Module 14
Managing Users and Groups

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Exam Objective
5.2 Creating Users and Groups
Objective Summary
–
–

Understanding user and group commands
Creating User IDs

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Working with Groups

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Creating a Group
•

The most common reason to create a group is to
provide a way for users to share files. After

creating or modifying a group, you can verify the
changes by viewing the /etc/group file or
running the getent command.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The groupadd Command
•
•

•

The groupadd command creates a new group.
The -g option can be used to specify a group id :
groupadd -g 506 research
If the -g option is not provided, the groupadd
command will automatically provide a GID for
the new group.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Group ID Considerations
•

•


•

Avoid creating GIDs in the same numeric ranges
where you expect to create user IDs if your
system uses UPG.
Recall that GIDs of under 500 are reserved for
system use.
The -r option will assign the new group a GID
that will be less than the lowest standard UID.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Group Naming Considerations
•

•

•

•

The first character of the name should be
either an underscore (_) or a lower-case
alphabetic character (a-z).
Up to 32 characters are allowed on most Linux
distributions, but using more than 16 can be
problematic as some distributions may not
accept more than 16.

After the first character, the remaining
characters can be alphanumeric, dash (-) and
underscore(_).
The last character should not be a hyphen (-).
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Modifying a Group
•

•

•

•
•

The groupmod –n command changes a
group’s name.
The groupmod –g command changes a
group’s ID.
If you change the GID for a group, then all files
that were associated with that group will no
longer be associated with that group.
These are called “orphaned” files.
To find “orphaned” files: find / -nogroup
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.



Deleting a Group
•
•
•

Delete a group with the groupdel command.
This may result in “orphaned” files.
Only supplemental groups can be deleted.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Working with Users

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The /etc/default/useradd File
•

•

•

The /etc/default/useradd file is used to
define default settings when creating user
accounts.

Default settings can be viewed of modified with
the useradd -D command.
Editing this file required root access.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The /etc/default/useradd File
Field

Example

Description

GROUP

100

The default primary group for a new user.

HOME

/home

The default base directory under which the
user's new home directory will be created

INACTIVE


-1

This value represents the number of days after
the password expires that the account is
disabled.

EXPIRE

Account expiration date.

SHELL

/bin/bash

The SHELL setting indicates the default shell for
user's when they login to the system.

SKEL

/etc/skel

The contents of this directory are copies into the
new user's home directory and the new user is
given ownership of these files

CREATE_MAIL_SPO yes
OL

A "mail spool" is a file where incoming email is
placed. ".


This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The /etc/login.defs File
•

•

•

•

The /etc/login.defs file is used to define
default settings when creating user accounts.
These default settings can be viewed only by
viewing the contents of this file.
These settings can also only be modified by
editing the file directly.
Editing this file required root access.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The /etc/login.defs File
Field

Example


Description

MAIL_DIR

/var/mail/spool

The directory in which the user's mail spool file will be created.

PASS_MAX_DAYS

99999

The maximum number of days that a user can continue to use
the same password.

PASS_MIN_DAYS

0

The shortest time that a user are required to keep a password.

PASS_MIN_LEN

5

This indicates the minimum number of characters that a
password must contain.

PASS_WARN_AGE


7

This is the default for the warning field

UID_MIN

500

The UID_MIN determines the first UID that will be assigned to
an ordinary user.

UID_MAX

60000

The UID_MAX determines the highest possible UID that will be
assigned to an ordinary user.

GID _MIN

500

The GID _MIN determines the first GID that will be assigned to
an ordinary group.

GID _MAX

60000


The GID_MAX determines the highest possible GID that will be
assigned to a regular group.

CREATE_HOME

yes

The value of this determines whether or not a new directory
will be created for the user, when their account is created.

UMASK

077

Determines what the default permissions will be for the user's
home directory.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Working with Account
Information

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Advantages to Individuals
having Separate Accounts

•

•

•

Accounts can be used to grant selective
access to files or services.
The sudo command can be configured to
grant the ability to specify individuals to permit
execution of select administrative commands.
Each account can have group memberships
and rights associated with it allowing for
greater management flexibility.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Account Considerations
Before creating a user account, consider what
values you want to set for the following:

•

–
–
–
–
–

–
–
–

User name
UID
Primary Group
Supplementary group(s)
Home Directory
Skeleton Directory
Shell
Comment
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The useradd Command
The useradd command will allow you to
create new users. Example:

•

useradd -u 1000 -c 'Jane Doe' jane

Modifies the following files:

•

–
–

–
–
•

/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow

Creates mail spool
(/var/spool/mail/jane) and user’s home
directory (/home/jane).
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Password Security

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Picking a Password
•
•
•

•

Avoid using personal information in passwords.

Encourage complex passwords.
Encourage longer passwords, but not too long
as to make them hard to remember.
Consider how often users will be required to
reset their passwords.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Setting a Password
•

•

•

•

•
•

The passwd command will allow you to change a
password.
The root user can change any user password:
passwd user_name
The root user can break password rules besides “no
empty passwords”.
A user can change their own password by running the
passwd command with no argument.

Regular users can not break password rules.
Password rules vary from one distribution to another.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


chage Command

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Using the chage Command
•

Used to change password aging settings for a
user.
Short
option
Long option
Description
-l

--list

List the account aging information

-d LAST_DAY

--lastday LAST_DAY


Set the date of the last password change to
LAST_DAY

-E
EXPIRE_DATE

--expiredate
EXPIRE_DATE

Set account to expire on EXPIRE_DATE

-h

--help

Show the help for chage

-I INACTIVE

--inactive INACTIVE

Set account to permit login for INACTIVE days
after password expires

-m MIN_DAYS

--mindays MIN_DAYS

Set the minimum number of days before

password can be changed to MIN_DAYS

-M MAX_DAYS

--maxdays MAX_DAYS

Set the maximum number of days before a
password should be changed to MAX_DAYS

-W
WARN_DAYS

--warndays
WARN_DAYS

Set the number of days before a password
expires to start displaying a warning to
WARN_DAYS

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Modifying a User Account

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Modify a User

•

•

The user may need to be logged off to modify
the account.
Use the who, w or last commands to
determine if a user is currently logged in to the
system.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.