6.15 Management of user accounts and files permissions

useradd user_name

passwd user_name

(as root) Create a new account (you must be root). E.g., useradd barbara Don't forget to set up the password for the new user in the next step. The user home directory (which is created) is /home/user_name. You may also use an equivalent command adduser user_name.

ls -l /home/peter

useradd peter -u 503 -g 503

(as root). Create an account to match an existing directory (perhaps from previous installation). If the user ID and the group ID (shown for each file) were both 503, I create an account with a matching user name, the user ID (UID) and the group ID (GID). This avoids the mess with changing the ownership of user files after a system upgrade.

userdel user_name

Remove an account (you must be a root). The user's home directory and the undelivered mail must be dealt with separately (manually because you have to decide what to do with the files). There is also groupdel to delete groups.

groupadd group_name

(as root) Create a new group on your system. Non-essential on a home machine, but can be very handy even on a home machine with a small number of users.

For example, I could create a group "friends", using

groupadd friends

then edit the file /etc/group, and add my login name and the names of my friends to the line that lists the group, so that the final line might look like this:

friends:x:502:stan,pete,marie

Then, I can change the permissions on a selected file so that the file belongs to me AND the group "friends".

chgrp friends my_file

Thus, the listed members of this group have special access to these files that the rest of the world might not have, for example read and write permission:

chmod g=rw,o= my_file

The alternative would be go give write permission to everybody, which is definitely unsafe even on a home computer.

groups

List the groups to which the current user belongs. Or I could use groups john to find to which groups the user john belongs.

usermod

groupmod

(as root) Two command-line utilities to modify user accounts and groups without manual editing of the files /etc/passwd /etc/shadow /etc/group and /etc/gshadow. Normally non-essential.

userconf

(as root) Menu-driven user configuration tools (password policy, group modification, adding users, etc). Part of linuxconf package, but can be run separately.

passwd

Change the password on your current account. If you are root, you can change the password for any user using: passwd user_name

chfn

(="change full name"). Change the information about you (full name, office number, phone number, etc). This information is displayed when the finger command is run on your login_name.

chage -M 100 login_name

(= "change age"). Set the password expiry to 100 days for the user named login_name .

quota username

setquota username

quotaon /dev/hda

quotaoff /dev/hda

quotastats

A set of commands to manage user disk quotas. Normally not used on a home computer. "Disk quota" means per-user limits on the usage of disk space. The commands (respectively) display the user quota, set the user quota, turn the quota system on the for a given filesystem (/dev/hda in the above example), turn the quota system off, display quota statistics. "Typical" Linux distros I have seen set on default: no limits for all users, and the quota system is off on all filesystems.

kuser

(as root, in X terminal) Manage users and groups using a GUI. Nice and probably covering most of what you may normally need to manage user accounts.

chmod perm filename

(=change mode) Change the file access permission for the files you own (unless you are root in which case you can change any file). You can make a file accessible in three modes: read (r), write (w), execute (x) to three classes of users: owner (u), members of the group which owns the file (g), others on the system (o). Check the current access permissions using:

ls -l filename

If the file is accessible to all users in all modes it will show:

rwxrwxrwx

The first triplet shows the file permission for the owner of the file, the second for the group that owns the file, and the third for others ("the rest of the world"). A "no" permission is shown as "-".

When setting permissions, these symbols are used: "u"(=user or owner of the file), "g"(=group that owns the file), "o"(=others), "a" (=all, i.e., owner, group and others), "="(=set the permission to), "+"(=add the permission), "-"(=take away the permission), "r"(=permission to read the file), "w"=(write permission, meaning the permission to modify the file), "x"(=permission to execute the file).

For example, this command will add the permission to read the file junk to all (=user+group+others):

chmod a+r junk

This command will remove the permission to execute the file junk from others:

chmod o-x junk

Also try here(lnag_basics.html#file_permissions) for more info.

You can set the default file permissions for the new files that you create using the command umask (see man umask).

chown new_ownername filename

chgrp new_groupname filename

Change the file owner and group. You should use these two commands after you copy a file for use by somebody else. Only the owner of a file can delete it.

lsattr files

List attributes for the file(s). Not very often used because the most interesting attributes are still not implemented. The attributes can be changed using the chattr command. The attributes are: A (=don't update a time when the file is modified), S (=synchronous updates), a (=append only possible to this file), c (=file compressed on the kernel level, not implemented yet), i (=immutable file), d (=no dump), s (=secure deletion), and u (undeletable, not implemented yet). An interesting usage may be to make a file undeletable even by root (until s/he clears the attribute).


sudo /sbin/shutdown -h now

(as a regular user, I will be prompted for my user password) Run the command "shutdown" (or another command which you have been given permission to run by your system administrator). With sudo, the administrator can give selected users the rights to run selected commands, without handing out the root password. The file /etc/sudoers must be configured to contain something like:

my_login_name my_host_computer_name = /sbin/shutdown


pwck

grpck

(as root, two commands). Verify the integrity of the password and group files.

pwconv

grpconv

(as root) Unlikely you need these commands. They convert old-style password and group files to create the more-secure "shadow" files.



UNIXguide.net
Suggest a Site