add user
in general there is just one binary /usr/sbin/useradd on all three distros.
# cross distribution Debian8, RedHat(CentOS7), Suse12 useradd -m username; # add user and create hom directory passwd username; # you will have to asign a password for the user straight afterwards # on debian you probably would also want to usermod -s /bin/bash username; # change default-login-shell of username to bash
debian specific:
in debian8 you have “adduser” which is a perlscript written by Guy Maor maor ÄT debian PUNKT org,
Ted Hajek tedhajekÄT boombox PUNKT micro PUNKT umn PUNKT edu, Ian A. Murdock imurdock ÄT gnu PUNKT ai PUNKT mit PUNKT edu, Roland Bauerschmidt rb ÄT debian PUNKT org.
It is interactive… asks you questions.
in centos/redhat: file /usr/sbin/adduser is a symbolic link to useradd.
here is the script: adduser.pl.txt
i guess the major difference between the binary useradd -m and the perl-script adduser is:
under debian are two files defining how users are added and deleted:
/etc/adduser.conf
/etc/deluser.conf
the binary useradd -m command does not read those the perl-script does.
While i think Debian is one of the best Linux distributions out there for the sake of simplification, standardization, unification and less confusion Debian should adopt the Centos/Redhat/Suse approach of adding users.
I don’t see any need for those config files. If you do please report in the comments.
delete remove user: cross distribution
everything that has a beginning also has an end… Neo…
userdel -r AgentSmith; # same as --remove-home - remove user including his/her home directory # one should always remove all not used users userdel -r games userdel -r ftp which userdel; # on all three distros it is a binary /usr/sbin/userdel; # at this location
manpage: userdel.man.txt
deluser perl script: debian only
deluser username; # just the user, not his/her files (/home/username) deluser --remove-home username; # delete user and /home/username
By default, deluser will remove the user without removing the home directory, the mail spool or any other files on the system owned by the user. Removing the home
directory and mail spool can be achieved using the
--remove-home
option.
The
--remove-all-files
option removes all files on the system owned by the user.
If you want to backup all files before deleting them you can activate the
--backup
option which will create a file
username.tar(.gz|.bz2)
in the directory specified by the
--backup-to
option (defaulting to the current working directory).
Both the remove and backup options can also be activated for default in the configuration file /etc/deluser.conf.
See deluser.conf.man.txt for details.
example content: (this file does not exist on suse12 or centos7 per default)
root@Debian8:~# cat /etc/deluser.conf
# /etc/deluser.conf: `deluser' configuration.
# Remove home directory and mail spool when user is removed
REMOVE_HOME = 0
# Remove all files on the system owned by the user to be removed
REMOVE_ALL_FILES = 0
# Backup files before removing them. This options has only an effect if
# REMOVE_HOME or REMOVE_ALL_FILES is set.
BACKUP = 0
# target directory for the backup file
BACKUP_TO = "."
# delete a group even there are still users in this group
ONLY_IF_EMPTY = 0
# exclude these filesystem types when searching for files of a user to backup
EXCLUDE_FSTYPES = "(proc|sysfs|usbfs|devpts|tmpfs|afs)"
add group – create new group – add new group to the system
groupadd GROUP_NAME
delete group
groupdel GROUP_NAME
add user to group
usermod -a -G users user; # add user „user“ to group „users“ usermod -a -G sudo bob; # debian8 adds user bob to group sudo = allowed to run sudo = run processes with root-privileges temporarily usermod -a -G wheel bob; # Suse12 / CentOS7 / RedHat
remove user from group
gpasswd -d user group;
config files involved
list files in sorted for their userids – /etc/passwd
is where all users:accounts:are:stored.
but despite the name – passwords are not stored there – they are in /etc/shadow.
you can get a nicely formatted list in the format: username ……………. UID sorted after UID.
