It never hurts to have a quick reference for Linux administration commands, so I wanted to put out some helpful items for user, file, directory, and group management.
Linux Commands for managing users:
- adduser – Command used to add user accounts.
- chage – Used to change the time the user’s password will expire.
- chfn – Change a user’s finger information
- chsh – Change a user’s shell.
- chgrp – Changes the group ownership of files.
- chown – Change the owner of file(s ) to another user.
- gpasswd – Used to administer the /etc/group file.
- groupadd – Create a new group.
- grpconv – Creates /etc/gshadow from the file /etc/group which converts to shadow passwords.
- grpunconv- Uses the files /etc/passwd and /etc/shadow to create /etc/passwd, then deletes /etc/shadow which converts from shadow passwords.
- groupdel – Delete a group
- groupmod – Modify a group
- groups – print the groups a user is in
- grpck – Verify the integrity of group files.
- id – Print group or user ID numbers for the specified user.
- newgrp – Allows a user to log in to a new group.
- newusers – Update and create new users in batch form.
- nologin – Prevent non-root users from logging onto the system.
- passwd – Used to update a user’s password. The command “passwd username” will set the password for the given user.
- pwconv – Used to create the file /etc/shadow from the file /etc/passwd to convert to shadow passwords.
- pwunconv – Uses the files /etc/passwd and /etc/shadow to create /etc/passwd, then deletes /etc/shadow to convert from shadow passwords.
- su – run a shell with substitute user and group IDs
- useradd – Create a new user or update default new user information
- userdel – Delete a user account and their files from the system. The command “userdel -r newuser” will remove the user and deletes their home directory.
- usermod – Modify a user account. Other Useful commands/examples:
find / -user username -ls | Gives a list of all files owned by username. | |
chown -R myuser /home/myuser | Changes ownership of all files in mysuer home directory to myuser. | |
chmod +s filename | Sets the uid |
Files
- /etc/passwd – Where the user’s name, and other pertinent information are stored. This includes the password unless your system is using shadow passwords.
- /etc/shadow – Where the user’s password is stored if you are using shadow passwords.
- /etc/group – Where group names are stored.
- /etc/aliases – Where the user’s name is matched to a nickname for e-mail.
- /etc/sudoers – A list of users with special privileges along with the commands they can execute.
File Formats
Note group ID numbers start at 100 and user ID numbers start at 500. The file /etc/group gives groups
The /etc/passwd file:username:password:uid:gid:gecos:homedir:shell
Gecos contains information about the user, including the real name. Shell is the name and path of the user’s default shell program.
The /etc/group file:
groupname:password:gid:members
If the entry “bigclown:*: mark,george” is in the group file, the users mark and george are members of the bigclown group.
Examples
To add a user, while logged in as root, type “adduser username”.
To set a user password, while logged in as root or the user that will be changed, type “passwd username”. If “passwd” is typed, the password will be changed for the user, you are logged in as.
To remove a user, while logged in as root, type “userdel -r username”. This will remove the user’s home directory. You can delete the user without the “-r” option and delete the user’s home directory manually. If the group the user was in, is no longer needed, you may delete it by editing the “/etc/group” file.The file “/etc/aliases” is where the user’s real name is matched to their user name for e-mail accounts. Add users to this file in the form:
Firstname,Lastname:username
Then update the database by typing “newaliases”.
User Process Accounting
Process accounting is supported by new kernels. To use this feature, you’ll need to get the acct-1.3.73.tar.gz package or later. The package contains some programs used to manage users. The following commands are useful for user accounting:
- ac(1) – Print statistics about users’ connect time.
- accton (8) – Turn on accounting of processes. To turn it on type “accton /var/log/pacct”.
- last(1) – Shows a list of users who have logged in.
- lastb(1) – Shows failed login attempts. This command requires the file /var/log/btmp to exist in order to work. Type “touch /var/log/btmp” to begin logging to this file.
- lastcomm (1) – Display information about previous commands in reverse order. Works only if process accounting is on.
- sa(8) – Generates a summary of information about users’ processes that are stored in the /var/log/pacct file.
- utmpdump(1) – Used for debugging.
- who(1) – Find out what users are logged onto the system.
Files that hold accounting information
- /var/log/wtmp – Stores information about all logins and logouts.
- /var/run/utmp – Stores information about who is currently on the system and is used by the who command.
- /var/log/btmp – Used to store information about failed logins.
The /var/log/wtmp file, contains the following information:
- Type of Login
- Process ID of login process
- The device name of the tty used
- The init ID or abbreviated ttyname
- User Name
- Hostname for remote login
- Exit Status of a process
- The session ID
- The time entry was made
- IP address of remote host
See the man page for wtmp(5) for more information.
The ability to set quotas limits a user’s disk storage by setting:
- The number of inodes the user or group may use.
- The number of disk blocks a user or group may use.
This limits user’s ability to use up all system resources. It only works on ext2 filesystems. Quotas must be set for each filesystem that the user may use. The kernel must have quota support compiled in.
User Quotas
The ability to set quotas limits a user’s disk storage by setting:
- The number of inodes the user or group may use.
- The number of disk blocks a user or group may use.
This limits the user’s ability to use up all system resources. It only works on ext2 filesystems. Quotas must be set for each filesystem that the user may use. The kernel must have quota support compiled in.
Commands used to set quotas and limits are:
- edquota(8) – Used to edit user or group quotas. This program uses the vi editor to edit the quota.user and quota.group files. If the environment variable EDITOR is set to emacs, the emacs editor will be used. Type “export EDITOR=emacs” to set that variable.
- quota(1) – Display users’ limits and current disk usage.
- quotaoff(8) – Turns system quotas off.
- quotaon(8) – Turn system quotas on.
- quotacheck(8) – Used to check a filesystem for usage, and update the quota.user file.
- repquota(8) – Lists a summary of quota information on filesystems.
- ulimit – A bash builtin command for setting the processes a user can run. The command “ulimit -n 9000” will set the limit on open files to 9000.
Files:
- /etc/mtab
- quota.user – Resides on the filesystem quotas are being set on.
- quota.group
Read the Quota mini howto for more information. Here’s roughly what is needed to enable and set quotas:
- In your startup scripts, you should use the quotacheck and quotaon commands to start quota checking at system startup. Read the “How Linux Works” or the “Linux Startup Manual” for more information on startup scripts. This is already setup properly in most current versions of Linux.
- In the /etc/fstab file, add the mount options “usrquota” and “grpquota”. You only need “grpquota” if you are going to set group quotas also. An example entry:
3. /dev/hda2 / ext2 defaults,usrquota,grpquota 1 1
- Issue the following commands, where “fs” is the name of the filesystem where quotas are to be set. The first two commands create the quota files, and the second two commands keep users from accessing those files.
5. touch /fs/quota.user
6. touch /fs/quota.group
7. chmod 600 /fs/quota.user
8. chmod 600 /fs/quota.group
- If you use emacs rather than vi to edit files, type “export EDITOR=emacs”. You may want to add this command to your shell startup script such as $HOME/.bash_profile.
- Type “edquota username” to edit the quota file. You get a screen like this:
11.Quotas for user george:
12./dev/hda2: blocks in use: 10672, limits (soft = 0, hard = 0)
13. inodes in use: 1856, limits (soft = 0, hard = 0)
14./dev/hda3: blocks in use: 0, limits (soft = 0, hard = 0)
15. inodes in use: 0, limits (soft = 0, hard = 0)
Enter the limits you want to set and save the file. The soft limits are those that may be exceeded for limited periods of time, and the hard limits may not be exceeded.