Lesson 2: Managing Users and Groups - CompTIA Linux Plus
last command retrieves information from the file...
/var/log/wtmp
Individuals who will be using the Linux computer should have their own unique user accounts
Administrators will use these accounts to control the user's access to files, directories, and commands on the system. Each account is referenced by the system using a user ID (UID), rather than a name
The syntax of the chage command
is chage [options] {user name}
syntax of the passwd command is
is passwd [user name] where [user name] can be used by root to set a specific user's password.
The w command
is primarily used to display the details of users who are currently logged in to a system and their transactions. The first line of the output displays the status of the system. The second line of the output displays a table with the first column listing the users logged in to the system and the last column indicating the current activities of the users.
The syntax of the sudo command
is sudo [options] {command}
The /etc/shadow file
is the modern storage location for hashed passwords, as well as additional account information.
The /etc/group file
is the storage location for groups. All groups, default or user-specific, will be found in this file
The passwd command
is used by root to set or reset a password for any user.
the groupmod command is
is used to change the group's own attributes.
The chage or "change age" command
is used to control password expiration, expiration warnings, inactive days, and other information for existing accounts.
useradd command
is used to create user accounts and configure basic settings
The userdel command
is used to delete user accounts. By default, it does not delete the user's home directory, unless you use the -r option.
The who command
is used to determine the details of users currently logged in to a system.
The whoami command
is used to display the user name with which you are currently logged in to the system For the root user, the prompt will show a # character. For standard users, the prompt will show a $ character.
The id command
is used to display user ID (UID) and group ID (GID) information
The usermod command
is used to modify settings for regular users. It edits the /etc/passwd file, avoiding the need for administrators to edit the file directly.
The syntax of the useradd command
is useradd [options] [user name]
syntax of the usermod command
is usermod [options] {user name}
The syntax of the who command
is who [options]
The /etc/profile file
provides system-wide environment variables.
Standard user accounts represent
regular system users who may log on to run applications, configure databases, build websites, etc.
User accounts
represent identities that authenticate to the system and can use authentication credentials to do specific tasks.
In Linux, the local administrator account is named
root
There are three different types of accounts:
root, standard user, and service.
The /etc/profile.d/ directory
serves as a storage location for scripts administrators may use to set additional system-wide variables.
Groups
simplify administrative tasks, allowing multiple users to be granted permissions to resources. are represented on the system by a group ID number (GID). Users may be a member of more than one group.
In information security, the principle of least privilege
states that users should be given no more authority on the system than they need to perform their job.
The syntax of the su command is
su [-] [user name]
The output of the who command includes
the user name, the name of the system from which the user is connected, and the date and time that the user has been connected since.
the visudo command
to edit the privileges of the wheel group
The groupdel command
will delete groups from the /etc/group file
The .bash_profile file
provides shell configuration for the initial login environment.
The /etc/bashrc file
provides system-wide Bash settings. This is a little different than /etc/profile, which is used for variables.
The following table lists some options for the usermod command.
-c Sets the comment field. usermod -c "User One" user1 -e Sets the account expiration date. usermod -e 2020/12/31 user1 -aG Adds user to a group and keeps them in their existing groups. usermod -aG sales-group user1 -l Changes the user's login name. usermod -l user99 user1
Some groupadd options include the following
-g Assign a group ID. groupadd -g 123 sales -f Exit with a success status if the group already exists. groupadd -f sales -o Allow a group to be created with a non-unique group ID. groupadd -o -g 123 sales
Some groupmod options include the following.
-g Change the group ID. groupmod -g 123 sales -n Rename a group. groupmod -n newsales sales
Each group contains four fields of information
1. group name 2. group password 3. group ID 4. group list
%editors ALL = sudoedit /path/to/file
Any member of the editors group could then enter the following command to edit a file: sudoedit /path/to/file
root user
Anyone using su will be challenged for the password of the user account they are switching to except the
root privileges
As you have seen, it is a poor practice to log on to the server directly with
su command
One way of elevating privileges is to "substitute user" using the
The useradd command includes many options to customize user accounts,
Option Description Example -c Sets the comment field, which is typically used as the field for the user's full name. useradd -c "User One" user1 -e Sets the account expiration date. useradd -e 2019/12/31 -s Sets the user's default shell. useradd -s /bin/ksh -D View the default configurations for new users. useradd -D
These changes are reflected in the /etc/shadow file.
Option Description Example -E Sets the account to expire at the specified date and time. chage -E 2022/12/31 user1 -l Lists password aging information. chage -l user1 -M Sets the maximum days the password is valid for. chage -M 90 user1 -m Sets the minimum days until the password can be changed. chage -m 1 user1 -W Sets number of days before expiration that user will be warned to change their password. chage -W 5 user1
The following table details the format of the /etc/shadow file
Password Days before password may be changed Days before password must be changed Days until user is warned to change password Days after password expires that account is disabled Days until account expires Unused field
sudoedit command.
Some Linux files require root user privileges to edit. This could be accomplished with a sudo configuration, but a simpler and more secure option is to use the
useradd references several files
The account is stored in the /etc/passwd file. The account is configured according to various options set in the /etc/login.defs file. The account's home directory is created at the /home/<account name> directory. The account's home directory is populated using files from the /etc/skel directory.
standard user account
The better practice is to log on with a
The root user account plays two roles on a Linux system
The first role is that of the local administrator. A user logged on as root can do administrative tasks such as password resets, system configuration changes, user account management, etc. The second role played by the root user account is to provide a security context for some applications and commands.
Login shell
The path to the shell that is launched when the user logs in (usually /bin/bash)
specific commands to specific users, without granting them full privileges on the server.
The sudo command enables the server administrator to delegate
sudoedit [options] {file name}
The syntax of the sudoedit command is
User accounts can be locked with either the passwd or usermod commands.
To lock: passwd -l {user name} usermod -L {user name} To unlock: passwd -u {user name} usermod -U {user name}
The /etc/passwd file stores user account information. All accounts, default or user-specific, will be found in this file. Each account contains seven fields of information.
User name Password User ID Group ID Comment Home directory Login shell
Delegation is done in the /etc/sudoers file by using the
Visudo editor in which the Users and groups may be given specific commands to run in order to fulfill their responsibilities without having full administrator privileges.
Accounts
are objects that represent users and services to Linux
Individual users have personal habits and preferences for their Linux work environment, and so a variety of profile file configurations are available to help them customize their experience. These customizations
are referred to as profiles.
Groups
associate user accounts that have similar security requirements.
The groupadd command
creates a group. By default, the group has no members and no password.
The .bashrc file enables
customization of the user's own environment. The file is stored in a user's home directory.
The last command
displays the history of user login and logout actions, along with the actual time and date
The proper way to edit the /etc/passwd file is via the
https://learn.comptia.org/app/comptia-certmaster-learn-for-linux-plus#read/section/the-etc-passwd-file:~:text=useradd%2C%20usermod%2C%20and%20userdel%20commands
the .bashrc file is often configured to se
including creating aliases, this file is often configured to set default directory and file permissions for the user.
The su command, without an option, enables a user to switch their identity to that of another user, but it retain
original user's profile and variables. The switched user also remains in the home directory of the original user.