Centos7: cut -d: -f 1,3 /etc/passwd|tr : "\t"|expand -t 25|sort -k2 -n root 0 bin 1 daemon 2 adm 3 lp 4 sync 5 shutdown 6 halt 7 mail 8 operator 11 games 12 ftp 14 named 25 rpc 32 tss 59 tcpdump 72 sshd 74 dbus 81 postfix 89 nobody 99 usbmuxd 113 pulse 171 rtkit 172 abrt 173 systemd-network 192 nm-openvpn 989 nm-openconnect 990 setroubleshoot 991 lightdm 992 openvpn 993 unbound 994 geoclue 995 vnstat 996 chrony 997 polkitd 998 systemd-bus-proxy 999 user 1000 test 1001 #Debian8 cut -d: -f 1,3 /etc/passwd|tr : "\t"|expand -t 25|sort -k2 -n root 0 daemon 1 bin 2 sys 3 sync 4 games 5 man 6 lp 7 mail 8 news 9 uucp 10 proxy 13 www-data 33 backup 34 list 38 irc 39 gnats 41 systemd-timesync 100 systemd-network 101 systemd-resolve 102 systemd-bus-proxy 103 Debian-exim 104 messagebus 105 statd 106 sshd 107 avahi 108 colord 109 geoclue 110 pulse 111 rtkit 112 saned 113 usbmux 114 lightdm 115 ntp 116 user 1000 nobody 65534 #suse12 cut -d: -f 1,3 /etc/passwd|tr : "\t"|expand -t 25|sort -k2 -n root 0 bin 1 daemon 2 lp 4 mail 8 news 9 uucp 10 games 12 man 13 at 25 wwwrun 30 ftp 40 named 44 postfix 51 ntp 74 gdm 483 scard 484 vnc 485 ftpsecure 486 pulse 487 rtkit 488 statd 489 srvGeoClue 490 systemd-bus-proxy 491 systemd-timesync 492 openslp 494 rpc 495 nscd 496 polkitd 497 sshd 498 messagebus 499 user 1000 test 1001 nobody 65534
/etc/shadow
are stored in /etc/shadow only accessible by root:shadow
all lines with leading $6 are sha512 encrypted passwords (plus salt).
if you would like to generate your own passwords should work like: (src)
mkpasswd -m sha-512 # or python -c "import crypt,random,string; print crypt.crypt(raw_input('clear-text password: '), '\$6\$' + ''.join([random.choice(string.ascii_letters + string.digits) for _ in range(16)]))"
userids
on all distros root has UID:0 and UID-Numbering of non-root non-service user-accounts start at 1000.
With GUID (GroupID) SUSE12 starts numbering from 100 on, while CentOS/Debian start with 1000.
UIDs might be re-asigned to different users – if users are deleted and new users are added – passing on file-ownership.
test@debian:~$ id uid=1001(test) gid=1001(test) groups=1001(test) [test@centos ~]$ id uid=1001(test) gid=1001(test) Gruppen=1001(test) Kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 test@suse:~> id uid=1001(test) gid=100(users) Gruppen=100(users)
lock/disable/enable/suspend accounts
To lock a user account:
-
passwd -l USERNAME
-
usermod -L USERNAME
To unlock a user account:
-
passwd -u USERNAME
-
usermod -U USERNAME
technically this will alter the line corresponding to the user in /etc/shadow
and append a ! in front of the user’s password which means – account disabled – can not login.
root@Debian8:# cat /etc/shadow|grep user user:$6$g5qLocG5$ty6.toNgHs1kfpn02qnnFY2rYTdJVNYn04yKm5ubal8l17knrF9xPhCit/gDvdWdv3WQNbqO1MchHwkej1XXr1:17280:0:99999:7::: root@Debian8:# passwd -l user passwd: password expiry information changed. root@Debian8:# cat /etc/shadow|grep user user:!$6$g5qLocG5$ty6.toNgHs1kfpn02qnnFY2rYTdJVNYn04yKm5ubal8l17knrF9xPhCit/gDvdWdv3WQNbqO1MchHwkej1XXr1:17280:0:99999:7:::
expire account or password:
you can time account and password validity with:
chage -l bob Last password change : Jun 01, 2017 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : -1 Maximum number of days between password change : -1 Number of days of warning before password expires : -1 chage bob Changing the aging information for maria Enter the new value, or press ENTER for the default Minimum Password Age [0]: Maximum Password Age [99999]: Last Password Change (YYYY-MM-DD) [2017-05-11]: Password Expiration Warning [7]: Password Inactive [-1]: Account Expiration Date (YYYY-MM-DD) [-1]:
Links:
massively cool article and video: https://www.theurbanpenguin.com/107-1-manage-user-and-group-accounts-and-related-system-files/
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!