Utilizewindows

Managing Users in Linux

by

Before you start

Objectives: Learn which files hold user information, how to add new user, how to modify existing user, and how to set a password for specific user.

Prerequisites: no prerequisites.

Key terms: password, user management, passwd file, useradd, usermod, userdel

 Passwd File

In early days of Linux, we basically had to use the text editor to manage users. Since user database and group database are only text files, we can always open them in text editor and view them. The common editor which we can use to edit text files is vi. We can enter the command โ€œsudo vipwโ€ directly in terminal which will open the passwd file in vi automatically.  We can also open it manually by entering the command โ€œvi /etc/passwdโ€œ. However, we should always use the vipw command because it locks the user file so we can safely work with it.

 1 vi passwd

passwd file

As we can see, each line identifies a user account. Each line contains a colon delimited fields which describe user information. The first field is the user name. The next field is for users password. If we see an X instead of the password, that means that shadow files are enabled (password is stored in the shadow file). The next field is the user ID, which is unique on the operating system. The next fields is the primary group ID. To find the name of the group we have to open the group file. The next field is the GECOS comment which is typically used for users full name.  The next field is users home directory and the last field is users shell. The shell is the first program that is executed when a user logs on.

To add the user, we could simply add a new line with all fields populated and then save the file. After we exit the file, we would get a prompt to edit the shadow file also. Then we would have to edit the group database file also. This is the old way of doing things when creating users. Now we have tools dedicated to user creation.

User Management Commands

To create a new user we can use the โ€œuseraddโ€ command. For example, if we want to add the user โ€œdemoโ€, we would enter the โ€œuseradd demoโ€ command. This command will populate the passwd file, update the shadow file.

If we want to specify more things when creating users, we can use additional options. For example, lets create a new user named demo2 with the id of 1010, and with the primary group named โ€œholstenโ€. The command for this is โ€œsudo useradd -u 1010 -g holsten demo2โ€œ. To also create the users home directory, we can use the -m option, like this: โ€œsudo useradd -u 1010 -g holsten -m demo2โ€ณ. When adding users to the group, that group must exist. Using -c option, we can enter GECOS description, for example โ€œuseradd -c โ€œDemo Userโ€โ€œ.

If we want to change existing users we can use the โ€œusermodโ€ command. It has similar options as โ€œuseraddโ€ command. For example, if we want to change user ID for demo2 to 1030, we would enter the โ€œsudo usermod -u 1030โ€ command. With the -l switch we can rename a user account. When renaming the account, we can use the -d option to rename the home directory.

If we want to delete a user, we can use the โ€œuserdelโ€ command. For example, to delete the demo2 user, we would enter the โ€œsudo userdel demo2โ€ command. If we also want to remove the users home directory, we can use the -r option. So, the command to remove the user and its home directory is โ€œsudo userdel -r demo2โ€œ. If we donโ€™t use the -r option, the home directory will remain.

Shadow File

If we open the /etc/shadow file, we will see that it has the similar format as passwd file. The first field is the user name, and second field is the password. The third field is the date of the most recent password change timestamp (measured in the number of days since 1 January 1970). Fourth field is the minimum password age. Fifth is the maximum password age. Sixth field is the number of days a user is warned before the password must be changed. Seventh is the number of days the user can log in without changing password.  Eight field is the number of days since 1 January 1970 after which the account will be disabled.

 2 Shadow File

shadow File

Notice that we have a password set for users โ€œcicnaviโ€ and โ€œdemo3โ€. We can tell that because we see a long string which is actually a password hash. However, user โ€œdemoโ€ doesnโ€™t have a password set. To set a password for a user, we can use the โ€œpasswdโ€ command. For example, if we want to set the password for the โ€œdemoโ€ user, we would enter โ€œsudo passwd demoโ€ command. After that we will be able to enter the password for the user.

 3 Passwd Command

passwd Command

Now the user โ€œdemoโ€ has the password set.

Switching Users

We have to mention the โ€œsuโ€ command which allows us to become any user without having to log of and log in again. Itโ€™s like the โ€œRun asโ€ command in Windows. For example, if we want to become user โ€œdemoโ€, we can enter the command โ€œsu demoโ€œ. If we are not root user, we will have to enter the password for the โ€œdemoโ€ user. To get back to the original user, we can enter the โ€œexitโ€ command.

If we only enter the โ€œsuโ€ command (without specifying the user), we will switch to the โ€œrootโ€ user. If we use the โ€œ-โ€ option together with the โ€œsuโ€ command, we will also log us in as that user, load that users profile, and change to the home directory of that user. If we donโ€™t use the โ€œ-โ€ option, we will stay at our current position. The example command would be โ€œsu โ€“ demoโ€ .

Related Posts: