Manage users and groups on Linux

 delete users

I. Root account

  • root account is the most privileged on Linux. This account gives you the ability to do all facets of system administration, including adding accounts, change user password, check logs, install, un-install software… on Linux.
  • Very careful to use “root” account for security on live Linux systems.
  • When you log in with root, you can see “#” display in last character.
  • Always keep “root” password secure.

II. Basic knowledge

  • Linux user accounts are organized into groups. Defaul users are the only member of their default groups.
  • Users accounts are in /etc/passwd file. Passwords are in /etc/shadow.
  • When we create a new user, default parameters are configured in /etc/login.defs and configurations are copied to new home directory from /etc/skel directory.

III. User Management File

  • /etc/passwd : all users are configured though a line in /etc/passwd.
[root@localhost ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
saslauth:x:498:76:”Saslauthd user”:/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
pulse:x:497:496:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
user:x:500:500:user:/home/user:/bin/bash
kevin.ngo:x:502:505::/home/kevin.ngo:/bin/bash
clam:x:496:493:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
kevin2:x:503:504::/home/kevin2:/bin/bash
kevinuser:x:504:506::/home/kevinuser:/bin/bash
[root@localhost ~]#
    •   Column 1: Username
    •   Column 2:  Password
    •   Column 3: User ID
    •   Column 4: Group ID
    •   Column 5: Extra information or Full Name
    •   Column 6: Home Directory /home/username
    •   Column 7: Default Shell
  • /etc/shadow: additional password security file. File is readable only for root account.
[root@localhost ~]# cat /etc/shadow
root:$1$fHjBumL6$f3NOlULGExdkFd5DP5vJb/:15790:0:99999:7:::
bin:*:15628:0:99999:7:::
daemon:*:15628:0:99999:7:::
adm:*:15628:0:99999:7:::
lp:*:15628:0:99999:7:::
sync:*:15628:0:99999:7:::
shutdown:*:15628:0:99999:7:::
halt:*:15628:0:99999:7:::
mail:*:15628:0:99999:7:::
uucp:*:15628:0:99999:7:::
operator:*:15628:0:99999:7:::
games:*:15628:0:99999:7:::
gopher:*:15628:0:99999:7:::
ftp:*:15628:0:99999:7:::
nobody:*:15628:0:99999:7:::
dbus:!!:15790::::::
usbmuxd:!!:15790::::::
vcsa:!!:15790::::::
rtkit:!!:15790::::::
avahi-autoipd:!!:15790::::::
abrt:!!:15790::::::
haldaemon:!!:15790::::::
gdm:!!:15790::::::
saslauth:!!:15790::::::
postfix:!!:15790::::::
ntp:!!:15790::::::
apache:!!:15790::::::
pulse:!!:15790::::::
sshd:!!:15790::::::
tcpdump:!!:15790::::::
user:$1$fHjBumL6$f3NOlULGExdkFd5DP5vJb/:15790:0:99999:7:::
kevin.ngo:!!:15816:0:99999:7:::
clam:!!:15845::::::
mysql:!!:15845::::::
kevin2:$1$THqEmcH1$8tyKOi/dWZkveTizZrNOD/:15856:0:99999:7:::
kevinuser:!!:15887:0:99999:7:::
[root@localhost ~]#
    • Column 1: Username
    • Column 2: Password (encrypted)
    • Column 3: Number of days (from last day password changed)
    • Column 4: Minimum password time (can’t change password in a mount time)
    • Column 5: Maximum password time (have to change password in a mount time)
    • Column 6: Warning time (get warning before password expires)
    • Column 7: Disable account time (account will be disabled after the time not used)
    • Column 8: Account expirartion.

