Updated: 2013-03-16 02:59 EDT
/etc/passwd
and /etc/shadow
useradd
- add a user accountuserdel
- remove a user accountusermod
- modify userid info, e.g. userid, UID, GID, etc.chsh
- change shellpasswd
- change passwordsu
- start a subshell: log in as a new useridsudo
- execute a single command as another userid/etc/group
and /etc/gshadow
groupadd
- create a new groupgroupdel
- delete a groupgroupmod
- modify group name, GID, passwordgpasswd
- manage groups: set group administrator, add/delete membersgroups
- display all groupsid
- display user UID and group GID and groupsnewgrp
- start a subshell: log in to a new group with a password/etc/passwd
Index/etc
directory is where “Host-Specific Configuration” files are stored/etc/passwd
IndexWhen a user is created on the system, the following information is stored in seven colon-separated fields in /etc/passwd
:
username:x:UID:GID:comment:home_directory:login_shell
1 2 3 4 5 6 7
root:x:0:0:Super User:/root:/bin/bash
idallen:x:500:500:Ian! D. Allen:/home/idallen:/bin/bash
/etc/shadow
)/home/$USER
/etc/passwd
/etc/shadow
, accessible only by root/etc/shadow
Index/etc/passwd
is replaced by an “x” and the user’s real encrypted password is stored in /etc/shadow
./etc/shadow
is only readable by the root user, so even the encrypted password is hidden and can’t be used in a password-cracking program/etc/shadow
contains the user’s login userid, their encrypted password, and fields relating to password expiration.!
means the password (and thus account) is locked*
indicates the account has been disableduseradd
Indexuserdel
Indexusermod
Index/etc/passwd
; it does not actually move the directory unless you also give “-m”.
-d
option must be followed by the new home directory name-m
option in between the -d
and the home directory-d
without using -m
, you can’t do the command a second time with -m
- it will say “nothing changed”. You have to put things back the way they were by using -d
(without -m
) to undo the change you made, then use -d
with -m
to redo the change.chsh
Index/etc/passwd
- does not affect current shellpasswd
Index/etc/passwd
(or /etc/shadow
)/etc/group
Index/etc/group
and /etc/gshadow
/etc/group
file./etc/group
IndexWhen a group is created on the system, the following information is stored in four colon-separated fields in /etc/group
:
groupname:x:GID:userid1,userid2,userid3
1 2 3 4
root:x:0:
cdrom:x:500:idallen,alleni
/etc/gshadow
)/etc/group
/etc/gshadow
, accessible only by root/etc/gshadow
Index/etc/group
is replaced by an “x” and the user’s real encrypted password is stored in /etc/gshadow
./etc/gshadow
is only readable by the root user, so even the encrypted password is hidden and can’t be used in a password-cracking program/etc/gshadow
contains the group name, the group encrypted password, an optional list of Group Administrators, and an optional list of Group Members (which should be the same in /etc/group
)!
means the group password is locked*
indicates the group cannot be logged into by non-membersgroupadd, groupdel, groupmod, gpasswd, group, id, newgrp
Indexgroupadd
- create a new group in /etc/group
groupdel
- remove a group from /etc/group
groupmod
- modify the name or GID of a group in /etc/group
gpasswd
- administer the /etc/group
and /etc/gshadow
files
group
- list all the groups a user belongs toid
- more detailed version of “groups” showing numeric valuesnewgrp
- (rarely used) use the group password to start a new shell with additional group privilegessu --login
-
or --login
option (options must be surrounded by spaces) means use a full login shell that clears the environment, sets groups and goes to the user’s home directory as if the user had just logged in.[idallen@localhost]$ whoami
idallen
[idallen@localhost]$ su
password: XXX
[root@localhost]# whoami
root
[root@localhost]# exit
[idallen@localhost]$
[idallen@localhost]$ whoami
idallen
sudo passwd idallen
/etc/sudoers
with the list of who can do what
[idallen@localhost]$ whoami
idallen
[idallen@localhost]$ sudo passwd alleni
[sudo] password for idallen: XXXXXXXXXX
Changing password for user alleni.
New password: XXX
Retype new password: XXX
passwd: all authentication tokens updated successfully.
[idallen@localhost]$ whoami
idallen
[idallen@localhost]$