User Administration Creating Modifying and Deleting RHEL 7
In Linux Terms users are users who utilize system for doing there work effectively. Work means which maybe anything like writing code, designing graphics, Playing games, innovating new things and learning new things. Linux does not have complex user administration, User administration in Linux / Unix platform is very easy ofcourse very effective as well. In this article we are going to learn User Administration Creating Modifying and Deleting RHEL 7 / Centos 7. Creating modifying user accounts
Three Types of users exists in Linux / Unix
- Administrator / Super User / Root User / Inbuilt User
- Service Accounts
- Normal Users
User Administration Creating Modifying and Deleting RHEL 7
1. Root User: root user is an high privileged user which has complete permissions by default. root user id always 0. While installing Operating system root user will be created by default as administrator to install and manage things. Few of the administrator type commands can only be run by root user.
2. Service Accounts: Service accounts are the users which creates automatically whenever we install & start service. .i.e. NFS (nfsnobody), http (apache) .. etc. These service account will have an permissions to manage its related services. Service accounts by default do not have shell access (/sbin/nologin). These user id’s will start from 1 – 999 in New version of Linux such as RHEL 7 / Centos 7.
3. Normal Users: Normal user accounts will be created by administrator (root / Super user), These user id’s start from 1000 – 65535. Manually we can assign permission based on requirement using sudoers.
Creating Users / Adding Users
Using simple useradd command we can create user in Linux / Unix Operating systems. You must be an super user / Administrator to create another normal user.
[root@ArkIT-Serv ~]# useradd ravikumar [root@ArkIT-Serv ~]# cat /etc/passwd |grep ravikumar ravikumar:x:1000:1000::/home/ravikumar:/bin/bash
When we execute useradd command and passwd command it will do below steps to create user.
- It will add entry in /etc/passwd file
- Along with the user primary group with same as user name will be created
- Group entry will be added in /etc/group
- By Default user home directory will be created under /home path
- /etc/skel directory files will be copied to /hom/USERNAME/
- Encrypted password entry will be updated in /etc/shadow file
Useradd Command Options
While creating an user we can also customize few things like placing user home directory in mentioned path / Custom path. Adding Comment to user, Expiry date and so an.
- -c Used to add comment
- -d Used to create custom home path of user
- -D Used to change default settings
- -e The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.
- -f User Account will go to disabled after mentioned period expires
- -g User will have one primary and remaining secondary groups, instead of creating own primary group we can make another group as primary
- -G Adding user to secondary group
- -k Copy skel directory files
- -K Disable Password Ageing while creating service account
- -l Avoid to add user entry in lastlog and faillog list
- -m Create Home Directory for user (Without -m option also by default useradd command will create)
- -M Do not Create Home Directory for the user
- -N Do not create primary group as same as user name instead add user to group name mentioned with -g option
- -o Allow to create user with duplicate UID
- -r Create and System Account
- -u Specify custom UID for the user
Let’s see few practical examples of options
[root@ArkIT-Serv ~]# useradd -u 3333 -g project1 -c "Ind Administrator" -s /bin/bash -d /opt/ravik -e 2016-12-31 ravik [root@ArkIT-Serv ~]# cat /etc/passwd |grep ravik ravik:x:3333:2005:Ind Administrator:/opt/ravik:/bin/bash
Check below is the output to verify user account expiry date
[root@ArkIT-Serv ~]# chage -l ravik Last password change : Nov 05, 2016 Password expires : never Password inactive : never Account expires : Dec 31, 2016 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Modify existing user values using usermod command
Along with the usermod command we have to use below options to modify required details
- -c Change Comment
- -d Change Home Directory Path
- -e Change Expiry Date
- -g Primary group change
- -G Adding to different secondary group
- -l Login Name change
- -L Lock User
- -m Move User home directory content to new path
- -s Shell Change
- -u Change User Identification UID
- -U Unlock Locked user
Let’s see few examples here
Change User Shell from /bin/bash to /bin/csh
[root@ArkIT-Serv ~]# usermod -s /bin/csh ravik [root@ArkIT-Serv ~]# cat /etc/passwd |grep ravik ravik:x:3333:2005:Ind Administrator:/opt/ravik:/bin/csh
Change user comment
[root@ArkIT-Serv ~]# cat /etc/passwd |grep ravik ravik:x:3333:2005:Ravi Kumar Linux Administrator:/opt/ravik:/bin/csh
Lock and Un-Lock User
[root@ArkIT-Serv ~]# usermod -L ravik [root@ArkIT-Serv ~]# cat /etc/passwd |grep ravik ravik:x:3333:2005:Ravi Kumar Linux Administrator:/opt/ravik:/bin/csh [root@ArkIT-Serv ~]# cat /etc/shadow |grep ravik ravik:!!:17110:0:99999:7::17166: [root@ArkIT-Serv ~]# usermod -U ravik [root@ArkIT-Serv ~]# cat /etc/shadow |grep ravik ravik:!:17110:0:99999:7::17166:
Deleting exiting user is very simple just we have to run userdel command along with required options
[root@ArkIT-Serv ~]# userdel ravik [root@ArkIT-Serv ~]# userdel -r ravikumar [root@ArkIT-Serv ~]# cd /opt/ [root@ArkIT-Serv opt]# ls ravik rh [root@ArkIT-Serv opt]# cd /home/ [root@ArkIT-Serv home]# ls ravi1
if you delete user without using -r option user home directory will not delete, you have to delete user home path manually. If you use -r option home directory also will delete automatically.
User Administration is very simple and very effective, I hope you understand about user types, Creating, Modifying and Deleting Users from Linux Machine.
Thanks for your wonderful Support and Encouragement