Unix / Linux User Management Quick Reference
Posted by Brian Clifton
Written February 19, 2009 at 20:47
Written February 19, 2009 at 20:47
On Linux you can add a user with the useradd utility:
If the user already exists, edit the group or password hash using usermod:
If you need to grant sudo privilege to only the user, you can add them using:
The actual password hashes are stored in /etc/shadow file. This file is only readable by root. It is delimited by colons and has the following information:
1) Login name
2) Encrypted password
3) Date when password was last changed (days since Jan 1, 1970)
4) Minimum number of days required between password changes
5) Maximum number of days the password is valid
6) Number of days before password expires that user is warned about password change
7) Number of days after password expires that account is disabled
8) An absolute date when the login may no longer be used (days since Jan 1, 1970)
If the password field is surrounded with *, the user account is locked.
If the password field is surrounded with !, the user's password has expired.
The /etc/passwd file also contains user account information. This file is also delimited by colons and has the following information:
1) Login Name
2) Password (x means encrypted password is stored in /etc/shadow)
3) User ID
4) Group ID (stored in /etc/group file)
5) Comment
6) Home directory
7) Command/shell (e.g. /bin/bash)
The /etc/group file contains user group information. Like the other two files it is colon delimited. This file contains the following information:
1) Group Name
2) Password (usually blank, not commonly used)
3) Group ID
4) Comma seperated list of user logins that comprise this group
This information was put together using man pages and these articles:
http://www.cyberciti.biz/faq/understanding-etcshadow-file/
http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
http://www.cyberciti.biz/faq/understanding-etcgroup-file/
/usr/sbin/useradd -p 'hash' -G GroupNameHere UserNameHere
If the user already exists, edit the group or password hash using usermod:
/usr/sbin/usermod -p 'hash' -G GroupNameHere UserNameHere
If you need to grant sudo privilege to only the user, you can add them using:
/usr/sbin/visudo
The actual password hashes are stored in /etc/shadow file. This file is only readable by root. It is delimited by colons and has the following information:
1) Login name
2) Encrypted password
3) Date when password was last changed (days since Jan 1, 1970)
4) Minimum number of days required between password changes
5) Maximum number of days the password is valid
6) Number of days before password expires that user is warned about password change
7) Number of days after password expires that account is disabled
8) An absolute date when the login may no longer be used (days since Jan 1, 1970)
If the password field is surrounded with *, the user account is locked.
If the password field is surrounded with !, the user's password has expired.
The /etc/passwd file also contains user account information. This file is also delimited by colons and has the following information:
1) Login Name
2) Password (x means encrypted password is stored in /etc/shadow)
3) User ID
4) Group ID (stored in /etc/group file)
5) Comment
6) Home directory
7) Command/shell (e.g. /bin/bash)
The /etc/group file contains user group information. Like the other two files it is colon delimited. This file contains the following information:
1) Group Name
2) Password (usually blank, not commonly used)
3) Group ID
4) Comma seperated list of user logins that comprise this group
This information was put together using man pages and these articles:
http://www.cyberciti.biz/faq/understanding-etcshadow-file/
http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
http://www.cyberciti.biz/faq/understanding-etcgroup-file/