7. User & Group Administration
7.1 Adding Users
o Command line interface
o If not specified, defaults in /etc/defaults/useradd and /etc/login.defs are used.
1. userid – lowest unused value >= UID_MIN in /etc/login.defs.
2. home directory – /home/
3. primary group – a group with the same name as the username.
4. shell – /bin/bash.
o -u – userid
o -g – primary group
o -s – shell
o -d – home directory
o -c – comment (Commonly used to specify full name)
o -m – make the home directory if it doesn’t already exist
o -M – don’t create the user’s home directory regardless of the defaults
o -G – a list of supplementary groups that the user will belong to (separate with commas)
o -n – don’t create a group with the same name as the user
o -r – create a system account (uid < UID_MIN in /etc/login.defs) o -D - displays defaults if no other options are given o -b - change default home (when used with -D) o -g - change default group (when used with -D) o -s - change default shell (when used with -D) o o Copies the contents of /etc/skel into user's home directory to setup the default user environment. o Can specify a password with useradd using the -p option, but recommend using /usr/bin/passwd to set the user's password. o Example - To add user "steve" using all of the defaults and set his password, type: o useradd steve o passwd steve o o Login names can contain alphanumeric, -, and _. Maximum length is 256. 2. redhat-config-users o GUI o Uses same defaults as useradd. o Can specify password. 7.2 Modifying Users 1. usermod o Command line interface. o Options: Similar as useradd above. o Example - To change steve's shell to /bin/ksh, type: usermod -s /bin/ksh steve 2. redhat-config-users 7.3 Deleting Users 1. userdel o Command line interface. o Options. -r - removes the user's home directory and mail spool. o Example - To remove user steve, his home directory, and his mail spool, type: userdel -r steve 2. redhat-config-users 7.4 Adding Groups 1. groupadd o Command line interface o If not specified, defaults in /etc/login.defs are used. o Defaults: 1. groupid - lowest unused value >= GID_MIN in /etc/login.defs.
o -g – groupid
o -r – create a system group (gid < GID_MIN in /etc/login.defs) o -f - exit with an error if group already exists o o Example - To add a group called "jedi" using the defaults, type: groupadd jedi 2. redhat-config-users 7.5 Modifying Groups 1. groupmod o Command line interface o Options: o -g - new groupid o -n - new group name o o Example - To change the name of group "jedi" to "Jedi", type: groupmod -n Jedi jedi 2. redhat-config-users 7.6 Deleting Groups 1. groupdel o Command line interface o Options: None o Example - To remove group "Jedi", type: groupdel Jedi 2. redhat-config-users 7.7 User environment configuration 1. Global o /etc/profile 1. System wide environment setup for Bourne type shells (ksh, sh, bash, etc.) 2. Executed only for login shells. 3. Executes /etc/profile.d/*.sh o /etc/bashrc 1. System wide functions and aliases for Bourne type shells (ksh, sh, bash, etc.) 2. Executed for all shell invocations. o /etc/csh.login 1. System wide environment setup for C type shells (ksh, sh, bash, etc.) 2. Executed only for login shells. 3. Executes /etc/profile.d/*.csh o /etc/csh.cshrc 1. System wide functions and aliases for C type shells (ksh, sh, bash, etc.) 2. Executed for all shell invocations. 2. Per User Each user's home directory may contain several environment configuration files. o .bashrc - Same as /etc/bashrc above. o .bash_profile - same as /etc/profile above. o .bash_logout - executed when the user logs out. o .kde, .kderc - KDE configuration information. o Desktop - GNOME configuration information. o .xinitrc - Starts various X clients (not used in RH by default, see .Xclients instead). o .Xclients - Executes .Xclients-default o .Xclients-default - Starts the specified window manager 3. /etc/skel This directory contains all of the default setup files that get copied to a users home directory when they are created. 7.8 User Private Groups Red Hat uses the user private groups scheme. With this scheme, each user has their own primary group in which they are the sole member. This allows for a default umask of 002. 7.9 Shadow file With traditional unix, user passwords were stored in the /etc/passwd file. Because this file has to be world readable in order for the system to function properly, it allowed everyone on the system to view the encrypted version of everyone's password. The shadow file fixes this problem. The user's encrypted password is now stored in the /etc/shadow file which is only readable by root. 7.10 Communicating with users. 