Skip to main content

How TO Manage Groups Ad User on linux

Linux Admin - User Managemen

When discussing user management, we have three important terms to understand −

Users

 Groups

Permissions

We have already discussed in-depth permissions as applied to files and folders. In this chapter, let's discuss about users and groups.

CentOS Users

In CentOS, there are two types accounts – 

System accounts Used for a daemon or other piece of software.

 Interactive accounts Usually assigned to a user for accessing system resources.

The main difference between the two user types is −

System accounts are used by daemons to access files and directories. These will usually be disallowed from interactive login via shell or physical console login..

Interactive accounts are used by end-users to access computing resources from either a shell or physical console login.

With this basic understanding of users, let's now create a new user for Bob Jones in the Accounting Department. A new user is added with the adduser command.

Following are some adduser common switches −


Switch

Action

-c

Adds comment to the user account

-m

Creates user home directory in default location, if nonexistent

-g

Default group to assign the user

-n

Does not create a private group for the user, usually a group with username

-M

Does not create a home directory

-s

Default shell other than /bin/bash

-u

Specifies UID (otherwise assigned by the system)

G

Additional groups to assign the user to


When creating a new user, use the -c, -m, -g, -n switches as follows −

[root@localhost Downloads]# useradd -c "Bob deep Accounting Dept Manager" -m -g accounting -n deep

Now let's see if our new user has been created −


[root@localhost deep123]# grep Dell /etc/passwd

Dell:x:1001:1001:Dell  Accounting Dept Manager:/home/bjones:/bin/bash


Now we need to enable the new account using the passwd command −

[root@localhost deep123]#

The user account is not enabled allowing the user to log into the system.

Disabling User Accounts

There are several methods to disable accounts on a system. These range from editing the /etc/passwd file by hand. Or even using the passwd command with the -lswitch. Both of thes methods have one big drawback: if the user has ssh access and uses an RSA key for authentication, they can still login using this method.

Now let’s use the chage command, changing the password expiry date to a previous date. Also, it may be good to make a note on the account as to why we disabled it.

[root@localhost Dell]# chage -E 2005-10-01 Dell

[root@localhost Dell]# usermod -c "Disabled Account while Bob out of the country

> for five months" Dell

[root@localhost Dell]# # grep Dell /etc/passwd

Dell:x:1001:1001:Disabled Account while Bob out of the country for four months:/home/bjones:/bin/bash


Manage Groups

Managing groups in Linux makes it convenient for an administrator to combine the users within containers applying permission-sets applicable to all group members. For example, all users in Accounting may need access to the same files. Thus, we make an accounting group, adding Accounting users.


For the most part, anything requiring special permissions should be done in a group. This approach will usually save time over applying special permissions to just one user. Example, 


Following are some common commands used for managing groups -

Chgrp

 groupadd

groups

 usermod

chgrp − Changes the group ownership for a file or directory. Let's make a directory for people in the accounting group to store files and create directories for files.


[root@localhost Dell]#

Next, let's give group ownership to the accounting group.

[root@localhost Dell]# chgrp -v accounting /home/accounting/

changed group of ‘/home/accounting/’ from root to accounting

[root@localhost Dell]#   ls -ld /home/accounting/ drwxr-xr-x. 2 root accounting 6 Jan 13 10:18 /home/accounting/


[root@localhost Dell]#

Now, everyone in the accounting group has read and execute permissions to /home/accounting. They will need write permissions as well

[root@localhost Dell]# chmod g+w /home/accounting/

drwxrwxr-x. 2 root accounting 6 Jan 13 10:18 /home/accounting/

[root@localhost Dell]#


Since the accounting group may deal with sensitive documents, we need to apply some restrictive permissions for other or world.

[root@localhost Dell]#

[root@localhost Dell]# chmod o-rx /home/accounting

drwxrwx---. 2 root accounting 6 Jan 13 10:18 /home/accounting/


[root@localhost Dell]#

groupadd − Used to make a new group.

Switch

Action

-g

Specifies a GID for the group

-K

Overrides specs for GID in /etc/login.defs

-o

Allows overriding non-unique group id disallowance

 

-p

 

 

 

Group password, allowing the users to activate themselves


Let's make a new group called secret. We will add a password to the group, allowing the users to add themselves with a known password.

[root@localhost Dell]# gpasswd secret

Changing the password for group secret

New Password:

 Re-enter new password:

[root@localhost Dell]#exit

exit

In practice, passwords for groups are not used often. Secondary groups are adequate and sharing passwords amongst other users is not a great security practice. The groups command is used to show which group a user belongs to. We will use this, after making some changes to our current user. usermod is used to update account attributes. Following are the common usermod switches.


