Showing posts with label User Administration. Show all posts
Showing posts with label User Administration. Show all posts
Pawan Sharma | July 16, 2012 | Be the first to comment!

Chage command for password ageing policy

In this post we will learn how to manage users password aging using chage command. Chage command is very useful for user management and password policy. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

To change user's password aging use command "chage user_name"

1. To list user  account aging information.


# chage -l transfer_user
Last password change                                                                   : Jun 22, 2012
Password expires                                                                           : Aug 21, 2012
Password inactive                                                                          : never
Account expires                                                                              : never
Minimum number of days between password change           : 7
Maximum number of days between password change          : 60
Number of days of warning before password expires             : 7

 2. To force user to change password after first login do


# chage -d0 transfer_user
# chage -l transfer_user
Last password change                                     : password must be changed
Password expires                                            : password must be changed
Password inactive                                           : password must be changed
Account expires                                              : never
Minimum number of days between password change   : 7
Maximum number of days between password change   : 60
Number of days of warning before password expires      : 7

3. To change Account Expiration date: Set the date or number of days since January 1, 1970 on which the user´s account will no longer be accessible.


# chage -E 2012-09-01 transfer_user
# chage -l transfer_user
Last password change                                 : Jun 22, 2012
Password expires                                        : Aug 21, 2012
Password inactive                                       : never
Account expires                                         : Sep 01, 2012
Minimum number of days between password change      : 7
Maximum number of days between password change     : 60
Number of days of warning before password expires       : 7

4. To change password inactive field: Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity.


# chage -I 5 transfer_user
# chage -l transfer_user
Last password change                                    : Jun 22, 2012
Password expires                                        : Aug 21, 2012
Password inactive                                       : Aug 26, 2012
Account expires                                         : Sep 01, 2012
Minimum number of days between password change          : 7
Maximum number of days between password change          : 60
Number of days of warning before password expires       : 7

There are other options we can use with chage commang:
  -m: Set the minimum number of days between password changes to MIN_DAYS.

  -M: Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change his/her password before being able to use his/her account.

  -W: Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire.

If you have any doubts regarding user administration please comment.
No comments:
Pawan Sharma | July 15, 2012 | Be the first to comment!

Usermod for modifying user attributes

In day to day system administration, many times we work with users and group and have to change user attributes like, to change user's home directory, inactive password, change group or add supplementary group, lock or unlock user's password etc.

In Redhat Enterprise Linux 6 changing user's attributes can be done with "usermod" command. Usermod command can be helpful for system administration as well as in RHCSA exam, as user administration is one of RHCSA/RHCE exam. In this post we will discuss about usermod command to modify different user attributes.

1. To add user to a supplementary group use usermod -a command


# usermod –a group3 user1

2. To change users GECOS/comment field  use usermod -c


# usermod –c “User for transfer files” transfer_user
# cat /etc/passwd |grep transfer_user
transfer_user:x:502:502:User for transfer files:/home/transfer_user:/bin/bash
 we can also use chfn command to change finger information.

3. To change user's home directory


# usermod –d /transhome transfer_user
# cat /etc/passwd |grep transfer_user
transfer_user:x:502:502:User for transfer files:/transhome:/bin/bash
 use -m option to copy all files from old home directory to new home directory.

4. To change user's primary group


# id transfer_user
uid=502(transfer_user) gid=502(transfer_user) groups=502(transfer_user)
# groupadd file_transfer
# usermod -g file_transfer transfer_user
# id transfer_user
uid=502(transfer_user) gid=503(file_transfer) groups=503(file_transfer)
 The group must exist.

5. To add a supplementary group.
 

# usermod -G transfer_user transfer_user
# id transfer_user
uid=502(transfer_user) gid=503(file_transfer) groups=503(file_transfer), 502(transfer_user)

6. Lock or unlock a user's password.


# passwd -l transfer_user
Locking password for user transfer_user.
passwd: Success
# passwd -u transfer_user
Unlocking password for user transfer_user.
passwd: Success

Usermod command is very useful for system administrators to manage users and groups.
You can find some of above mentioned commands very useful in RHCSA and RHCE exams.

If you are preparing for the Certification exams, try to read man pages for commands, make it your habit so you can learn more easy ways to do tasks in examination and try to concentrate on command based administration.
No comments:
Pawan Sharma | May 31, 2012 | Be the first to comment!

