Or, the quick bookmark for configuring local users
This is the first in a series of posts that is meant to dump some personal notes that I’ve kept for quite some time. Most of the information found below can be gathered by simply typing in the command listed followed by a
--help or preceded with the
info command. The real challenge, most of the time, is in remembering the command or file name and location. Both of those things as well as explanations and examples are listed below.
This file contains all user accounts on the system. Below is an example of an entry in
1 2 3 4 5 6 7 leo:x:1005:1005:Leo Chavez,,,:/home/leo:/bin/bash
- Pieces are separated by colons.
leois the username.
xis the password placeholder. If no password is set, a
!will appear instead.
- The first
1005is the UID (user ID).
- The second
1005is the GID (group ID).
Leo Chavezis the full name of the user.
/home/leois the location of the home directory.
/bin/bashis the location of the user’s default terminal.
This file contains all users and hashed passwords, but cannot be read by normal users. By default,
root will have read/write access and the
shadow group will have read access. Therefore, to see this file, you’ll have to elevate your privileges with
su to root.
1 2 3 4 5 6 7 8 9 leo:$6$7iU2.3kT$c/brL1Ydgicae.LkNKYsoAMq1.2J71:17594:0:99999:7::17897:
leois the username
$6$represents the hashing algorithm SHA512.
$5$(SHA256) is also common.
- This is the salt which is used to strengthen passwords.
- This long string is the hashed and salted password, but has been shortened.
17594represents the number of days after Jan 1, 1970 that the password was changed.
0is how many days a user must wait before changing their password again.
99999is how many days a user can keep their password before being forced to change it.
7is the amount of days prior to the forced password change a user is warned.
17897is the number of days from Jan 1, 1970 until account expiry
This file contains a list of all groups on the system.
1 2 3 4 sambashare:x:127:leo
sambashareis the group name.
- Not normally used, but a group password would be here.
127is the group ID.
- Users in the group, separated by commas.
/etc/gshadow would be the group version of
useradd command will create users as well as define their home folder location, set an account expiration date and define the default shell.
- To create a new user and create a home folder, type
useradd leo -m
- To create a new user and have their account expire in one week, type
useradd leo -f 7
- To create a new user and have their account expire on a certain day, type
useradd leo -e 2018-12-31
- Putting it all together would look like
useradd leo -m -e 2019-01-01
passwd command will set the password for yourself when used alone
passwd or of another use when the user is defined
passwd leo. This is typically done as
root or with
sudo. This must be done before the new user can log in.
userdel leo command will remove a user from the system, but leave the files behind. To remove the files as well, use
userdel -r leo
groupadd command will add new groups to the system. Adding the group Sales can be done with
usermod command will make modifications to users like group associations and home directory changes.
- To set a new primary group, type
usermod -g marketing leo
- To set a secondary group, type
usermod -G sales leo
- To add an additional secondary group, type
usermod -a -G warehouse leo
- To change a username and adjust the home folder as well, type
usermod -l nate -m -d /home/nate leo
groups command will show which groups the current user is assigned to. To find out this info about another user, add the username
groups nate. The
id command will show similar information as well as User ID and any Group ID associated with the users or groups.
id nate will show ID information about Nate.