Linux Indepth #4

 

Issue:

You want to list users’ UIDs and GIDs.

Solution

Use the id command with no options to see your own UID and GIDs. In the following example, the user is Duchess:

duchess@pc:~$ id

Display another user’s UID and GIDs by providing their username as an argument:

duchess@pc:~$ id kishore

Display your effective ID. This is your ID when you run a command as another user. You can see this with sudo:

duchess@client4:~$ sudo id -un
root

duchess@client4:~$ sudo -u kishore id -gn
kishore

----------------------------------------------------------------------------------------------------------------------------

Issue:

You want to create a new user with a user private group and home directory populated with a set of default files like .bashrc, .profile, .bash_history, and any other files you want them to have.

Solution

The useradd command is included in most Linux distributions and is configurable to suit your requirements. The default configuration varies across the various Linux distributions, so the quickest way to learn how your system is set up is to create a new test user:

$ sudo useradd test1

Now run the id command, and then see if useradd created a home directory. The following examples are from Fedora 34:

$ id test1
uid=1011(test1) gid=1011(test1) groups=1011(test1)

$ sudo ls -a /home/test1/
.  ..  .bash_logout  .bash_profile  .bashrc

In this example, the default configuration meets all the requirements listed in the Problem. Now you only need to set a password:

$ sudo passwd test1
Changing password for user test1.
New password: password
Retype new password: password
passwd: all authentication tokens updated successfully.

You may elect to force the user to reset their password at first login, after creating the user’s password:

$ sudo passwd -e test1
Expiring password for user test1.
passwd: Success

Give the login to your user, and they can start using their new account. The new user account is represented like this in /etc/passwd:

test1:x:1011:1011::/home/test1:/bin/bash

Some Linuxes, for example openSUSE, configure useradd to not create the user’s home directory by default and to put all users into the users (100) group. This potentially exposes files to other users, if group permissions on the files allow it. The following example creates a user private group:

$ sudo useradd -mU test2

-m creates the user’s home directory, and -U creates their private group with the same name as their username.

---------------------------------------------------------------------------------------------------------------------------

Issue:

You want to create a system user with the useradd command.

Solution:

The following example creates a new system user with no home directory, no login shell, and uses the correct UID numbering range for system users:

$ sudo useradd -rs /bin/false service1

-r means create a system user with a real ID in the correct numerical range for system users, and -s specifies the login shell. /bin/false is a command that does nothing and prevents the user from logging into the system.

----------------------------------------------------------------------------------------------------------------------------

Issue:

The default useradd settings are not right for you, and you want to change them.

Solution:

The useradd configuration is spread across multiple configuration files: /etc/default/useradd, /etc/login.defs, and files in the /etc/skel directory.

The following values appear in /etc/default/useradd. This example shows the openSUSE defaults:

$ useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

GROUP=100 sets a single shared group as the default for all new users, traditionally 100. The group must first exist, and USERGROUPS_ENAB no must be set in /etc/login.defs. Then set GROUP= in /etc/default/useradd to the GID of the user group. If our Duchess user is in a shared group, her id output shows uid=1000(duchess) gid=100(users).

Enable private user groups by setting USERGROUPS_ENAB yes in /etc/login.defs, then comment out GROUP= in /etc/default/useradd. This creates a nonshared private group for each user. If our Duchess user has her own private group, her id output shows uid=1000(duchess) gid=1000(duchess).

HOME=

sets the default directory for all user home directories. The default is /home.

INACTIVE=-1

sets the number of days after a password expires until the account is locked. A value of 0 disables the account as soon as the password expires, and a value of –1 disables locking the account.

EXPIRE=

sets an expiration date on the account, in YYYY-MM-DD format. For example, if you set it to 2021-12-31, the account will be disabled on that date. Leaving EXPIRE= empty means the account will not expire.

SHELL=/bin/bash

sets the default command shell. /bin/bash is the most commonly used Linux shell. Other values are any installed shell on the user’s system, such as /bin/zsh or /usr/bin/tcsh. cat /etc/shells lists all installed shells.