1. Determining who is Logged In o users - Uses /var/run/utmp by default to determine who is logged. Can specify another file to use such as /var/log/wtmp. o w - Uses /var/run/utmp to report who is logged in. Also displays if the user is idle and the last command executed by the user. o who - Uses /var/run/utmp by default to determine who is logged. Can specify another file to use such as /var/log/wtmp. Also shows the tty the user is logged into, and the time he/she logged in. 2. User Related Commands o tty - Displays the terminal that the tty command was executed on. o wall - Sends a message to all users that are logged in locally. o write - Creates a half-duplex communications with another user. o mesg - Used to enable/disable incoming messages from other users. When disabled, it prevents other users from using the "write" command to talk to you. 7.11 User & Group Quotas 1. Overview o Allow limitations to be set on the number of files and disk space used. o Configured by user and/or group. o ext2, ext3, and reiser file systems only (reiser supported as of RH 7.1). o Kernel must be compiled with quota support (CONFIG_QUOTA=y). o Enabled at boot time by rc.sysinit for any file system that has usrquota or grpquota listed in it's options field. o Quota information maintained by kernel while system is running. 2. File System Configuration o /etc/fstab Must set usrquota/grpquota options in /etc/fstab. For example, to enable user and group quota's on /home: LABEL=/home /home ext3 defaults 1 2 should be changed to: LABEL=/home /home ext3 defaults,usrquota,grpquota 1 2 o aquota.user & aquota.group 1. Exist in the root of each file system in which quotas are configured. 2. Store quota information. 3. Create with quotacheck: quotacheck -vug /home or quotacheck -avug To check all file systems that have quota's enabled in /etc/fstab. quotacheck checks the current quota information for all users. It must be ran to collect initial quota information. * Options: * -a - scan all file systems with quotas enabled in /etc/fstab * -v - verbose * -g - scan for group quotas * -u - scan for user quotas * 3. Modifying quotas edquota is used to modify user and group quotas. o Users edquota -u steve Displays quota information for user steve in a text editor for editing. All file systems with quotas enabled are shown. Inode and block information can be changed. o Groups edquota -g users Same as above only for group users instead. o Prototypes Once a user's quota has been configured, he/she can be used as a prototype for other users. For example, to use steve's quotas as a prototype for other users, type: edquota -p steve luke darth yoda This will copy steve's quota settings to luke, darth and yoda. 4. Enabling/Disabling Quotas o To enable: quotaon -ug /home for a specific file system, or quotaon -aug for all file systems with quotas enabled in /etc/fstab o To disable: Same as quotaon, only use quotaoff instead. 5. Limits o Soft Maximum amount of space or files user/group can use. o Hard Only used if grace periods are in effect, otherwise they are ignored and soft limits are used to enforce file system limits. o Grace Periods If used, users may exceed their soft limits up to their hard limits for a period of days specified by the grace period. After the grace period expires, the user can no longer exceed their soft limit. Grace periods are set using edquota -t. 6. Reporting To report quota information, use repquota: repquota -a repquota -u / repquota -u steve The first line shows quota information for all users and groups for all file systems. The second line shows user quota information for the / file system. The third line shows quota information for user steve on all file systems. 7. Quota Conversion Changes were made to quotas in RH 7.1. To convert older quotas from pre RH 7.1, use the convertquota: convertquota -ug /home Converts old quotas in the /home file system to the new quotas. Note that the old quotas used quota.user and quota.group instead of aquota.user and aquota.group. 8. Quotas over NFS Since NFS maps remote users to local users, set the quotas on the local users that you plan to map the remote users to. Download the Ensurepass Latest 2013 RHCE EX300 Practise Test PDF to pass RHCE EX300 exam.
7. User & Group Administration