Lesson 2: Managing Users and Groups - CompTIA Linux Plus

last command retrieves information from the file...

/var/log/wtmp

Individuals who will be using the Linux computer should have their own unique user accounts

Administrators will use these accounts to control the user's access to files, directories, and commands on the system. Each account is referenced by the system using a user ID (UID), rather than a name

The syntax of the chage command

is chage [options] {user name}

syntax of the passwd command is

is passwd [user name] where [user name] can be used by root to set a specific user's password.

The w command

is primarily used to display the details of users who are currently logged in to a system and their transactions. The first line of the output displays the status of the system. The second line of the output displays a table with the first column listing the users logged in to the system and the last column indicating the current activities of the users.

The syntax of the sudo command

is sudo [options] {command}

The /etc/shadow file

is the modern storage location for hashed passwords, as well as additional account information.

The /etc/group file

is the storage location for groups. All groups, default or user-specific, will be found in this file

The passwd command

is used by root to set or reset a password for any user.

the groupmod command is

is used to change the group's own attributes.

The chage or "change age" command

is used to control password expiration, expiration warnings, inactive days, and other information for existing accounts.

useradd command

is used to create user accounts and configure basic settings

The userdel command

is used to delete user accounts. By default, it does not delete the user's home directory, unless you use the -r option.

The who command

is used to determine the details of users currently logged in to a system.

The whoami command

is used to display the user name with which you are currently logged in to the system For the root user, the prompt will show a # character. For standard users, the prompt will show a $ character.

The id command

is used to display user ID (UID) and group ID (GID) information

The usermod command

is used to modify settings for regular users. It edits the /etc/passwd file, avoiding the need for administrators to edit the file directly.

The syntax of the useradd command

is useradd [options] [user name]

syntax of the usermod command

is usermod [options] {user name}

The syntax of the who command

is who [options]

The /etc/profile file

provides system-wide environment variables.

Standard user accounts represent

regular system users who may log on to run applications, configure databases, build websites, etc.

User accounts

represent identities that authenticate to the system and can use authentication credentials to do specific tasks.

In Linux, the local administrator account is named

root

There are three different types of accounts:

root, standard user, and service.

The /etc/profile.d/ directory

serves as a storage location for scripts administrators may use to set additional system-wide variables.

Groups

simplify administrative tasks, allowing multiple users to be granted permissions to resources. are represented on the system by a group ID number (GID). Users may be a member of more than one group.

In information security, the principle of least privilege

states that users should be given no more authority on the system than they need to perform their job.

The syntax of the su command is

su [-] [user name]

The output of the who command includes

the user name, the name of the system from which the user is connected, and the date and time that the user has been connected since.

the visudo command

to edit the privileges of the wheel group

The groupdel command

will delete groups from the /etc/group file

The .bash_profile file

provides shell configuration for the initial login environment.

The /etc/bashrc file

provides system-wide Bash settings. This is a little different than /etc/profile, which is used for variables.

The following table lists some options for the usermod command.

-c Sets the comment field. usermod -c "User One" user1 -e Sets the account expiration date. usermod -e 2020/12/31 user1 -aG Adds user to a group and keeps them in their existing groups. usermod -aG sales-group user1 -l Changes the user's login name. usermod -l user99 user1

Some groupadd options include the following

-g Assign a group ID. groupadd -g 123 sales -f Exit with a success status if the group already exists. groupadd -f sales -o Allow a group to be created with a non-unique group ID. groupadd -o -g 123 sales

Some groupmod options include the following.

-g Change the group ID. groupmod -g 123 sales -n Rename a group. groupmod -n newsales sales

Each group contains four fields of information

1. group name 2. group password 3. group ID 4. group list

%editors ALL = sudoedit /path/to/file

Any member of the editors group could then enter the following command to edit a file: sudoedit /path/to/file

root user

Anyone using su will be challenged for the password of the user account they are switching to except the

root privileges

As you have seen, it is a poor practice to log on to the server directly with

su command

One way of elevating privileges is to "substitute user" using the

The useradd command includes many options to customize user accounts,

Option Description Example -c Sets the comment field, which is typically used as the field for the user's full name. useradd -c "User One" user1 -e Sets the account expiration date. useradd -e 2019/12/31 -s Sets the user's default shell. useradd -s /bin/ksh -D View the default configurations for new users. useradd -D

These changes are reflected in the /etc/shadow file.

Option Description Example -E Sets the account to expire at the specified date and time. chage -E 2022/12/31 user1 -l Lists password aging information. chage -l user1 -M Sets the maximum days the password is valid for. chage -M 90 user1 -m Sets the minimum days until the password can be changed. chage -m 1 user1 -W Sets number of days before expiration that user will be warned to change their password. chage -W 5 user1

The following table details the format of the /etc/shadow file

Password Days before password may be changed Days before password must be changed Days until user is warned to change password Days after password expires that account is disabled Days until account expires Unused field

sudoedit command.

Some Linux files require root user privileges to edit. This could be accomplished with a sudo configuration, but a simpler and more secure option is to use the

useradd references several files

The account is stored in the /etc/passwd file. The account is configured according to various options set in the /etc/login.defs file. The account's home directory is created at the /home/<account name> directory. The account's home directory is populated using files from the /etc/skel directory.

standard user account

The better practice is to log on with a

The root user account plays two roles on a Linux system

The first role is that of the local administrator. A user logged on as root can do administrative tasks such as password resets, system configuration changes, user account management, etc. The second role played by the root user account is to provide a security context for some applications and commands.

Login shell

The path to the shell that is launched when the user logs in (usually /bin/bash)

specific commands to specific users, without granting them full privileges on the server.

The sudo command enables the server administrator to delegate

sudoedit [options] {file name}

The syntax of the sudoedit command is

User accounts can be locked with either the passwd or usermod commands.

To lock: passwd -l {user name} usermod -L {user name} To unlock: passwd -u {user name} usermod -U {user name}

The /etc/passwd file stores user account information. All accounts, default or user-specific, will be found in this file. Each account contains seven fields of information.

User name Password User ID Group ID Comment Home directory Login shell

Delegation is done in the /etc/sudoers file by using the

Visudo editor in which the Users and groups may be given specific commands to run in order to fulfill their responsibilities without having full administrator privileges.

Accounts

are objects that represent users and services to Linux

Individual users have personal habits and preferences for their Linux work environment, and so a variety of profile file configurations are available to help them customize their experience. These customizations

are referred to as profiles.

Groups

associate user accounts that have similar security requirements.

The groupadd command

creates a group. By default, the group has no members and no password.

The .bashrc file enables

customization of the user's own environment. The file is stored in a user's home directory.

The last command

displays the history of user login and logout actions, along with the actual time and date

The proper way to edit the /etc/passwd file is via the

https://learn.comptia.org/app/comptia-certmaster-learn-for-linux-plus#read/section/the-etc-passwd-file:~:text=useradd%2C%20usermod%2C%20and%20userdel%20commands

the .bashrc file is often configured to se

including creating aliases, this file is often configured to set default directory and file permissions for the user.

The su command, without an option, enables a user to switch their identity to that of another user, but it retain

original user's profile and variables. The switched user also remains in the home directory of the original user.