SKEL=/etc/skel

sets the location for the files that you want automatically distributed to new users. Most Linuxes put them in /etc/skel. These are files such as .bash_logout, .bash_profile or .profile, .bashrc, and any other files you want new users to have. You may edit these files to suit your own requirements. SKEL is short for skeleton.

CREATE_MAIL_SPOOL=yes

is a relic of olden times, and should be set to yes, as there may be some legacy processes that still need it.

The following values in /etc/login.defs are relevant to user creation defaults:

  • USERGROUPS_ENAB yes enables private user groups.

  • CREATE_HOME yes configures useradd to automatically create private user home directories. This does not apply to system users

     

    ----------------------------------------------------------------------------------------------------------------------

Issue:

You want to create groups with groupadd.

Solution:

The following example creates a new user group musicians:

$ sudo groupadd musicians

Use groupadd with the -r option to create a system group:

$ sudo groupadd -r service1
--------------------------------------------------------------------------------------------------------------------------

Issue:

You want to assign users to groups.

Solution:

Use the usermod command. The following example adds kishore to the musicians group:

$ sudo usermod -aG musicians kishore

This example adds kishore to multiple groups:

$ sudo usermod -aG musicians,composers,stagehands kishore

Alternatively, you could edit /etc/group and type kishore’s name after the appropriate group or groups. When you list multiple group members, the list must be comma-delimited, with no spaces between the names.

musicians:x:900:stash,madmax,kishore
---------------------------------------------------------------------------------------------------------------------------

Issue:

You want to disable a user account without deleting it.

Solution:

To temporarily deactivate an account, disable the user’s password with the passwd command:

$ sudo passwd -l stash
passwd: password expiry information changed.

Now the user cannot log in. The following example unlocks the user’s account:

$ sudo passwd -u stash
passwd: password expiry information changed.

This does not prevent a user from logging in via a different authentication method, such as an SSH key. To completely disable a user account, use usermod:

$ sudo usermod --expiredate 1 stash

When the user tries to log in, they see a “Your account has expired; please contact your system administrator” message. Restore their account:

$ sudo usermod --expiredate -1 stash

---------------------------------------------------------------------------------------------------------------------------

Issue:

You need to delete a user, and possibly their home directory and its contents.

Solution

The following example uses the userdel command to delete the user Stash from /etc/passwd, Stash’s primary group and all group memberships, and the shadow files:

$ sudo userdel stash

If Stash belongs to a shared primary user group,  the group will not be deleted.

Use the -r option to delete the user’s home directory and its contents, and their mail spool:

$ sudo userdel -r stash

If the user owns files outside of their home directory, you will have to find and take care of them separately



















































Comments

Post a Comment

Popular posts from this blog

How To Rebuild GRUB Configuration file

Whenever We change our GRUB configuration, we need to rebuild it:   The command to rebuild your GRUB configuration varies. On Fedora   and open SUSE, use this command: $ sudo grub2-mkconfig -o /boot/grub2/grub.cfg For Ubuntu, use: $ sudo grub-mkconfig -o /boot/grub/grub.cfg Ubuntu Linux also has a script that runs   grub-mkconfig ,   update-grub : $ sudo update-grub   Remember to always verify your correct filenames and paths when you edit your GRUB configuration because they vary on the different platforms of Linux.
Read more

DevOps Project Contest.

  Trie Tree Technologies [DevOps Factory] DevOps Project Contest   Rules: 1)    Please Register your name in Telegram Channel. 2)    Contest duration is 7 Days. 3)    Start Date is 13 th November 2021 to 20 th November 2021. 4)    Design your Architecture and send it on your first day i.e. 13 th Nov. 5)    Project should include CI/CD Tools. 6)    Project should use any 2 tools from Terraform, Ansible and Kubernetes. 7)    Use CI Tools like Jenkins, GitLab, CircleCI or any of your choice. 8)    Place all your code in GitHub Public repository. 9)    Record Your session using freecam link given below and send in GoogleDrive or you can Share your screen and explain your project. https://www.freescreenrecording.com/ 10)  Projects will be reviewed in a week and winners will be declared.     11) All the participants will get feedback on what to i...
Read more