/etc/skell (USER ADMINISTRATION)

In Redhat Enterprise Linux 6  (RHEL 6), when a user is created it have its own home directory. In user's home directory there are some hidden files like .bash_profile, .bashrc, etc. These hidden files automatically created in user's home directory when useradd add command is used to create a user.

There is a directory, in RHEL, /etc/skel which serves as a skeleton for user's home directory, Whenever a user is created all files in /etc/skell are copied in user's home directory. Mainly this directory contains below mentioned files:


.bash_logout
.bash_profile
.bashrc


/etc/skel directory can be used to set default properties for user, also to give all users a set of required file. This can be useful for a system administrator to give default files to every new user which he/she creates using useradd command . If you put some file in /etc/skel directory, these files will be automatically copied to home directory of a user when you create a new user.


Please comment if you have any doubts about User Administration in Linux or any questions related to RHCSA and RHCE exams....
No comments:
Pawan Sharma | May 30, 2012 | 8 Comments so far

/etc/default/useradd (USER ADMINISTRATION)

User administration in Redhat Enterprise Linux (RHEL 6) is quiet interesting. When a user is created, different properties related to user are implemented, and these default user properties are stored in different files. User properties like, where user's home directory is to be created, what should be the user's shell, etc are taken from a file "user/default/useradd".

When useradd command executed, it takes some of user property values form a file called /user/default/useradd from where it gets the following values:


GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

Description : -

1. GROUP: Maximum number of groups for which a user can be a member of.

2. HOME : Directory where the user's home directory will be created.

3. INACTIVE: Number of days the account should be inactive after creation.

   Note: "-1" means never inactive i.e. always active

4. EXPIRE: Date on which the account should expire. It is given in the form YYYY-MM-DD.

5. SHELL: Default login shell for the user.

6. SKEL: Directory from where the default user profile files will be copied to the user's home directory.

7. CREATE_MAIL_SPOOL: This option ensures that a new user will have a directory of its user name in /var/main where the mail process can store mail messages. 

By editing this file from command line, you can change the default shell and directory containing home directories for new users on Linux Operating System.
8 comments:
Pawan Sharma | May 27, 2012 | Be the first to comment!

Understanding /etc/login.defs

User administration is, I think, the basic but most important part of any system administrator's job. In production environment we have to do some security hardening related with user and groups. In Redhat Enterprise Linux 6 (RHEL6) we have a file called /etc/login.defs which have default password policy for users. Some times we have to change the password policy according to the organization's user policy, like minimum password length, password expiration period, etc.

We can apply password policy through graphical user administration tool, but I would suggest to use command line tool to change password policy. To change password policy through command line in Linux, we just have to edit /etc/login.defs file. Only root user can edit this file.

When useradd command used a user is created and then useradd binary now proceeds with the process of user creation and goes to the /etc/login.defs file to get following values from the file :


MAIL_DIR        /var/spool/mail

PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7

UID_MIN           500
UID_MAX         60000

GID_MIN           500
GID_MAX         60000

CREATE_HOME     yes

Description : -
-----------
 1. MAIL_DIR: Directory where the user's mail will be stored.

 2. PASS_MAX_DAYS: Maximum number of days for the validity of a password.

 3. PASS_MIN_DAYS: Minimum number of days gap before a password can be changed again.

 4. PASS_MIN_LEN: Minimum required length of a password.

 5. PASS_WARN_AGE: Warning for password expiry to be given before the stipulated number of    days.

 6. UID_MIN: Minimim value for automatic user id selection.

 7. UID_MAX: Maximum value for automatic user id selection.

 8. GID_MIN: Minimum value for automatic group id selection.

 9. GID_MAX: Maximum value for automatic group id selection.

10. CREATE_HOME: Whether useradd should create home directories for users .

If we change these values in /etc/login.defs file, when new user is created, the user will hold the new values.


No comments:
Pawan Sharma | May 23, 2012 | Be the first to comment!

User Administration and /etc/gshadow

In Redhat Enterprise Linux /etc/gshadow is one of the file is rarely heard by users even system administrators. To learn Linux we have to know all command line tools and important files. In this post we will discuss about /etc/gshadow file.

/etc/gshadow is the goup shadow file and contains the following four fields-:

1. Group Name

2. Contains the encrypted group password of the text password which was specified using gpasswd command

    If the file /etc/gshadow is deleted , then this encryped password is moved to second field of /etc/group.

    If no password is given to group, then a '!' is displayed in the file.

3. Contains list of the group administrators names.By default it is blank i.e. only user having same name as,group name is first group administrator.

