Or, the quick bookmark for configuring local users
This is the first in a series of posts that is meant to dump some personal notes that I’ve kept for quite some time. Most of the information found below can be gathered by simply typing in the command listed followed by a --help
or preceded with the man
or info
command. The real challenge, most of the time, is in remembering the command or file name and location. Both of those things as well as explanations and examples are listed below.
1. The /etc/passwd
file
This file contains all user accounts on the system. Below is an example of an entry in /etc/passwd
.
1 2 3 4 5 6 7
leo:x:1005:1005:Leo Chavez,,,:/home/leo:/bin/bash
- Pieces are separated by colons.
leo
is the username. x
is the password placeholder. If no password is set, a!
will appear instead.- The first
1005
is the UID (user ID). - The second
1005
is the GID (group ID). Leo Chavez
is the full name of the user./home/leo
is the location of the home directory./bin/bash
is the location of the user’s default terminal.
2. The /etc/shadow
file
This file contains all users and hashed passwords, but cannot be read by normal users. By default, root
will have read/write access and the shadow
group will have read access. Therefore, to see this file, you’ll have to elevate your privileges with sudo
or su
to root.
1 2 3 4 5 6 7 8 9
leo:$6$7iU2.3kT$c/brL1Ydgicae.LkNKYsoAMq1.2J71:17594:0:99999:7::17897:
leo
is the username$6$
represents the hashing algorithm SHA512.$5$
(SHA256) is also common.- This is the salt which is used to strengthen passwords.
- This long string is the hashed and salted password, but has been shortened.
17594
represents the number of days after Jan 1, 1970 that the password was changed.0
is how many days a user must wait before changing their password again.99999
is how many days a user can keep their password before being forced to change it.7
is the amount of days prior to the forced password change a user is warned.17897
is the number of days from Jan 1, 1970 until account expiry
3. The /etc/group
file
This file contains a list of all groups on the system.
1 2 3 4
sambashare:x:127:leo
sambashare
is the group name.- Not normally used, but a group password would be here.
127
is the group ID.- Users in the group, separated by commas.
/etc/gshadow
would be the group version of /etc/shadow
.
4. The useradd
command
The useradd
command will create users as well as define their home folder location, set an account expiration date and define the default shell.
- To create a new user and create a home folder, type
useradd leo -m
- To create a new user and have their account expire in one week, type
useradd leo -f 7
- To create a new user and have their account expire on a certain day, type
useradd leo -e 2018-12-31
- Putting it all together would look like
useradd leo -m -e 2019-01-01
5. The passwd
command
The passwd
command will set the password for yourself when used alone passwd
or of another use when the user is defined passwd leo
. This is typically done as root
or with sudo
. This must be done before the new user can log in.
6. The userdel
command
The userdel leo
command will remove a user from the system, but leave the files behind. To remove the files as well, use userdel -r leo
7. The groupadd
command
The groupadd
command will add new groups to the system. Adding the group Sales can be done with groupadd Sales
.
8. The usermod
command
The usermod
command will make modifications to users like group associations and home directory changes.
- To set a new primary group, type
usermod -g marketing leo
- To set a secondary group, type
usermod -G sales leo
- To add an additional secondary group, type
usermod -a -G warehouse leo
- To change a username and adjust the home folder as well, type
usermod -l nate -m -d /home/nate leo
9. The groups
and id
commands
The groups
command will show which groups the current user is assigned to. To find out this info about another user, add the username groups nate
. The id
command will show similar information as well as User ID and any Group ID associated with the users or groups. id nate
will show ID information about Nate.
Leave a Reply