MANAGE USERS AND GROUPS IN REDHAT


MANAGE USERS AND GROUPS

id            -              gives the info about the user u logged in.
+++++++++++++++++
uid=0(root) gid=0(root) groups=0(root)
++++++++++++++++
Root user always having user id 0
1-200 user id – system users for specific redhat process’s /for redhat file owned process’s.
201-999 - system users for specific redhat process’s but they won’t files on the system.
Ex: apache (/usr/sbin/nologin)
From 1000 : id’s will be assigned when we create new user accounts.
You can see users in /etc/passwd
neelu:x:1001:1001::/home/neelu:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin  ##user can’t ssh because /sbin/nologin
<user_name>:<pwd linked to some where /etc/shadow>:uid:gid:<arbitrary field,user defined>:<home_dire>:<shell to use>
Each user exactly have 1 primary group. Whenever user created in the system primary group is same as user name by default.
Whenever user creates a new file/directory, group owner of that file/dir is that the primary group of that user.
User belongs to supplementary groups.
To see groups
                groups  <root> <username>
                cat /etc/group
                +++++++++++++++++++++++
                [root@cloudpro2 home]# groups test
test : test
[root@cloudpro2 home]# groups root
root : root
+++++++++++++++++++++++
Password file located in /etc/shadow. it includes password hash(encrypted password) for each user.
Create a new user
                useradd <flags> <username>
to check different flags usage
                useradd –help
                man useradd
                info useradd
for ex: useradd –M neelu
it doesn’t create user home directory still user can ssh because he has permissions for /bin/bash
FILES (default ones)
       /etc/passwd
           User account information.

       /etc/shadow
           Secure user account information.

       /etc/group
           Group account information.

       /etc/gshadow
           Secure group account information.

       /etc/default/useradd
           Default values for account creation.

       /etc/skel/
           Directory containing default files (for all users those are newly created).

       /etc/login.defs
           Shadow password suite configuration.


In users home directory there are specific bash configurations.
.  ..  .bash_history  .bash_logout  .bash_profile  .bashrc  instruct( file in /etc/skel –common for every newly user created)
To create/update password for user
                passwd  <user_name>
password hashes are changed when you are changing passwords for users and  When you lock user then !<password hash> will be created in /etc/shadow file.
To modify user / certain things like chage primary group(g), add/append user to supplementary groups(G,a (a has to be used with G)), lock/unlock user(L,U), add commants/arbitrary fields(c), change home directory(d) etc..
                usermod <flags mentioned above>  <specify value/path/string etc>  <user>
usermod -aG sg0 neelu
some useful commands
                userdel                 it does not remove home directory
                userdel –r <username>                                removes home directory
                groupdel
for help
                userdel –help
                groupdel –help
                info groupdel     which also displays the associated files


Comments

Post a Comment

Popular posts from this blog

DOMAIN AND SSL

virtual host configuration in Linux: 1. Buy a domain from godaddy etc. 2. Must have server to host this domain with static IP. 3. After buying this domain update dns records/name server in go daddy(name server of your service provider where you buy a server) 4.Now create zone for your domain to update records A etc in name server of your service provider where you buy a server and this name server is managed by sp so you need to ask them to update. Note: There can be two different name servers for zones (DNS-forward, RDNS-reverse) 5.Now as usual install package httpd,apache,ngnix,tomcat (different webservers) in the server. 6.for ex , for http go to virtual host conf file and add this domain(check online for more info) SSL configuration in Linux: 1.Generate csr and private key to ssl provider 2.They give crt file,bundle file once you purchase 3.Before step 4 you should have crt file  which is saved domain.crt(mycloud.com.crt),bundle file and key 4.Now in the server ...
Read more

Power Broker

Every server running in your IT environment needs an account, and every account requires privileges. Many organizations take inadequate steps in managing privileged accounts – leaving them vulnerable to attack and opening the door to potentially devastating data breaches. Today, most breaches start with people installing something they shouldn’t, connecting to somewhere they shouldn’t, or accessing data they shouldn’t. What does all of this have in common? Privilege misuse and abuse. When users need elevated privileges on a Unix or Linux server, security admins often turn to free tools like Super User Do, or Sudo (“soo-doo”). Sudo enables privileged access without exposing the root password. But it has flaws. Like limited granularity, lack of data integrity and no log security. Its policies typically need to be managed on each server, making it hard to lock down and prone to tampering. With this ad-hoc tool, it’s virtually impossible to maintain security and compliance...
Read more

variables in shell scripting

variables in shell scripting: Shell variables are created once they are assigned a value. A variable can contain a number, a character or a string of characters. Variable name is case sensitive and can consist of a combination of letters and the underscore "_". Value assignment is done using the "=" sign. Note that no space permitted on either side of = sign when initializing variables. EX: PRICE_PER_APPLE = 5 MyFirstLetters = ABC greeting = 'Hello world!'   1. A backslash "\" is used to escape special character meaning   EX: PRICE_PER_APPLE = 5 echo "The price of an Apple today is: \ $HK $PRICE_PER_APPLE " o/p: The price of an Apple today is: $HK 5     2. Encapsulating the variable name with ${} is used to avoid ambiguity   EX: MyFirstLetters = ABC echo "The first 10 letters in the alphabet are: ${MyFirstLetters} DEFGHIJ" o/p: The first 10 letters in the alphabet are: ABCDEFGHIJ   3. Encap...
Read more