4. Contains list of group members names.Blank by default.


No comments:
Pawan Sharma | May 22, 2012 | Be the first to comment!

Understanding /etc/group

In this post we will discuss about an important file /etc/group. To pass Redhat Certified System Administration(RHCSA) exam we need to know all important files related to user administration. In /etc/group file we can find group related all user groups in Linux operating system. 

When a user is added , a user private group is created and the corresponding entry is put in /etc/group. /etc/group contains 4 fields and are
explained below

1. GROUP NAME: which is the same as USER_NAME which is specified with the useradd command.

2. GROUP PASSWORD: Group Password can be given using the command gpasswd .

   For eg:     gpasswd pawan
                   Changing the password for group pawan
                   New Password:
                   Re-enter new password:

3. GID -> Group ID which is the same as UID.

4. The last field discribe ther members of the group except the user which is already a member of the group .

   A user is added to a group using the follwing command -:

   usermod -G GROUP_NAME USER_NAME

   For eg:  usermod -G pawan major_group

   A Group can also be created using the command groupadd

   For eg:  groupadd major_group

   An entry for the "major_group" group will be placed in the file /etc/group.

If we want to give same permissions to few users, we can make them member of a group. By making some users member of a group we can give permission to that group and all users in that group will get that permission. We can also set Access Control Lists (ACL) on group.

No comments:
Pawan Sharma | May 21, 2012 | | Be the first to comment!

User Administration in Linux

User administration is the most important part of Linux system administration. It is one of the most important objective of RHCSA and RHCE certification exam. In Linux Users and Groups can be administered using user/group administration GUI tool, also users can be created through command line as well in Redhat Enterprise Linux. But I will suggest you to use command line user administration commands as much as possible because in production environment GUI won’t be provided. Many people who are learning Linux don’t know all features of user administration commands and related files. In the next few posts we will discuss all about the user administration and features.

There are three types of users in Linux.

1. Superuser: At the time of Linux installation it is create. Root user has right to make other users & his “userid” & “groupid” is zero in “/etc/passwd” file.
2. Systemuser: These users create by System. They can't login because their shell ‘sbin/noloin’ is default in seventh field in `/etc/passwd' file.
3. Normaluser: These users create by superuser.

To add a user from command line we need to use a command useradd/adduser:
user and group in Red hat enterprice linuxFor example “useradd pawan”.

adduser is not a binary but it is a symlink to the old unix command useradd which is present in /usr/sbin directory and this command can only be executed by root. In total, 69 things happen when a command useradd is given, we will discuss all.

When useradd command executed, the information of useradd store in two main configuration files ‘passwd’ & ‘group’ these are related with other configuration files.

Configuration files

|----/etc/passwd
|
|----/etc/group
|
|----/etc/shadow
|
|----/etc/gshadow
|
|----/etc/login.defs
|
|----/etc/default/useradd
|
|----/etc/skel

We will discuss about all these files in details in next post.

No comments:
Pawan Sharma | September 5, 2011 | | Be the first to comment!

Managing User and Group in RHEL 6

     To create a user in RHEL 6 we can use commands as well as graphical user administration tools. It is advisable to use command line as much as possible because it is faster and in real business environment you have to use ssh to remotely take control to administer the system.

  • To create a user run command:
    • useradd user_name
  • To define a password for the user:
    • passwd user_name
  • Create a user with specific UID:
    • useradd -u 802 user_name
      • The above command will create a user with UID 802.
  • To create a group run command:
    • groupadd group_name
  • To delete a user run command:
    • userdel user_name
      • The above command will delete the user but it will not delete the home directory of user. To delete the home directory as well as the files contained in it run following command"
      • userdel -r user_name

User and Group Administration
Given below are some sample questions about user and group administration:

Q1. Create a user rambo and make it a member of group student.
Ans. useradd -G student rambo.
        To see the results view /etc/passwd and /etc /group files.
Q2. Create a user sheela with UID 566 and assign it no interactive shell.
Ans. useradd -s /bin/false sheela
        The above command will add a user sheela, and give it non interactive shell.
Q3. Make the user munni to expire on date 17-09-2011.
Ans. chage -E 2011-09-17 munni
        The above command will make the account of user munni unavailable from 17-09-2011
Q4. User pandeyg have to change password at the time of next login.
Ans. chage -d 0 pandeyg
        The above command will force user to change password when the user tries to login.

No comments:
Subscribe to: Posts (Atom)