 

  • /etc/group: group configuration file which you can see the username in /etc/passwd and /etc/shadow. In /etc/group you can see group names, group ID, members …
[root@localhost ~]# cat /etc/group
root:x:0:
bin:x:1:bin,daemon
daemon:x:2:bin,daemon
sys:x:3:bin,adm
adm:x:4:adm,daemon
tty:x:5:
disk:x:6:
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:mail,postfix
uucp:x:14:
man:x:15:
games:x:20:
gopher:x:30:
video:x:39:
dip:x:40:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
dbus:x:81:
usbmuxd:x:113:
utmp:x:22:
utempter:x:35:
desktop_admin_r:x:499:
desktop_user_r:x:498:
floppy:x:19:
vcsa:x:69:
rtkit:x:497:
avahi-autoipd:x:170:
abrt:x:173:
cdrom:x:11:
tape:x:33:
dialout:x:18:
haldaemon:x:68:haldaemon
gdm:x:42:
saslauth:x:76:
postdrop:x:90:
postfix:x:89:
ntp:x:38:
apache:x:48:
wbpriv:x:88:
pulse:x:496:
pulse-access:x:495:
fuse:x:494:
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
sshd:x:74:
tcpdump:x:72:
slocate:x:21:
user:x:500:
kevin.ngo:x:502:
vboxusers:x:503:kevin.ngo,root
clam:x:493:
mysql:x:27:
kevin2:x:504:
webgroups:x:505:kevinuser
kevinuser:x:506:
[root@localhost ~]#
    • Column 1: Group name
    • Column 2: Password (saved in /etc/gshadow)
    • Column 3: Group ID
    • Column 4: Members of group

 

  • /etc/skel: default set of configuration files and directories.
[root@localhost ~]# cd /etc/skel/
[root@localhost skel]# ls
[root@localhost skel]# ls -lah
total 36K
drwxr-xr-x. 4 root root 4.0K Mar 26 04:45 .
drwxr-xr-x. 107 root root 12K Sep 21 08:31 ..
-rw-r–r–. 1 root root 18 Feb 21 2013 .bash_logout
-rw-r–r–. 1 root root 176 Feb 21 2013 .bash_profile
-rw-r–r–. 1 root root 124 Feb 21 2013 .bashrc
drwxr-xr-x. 2 root root 4.0K Nov 11 2010 .gnome2
drwxr-xr-x. 4 root root 4.0K Mar 26 04:43 .mozilla
[root@localhost skel]#
  • /etc/login.defs: a new user will have basic parameters from /etc/login.defs . It includes in pasword age, User ID members, and for home directory, mail home, umask…
[root@localhost skel]# cat /etc/login.defs
#
# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
## *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 500
UID_MAX 60000#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 500
GID_MAX 60000#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes# Use SHA512 to encrypt password.
ENCRYPT_METHOD MD5MD5_CRYPT_ENAB yes
[root@localhost skel]#
    • MAIL_DIR /var/spool/mail # Default mail directory
    • PASS_MAX_DAYS 99999 # Password max life
    • PASS_MIN_DAYS 0 # Password min life
    • PASS_MIN_LEN 5 # Min password length
    • PASS_WARN_AGE 7 # Warning before expiration
    • UID_MIN 500 # Lowest User ID number
    • UID_MAX 60000 # Highest User ID number
    • GID_MIN 500 # Lowest Group ID number
    • GID_MAX 60000 # Highest Group ID number
    • CREATE_HOME yes

IV. Administrate User and Group

1. Create Users on Linux System (Redhat, CentOS, Fedora, Ubuntu, Debian)

 

2. Add User to Group on Linux (Redhat, CentOS, Fedora, Ubuntu, Debian)

 

3. Create another root user on Linux System

 

4. Set or Reset Password for one account on Linux System

 

5. Change or reset root password on Linux System

 

6. Disable or Enable root account on Linux System

 

7. Recover forgotten User password on Linux System (Ubuntu, Debian)

 

8. Recover forgotten root password on Linux System

 

9.  Delete User Account on Linux System

 

IV. Set Quota to User Account

1. Set disk quota to User / Group on CentOS – Redhat RHEL – Fedora

 

2. Set disk quota to User / Group on Ubuntu – Debian

 

Thanks for using IThelpblog.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

Go to top