MANAGE USERS AND GROUPS IN REDHAT


MANAGE USERS AND GROUPS

id            -              gives the info about the user u logged in.
+++++++++++++++++
uid=0(root) gid=0(root) groups=0(root)
++++++++++++++++
Root user always having user id 0
1-200 user id – system users for specific redhat process’s /for redhat file owned process’s.
201-999 - system users for specific redhat process’s but they won’t files on the system.
Ex: apache (/usr/sbin/nologin)
From 1000 : id’s will be assigned when we create new user accounts.
You can see users in /etc/passwd
neelu:x:1001:1001::/home/neelu:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin  ##user can’t ssh because /sbin/nologin
<user_name>:<pwd linked to some where /etc/shadow>:uid:gid:<arbitrary field,user defined>:<home_dire>:<shell to use>
Each user exactly have 1 primary group. Whenever user created in the system primary group is same as user name by default.
Whenever user creates a new file/directory, group owner of that file/dir is that the primary group of that user.
User belongs to supplementary groups.
To see groups
                groups  <root> <username>
                cat /etc/group
                +++++++++++++++++++++++
                [root@cloudpro2 home]# groups test
test : test
[root@cloudpro2 home]# groups root
root : root
+++++++++++++++++++++++
Password file located in /etc/shadow. it includes password hash(encrypted password) for each user.
Create a new user
                useradd <flags> <username>
to check different flags usage
                useradd –help
                man useradd
                info useradd
for ex: useradd –M neelu
it doesn’t create user home directory still user can ssh because he has permissions for /bin/bash
FILES (default ones)
       /etc/passwd
           User account information.

       /etc/shadow
           Secure user account information.

       /etc/group
           Group account information.

       /etc/gshadow
           Secure group account information.

       /etc/default/useradd
           Default values for account creation.

       /etc/skel/
           Directory containing default files (for all users those are newly created).

       /etc/login.defs
           Shadow password suite configuration.


In users home directory there are specific bash configurations.
.  ..  .bash_history  .bash_logout  .bash_profile  .bashrc  instruct( file in /etc/skel –common for every newly user created)
To create/update password for user
                passwd  <user_name>
password hashes are changed when you are changing passwords for users and  When you lock user then !<password hash> will be created in /etc/shadow file.
To modify user / certain things like chage primary group(g), add/append user to supplementary groups(G,a (a has to be used with G)), lock/unlock user(L,U), add commants/arbitrary fields(c), change home directory(d) etc..
                usermod <flags mentioned above>  <specify value/path/string etc>  <user>
usermod -aG sg0 neelu
some useful commands
                userdel                 it does not remove home directory
                userdel –r <username>                                removes home directory
                groupdel
for help
                userdel –help
                groupdel –help
                info groupdel     which also displays the associated files


Comments

Post a Comment

Popular posts from this blog

zabbix-introduction

Image
Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistics, as well as configuration parameters, are accessed through a web-based frontend. A web-based frontend ensures that the status of your network and the health of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organisations with a few servers and for large companies with a multitude of servers. Zabbix i...
Read more

Power Broker

Every server running in your IT environment needs an account, and every account requires privileges. Many organizations take inadequate steps in managing privileged accounts – leaving them vulnerable to attack and opening the door to potentially devastating data breaches. Today, most breaches start with people installing something they shouldn’t, connecting to somewhere they shouldn’t, or accessing data they shouldn’t. What does all of this have in common? Privilege misuse and abuse. When users need elevated privileges on a Unix or Linux server, security admins often turn to free tools like Super User Do, or Sudo (“soo-doo”). Sudo enables privileged access without exposing the root password. But it has flaws. Like limited granularity, lack of data integrity and no log security. Its policies typically need to be managed on each server, making it hard to lock down and prone to tampering. With this ad-hoc tool, it’s virtually impossible to maintain security and compliance...
Read more