Switch

Action

-a

Appends, adds user to supplementary groups, only with the -G option

-c

Comment, updatesthe user comment value

-d

Home directory, updates the user's home directory

-G

Groups, adds or removesthe secondary user groups

-g

Group, default primary group of the user

[root@localhost Dell]#



Comments

Popular posts from this blog

Microsoft-windows-server-2019 New-Features

 windows server 2019is that latest windows server operating system till date and provides the best windows server  operating system for cloud solutions and provides the best integration with Azure  when compared to windows server 2016. The current version of windows server 2019 improves on the previous windows 2016 version in regards with better performance, improved security. better hyper-convergence and outstanding optimizations for hybrid integration. New Features in windows server 2019 Hybrid cloud option: windows 2019 server support Hybrid Cloud, Both on-premise and cloud solutions work together option. the cloud solution can work simultaneously with the on-premise version. New Features in windows server 2019 Storage Migration Service: storage Migration is a new feature/tool that helps migrate date from the legacy plat from to the new 2019 plat from. storage Migration services supports migrating data all the way from windows server 2023 to windows server 2019. it enables the inv

Crontab in linux- Examples and Command

A cron job in Linux is a time-based job scheduler. It is a utility that allows you to schedule and automate the execution of scripts, commands, or programs at specific intervals or at predetermined times. Cron jobs are commonly used in Linux and other Unix-like operating systems to automate repetitive tasks, such as system maintenance, log rotation, backups, and periodic data processing. The cron service is responsible for running these scheduled tasks. It reads a configuration file called the "crontab" (short for cron table) to determine when and which commands to execute. Each user on a Linux system can have their own crontab file, which lists the cron jobs specific to that user The crontab file uses a specific format to define the schedule of a cron job. It consists of six fields that specify the timing of the job: scss * * * * * command_to_be_executed | | | | | | | | | +----- Day of the Week ( 0 - 7 ) (Sunday = 0 or 7 ) | | | +------- Month ( 1 - 12 ) | | +--

Why use vSAN in VMware?

 VMware vSAN, which stands for VMware Virtual SAN, is a software-defined storage solution offered by VMware. It is a component of VMware's vSphere virtualization platform and is designed to provide highly scalable, high-performance shared storage for virtual machines (VMs) in a vSphere environment. vSAN allows you to pool together the direct-attached storage devices (such as hard drives or solid-state drives) from multiple servers in a vSphere cluster and create a distributed storage infrastructure. By aggregating the storage resources from these servers, vSAN creates a shared storage pool that can be utilized by VMs running on those servers. Key features and benefits of VMware vSAN include: Hyperconverged Infrastructure (HCI): vSAN is a key component of VMware's HCI solution. It combines compute, storage, and virtualization resources into a single software-defined platform, simplifying data center operations and reducing hardware costs. Highly scalable and elastic : vSAN a

User quota in Linux step by step

  Linux Admin – Quota Management As a Linux administrator, quota management is an important aspect of managing file systems and controlling disk usage by users. Quotas allow you to set limits on the amount of disk space a user or a group can consume. Here's a general guide on how to manage quotas in Linux:                Enabling Quota Management in C Linux is basically a 4 step process – Step 1  − Enable quota management for groups and users in /etc/fstab. Step 2  − Remount the filesystem. Step 3  − Create Quota database and generate disk usage table. Step 4  − Assign quota policies. Enable Quota Management in /etc/fstab First, we want to backup our /etc/fstab filen − [root@localhost ~]#   cp -r /etc/fstab ./ We now have a copy of our  known working  /etc/fstab in the current working directory. We made the following changes in the options section of  /etc/fstab  for the volume or Label to where quotas are to be applied for users and groups. usrquota grpquota  As you can see, we

What is? Dhcp Server In-Networking

 A DHCP (Dynamic Host Configuration Protocol) server is a network service that automatically assigns IP addresses and other related network configuration parameters to devices on a network. It simplifies the process of network configuration by dynamically allocating IP addresses to devices as they connect to the network. PLAN the IP Address Range and Exclusions Besides degerming how to places the DHCP server into the network  structure, you also to plan the ip address ranges you" ii use as well as which ip addresses to reserve or exclude from this pool of addresses. use the following list to help plan the IP address ranges to use and exclude . . Determine the range of ip addresses that the DHCP server will manage. Most likely, this will be private address range such as 10.x.x.x or 192.168.x.x, or a site-local addresses such as FEC::/10. .Make a list of any IP addresses to exclude to support hosts with static IP addresses. only DHCP server and hosts that don't' works as

windows server 2019 dns configuration step by step

To configure DNS on Windows Server 2019, you can follow these step-by-step instructions: 1. Install DNS Server role: 2. Open "Server Manager" by clicking on the Windows icon and selecting "Server Manager." 3. Click on "Manage" at the top-right corner and select "Add Roles and Features." 4.  Follow the wizard and select the appropriate options until you reach the "Server Roles" page. 5. Expand "DNS Server" and select it. 6. Click "Next" and then "Install" to start the installation process. 7. Wait for the installation to complete. 8. After the installation, open "Server Manager" again. 9. Click on "Tools" at the top-right corner and select "DNS." 10. Configure Forward Lookup Zone: 11 . In the DNS Manager, right-click on your server name and select "Configure a DNS Server." 12. Select the zone type (Primary, Secondary, or Stub) and click "Next." 13. Enter the