file is a plain text file that contains a line for each user account on the system. Each line consists of several fields separated by colons (:
), representing different attributes of the user account.
The fields in the /etc/passwd
file are as follows:
- Username: This field contains the username associated with the account. It is used to identify the user.
- Password: Historically, this field stored the encrypted password for the user. However, modern Linux systems store the password hashes in a separate file, such as
/etc/shadow
, for security reasons. In the/etc/passwd
file, this field is typically represented by a placeholder, such asx
or*
. - User ID (UID): The UID field stores a unique numeric identifier for the user. Each user on the system must have a distinct UID. The UID 0 is reserved for the root user.
- Group ID (GID): This field specifies the primary group ID for the user. It identifies the group to which the user belongs.
- User Information: The User Information field usually contains additional information about the user, such as the full name, job title, or contact details. However, this field is not standardized and can vary across systems.
- Home Directory: This field indicates the user's home directory, where they typically store their personal files.
- Default Shell: The Default Shell field specifies the default command-line interpreter (shell) for the user. It determines the user's command-line environment and behavior.
/etc/login.defs File
The settings specified in the /etc/login.defs
file are used during user account creation and password-related operations. When a new user account is created, the system checks /etc/login.defs
for default values to assign to attributes such as password expiration, minimum and maximum UID and GID, and more.
Here are some common settings and their explanations:
- PASS_MAX_DAYS: This setting determines the maximum number of days a password is valid before it must be changed. It helps enforce password expiration policies and enhances security.
- PASS_MIN_DAYS: Specifies the minimum number of days that must pass before a user can change their password again. It helps prevent users from frequently changing their passwords.
- PASS_WARN_AGE: Sets the number of days before the password expiration when users receive a warning message. It helps remind users to change their passwords before they expire.
- LOGIN_RETRIES: Determines the maximum number of login retries permitted before an account is locked. It helps prevent brute-force attacks by locking out accounts after repeated failed login attempts.
- LOGIN_TIMEOUT: Defines the duration (in seconds) for which the system waits for user input during the login process. If no input is received within this time frame, the login attempt is terminated.
- UID_MIN and UID_MAX: These settings define the range of UIDs (user IDs) that are allocated for regular user accounts. The UID_MIN setting specifies the minimum UID, while UID_MAX specifies the maximum UID.
- GID_MIN and GID_MAX: Similar to UID_MIN and UID_MAX, these settings define the range of GIDs (group IDs) allocated for regular groups.
/etc/skel Directory
The /etc/skel
directory, short for "skeleton", serves as a blueprint for new user accounts. When a user account is created, the contents of the /etc/skel
directory are automatically copied to the user's home directory, providing a set of default files and configurations.
/etc/shells File
The /etc/shells
file contains a list of available shells, such as /bin/bash
, /bin/sh
, /bin/zsh
, etc that are available for setting as a users default shell.
Creating Local User Accounts
The useradd
command is used to create a new user account on the system. It allows system administrators to add users and set various attributes for the newly created account, such as the user's home directory, default shell, user ID (UID), group ID (GID), supplementary groups, and more.
The below table shows some of the most common options to use with the useradd
command. These options can be chained together to really customize the users settings:
Option | Description |
---|---|
-d, --home |
Specifies the user's home directory. |
-m, --create-home |
Creates the user's home directory if it doesn't exist. |
-s, --shell |
Sets the default shell for the user. |
-u, --uid |
Sets the user ID (UID) for the account. |
-g, --gid |
Sets the primary group ID (GID) for the account. |
-G, --groups |
Sets additional supplementary groups for the account. |
The below exercise will get you creating a user.
Create user user1111:
Create a user named user1111
with the following attributes:
- Home directory:
-d /home/user1111
- Default shell:
-s /bin/bash
- User ID (UID):
-u 1111
- Create home directory if it doesn't exist:
-m
sudo useradd -m -d /home/user1111 -s /bin/bash -u 1111 user1111
Confirm the user was created with expected settings:
id user1111
getent passwd user1111
Output of both commands should show the user ID, primary group, supplementary groups, home directory and shell:
$ id user1111
uid=1111(user1111) gid=1111(user1111) groups=1111(user1111)
$ getent passwd user1111
user1111:x:1111:1111::/home/user1111:/bin/bash
Modifying Local User Accounts
The usermod
command is used to modify existing user accounts on the system. It allows system administrators to change various attributes of a user account, such as the user's home directory, default shell, user ID (UID), group ID (GID), supplementary groups, and more.
The table below outlines some commonly used options with the usermod
command. These options can be combined to tailor the user's settings:
Option | Description |
---|---|
-d, --home |
Change the user's home directory. |
-m, --move-home |
Move the content of the user's home directory to the new location. |
-s, --shell |
Change the default shell for the user. |
-u, --uid |
Change the user ID (UID) for the account. |
-g, --gid |
Change the primary group ID (GID) for the account. |
-G, --groups |
Change additional supplementary groups for the account. |
-a, --append |
Append user to supplementary groups (used with -G ). |
Below is an example exercise demonstrating the use of usermod
to modify an existing user.
Modify user user1111:
Modify the user named user1111
with updated attributes:
- Home directory:
-m -d /home/user2222
- Default shell:
-s /bin/sh
- User ID (UID):
-u 2222
sudo usermod -m -d /home/user2222 -s /bin/sh -u 2222 user1111
Confirm the user's updated settings:
id user1111
getent passwd user1111
Both commands' output should display the updated user ID, primary group, supplementary groups, home directory, and shell:
$ id user1111
uid=2222(user1111) gid=1111(user1111) groups=1111(user1111)
$ getent passwd user1111
user1111:x:2222:1111::/home/user2222:/bin/sh
Deleting Local User Accounts
The userdel
command is used to delete user accounts from the system. It allows system administrators to remove user accounts along with their associated files and settings.
The table below outlines the primary option used with the userdel
command:
Option | Description |
---|---|
-r, --remove |
Remove the user's home directory and mail spool. |
Here's an example exercise demonstrating the use of userdel
to delete an existing user.
Delete user user1111:
Delete the user named user1111
including the removal of their home directory and mail spool:
sudo userdel -r user1111
Confirm the user's deletion:
id user1111
The command should return an error indicating that the user doesn't exist:
id: ‘user1111’: no such user
Support DTV Linux
Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.
NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.