Manage Users and Groups Flashcards Preview

Rhcsa > Manage Users and Groups > Flashcards

Flashcards in Manage Users and Groups Deck (20)
Loading flashcards...

create a new user

#useradd user1 by default a home directory is created under /home
#useradd -c "Full name" user1
# useradd -s /bin/tcsh user2 change user's shell
# useradd -c "full name" -d /home/location user change user's home directory location
#useradd -G wheel bob add bob the wheel's group as the account is created
#useradd -u 504 -g 505 bob add user bob with uid 504 and GID 505, the gid must already exist


delete a user

# userdel user1 by default userdel doesn't remove the home directory, nor delete mailbox
#userdel -r user1 removes user's home directory & mailbox
# userdel -f bob also remove home directory & mail spool even if the user is logged on


modify user's account using usermod

usermod uses some of the same commands as useradd
#usermod -c "full name" user2
#usermod -s /bin/bash bob change bob's shell to bash
#usermod -a -G sales bob modify bob to be in the sales group
#usermod -l usr user change the name of a user account(from usr-user)


How to add/remove/modify users from the GUI

You might need to install it first
# yum -y install system-config-users
# system-config-users
or from the GUI
System -> Administration -> users & groups


change user's password

#useradd -p test123 newUser create user with a password
#passwd user change user's password
account is disabled if no password is provided


locking and unlocking a local user's account

#passwd -l user to lock a user's account
#passwd -u user to unlock a user's account
#usermod -L username locks an account
#usermod -U username unlocks an account


Setting user's password expiration

By default there is no expiration set for a user's password, but you can set that using the chage command
#chage -M 90 user1 set password expiration to 90 days(user must change in 90 days)
#change -E 2012-5-25 user set expiration for a user on a specific day
You can also use the passwd command to set expiration for a user's password
#passwd -x 30 user set password to expire in 30 days


Other chage commands

#chage -l user check a user's policy
Also this command will let you see the status of an account
#passwd -S user
#chage -w 2 user set warning to 2 days prior to password expiration
#change -m 10 user allow a user to change their password every 10 days and no more.
#chage -d 0 user apply immediate expiration


chage command line options and meanings

-m -> specifies the minimum number of days between which the user must change password. if the value is 0, the password does not expire
-M -> specifies the maximum number of days for which the password is valid
-d -> specifies the number of days since Jan 1 1970 the password was changed
-I -> specifies the number of inactive days after the password expiration before locking the account. If set to 0, the account is not locked after the password expires
-E -> specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of says since Jan 1 1970 can also be used
-W -> specifies the number of days before the password expiration date to warn the user


To create a group

#groupadd research
for new group memebership to take effect after adding a user to a group, a user must log out, then log back in or run
#newgrp groupname


to check which groups user belongs to

#groups as the user
#groups user as root


to modify group's attribute

#groupmod -n group1 group2


Change group id

#groupmod -g 1000 group2


granting non-root user right to add users to a group

#gpasswd -A user groups2 user acting as group administrator
now as the group administrator
#gpaswd -a user5 group2


to delete a group

#groupdel group2
you can also use the user & group gui tool to add/delete groups


adding and removing a user from a group

#groupmems -g sales -a bob add user bob to the sales group
#groupmems -g sales -d tom remove user tom from the sales group


listing contents of the group file

The group file is located /etc/group, but you can also list its contents
#getent group2


adding user to LDAP(lightweight directory access protocol)

From the GUI
System -> administration -> authentication


GUI LDAP configuration

You might have to install
#yum -y install openldap-client system-config-authentication
#system-config-authentication calling the GUI from the terminal


terminal LDAP configuration

# yum install -y openldap-clients nss-pam-ldapd

run the authentication menu from the terminal
# authconfig-tui

choose the following options
- Cache Information
- Use LDAP
- Use MD5 Passwords
- Use Shadow Passwords
- Use LDAP Authentication
- Local authorization is sufficient

in the LDAP settings, type:

test the connection to the ldap server
# getent passwd ldapuser02