Module 2 User Management and Group Management
Module 2 User Management and Group Management
Module 2 User Management and Group Management
Answer: To create a new user in Linux, you can use the useradd command followed by the username.
For example, to create a user named "john", you would use the command: useradd john.
Answer: The /etc/passwd file in Linux stores user account information. It contains details such as
usernames, user IDs, group IDs, home directories, and default shell. However, the passwords are not
stored in this file, but in the /etc/shadow file instead.
Answer: You can use the passwd command to set or change the password for a user in Linux. For
example, to set the password for the user "john", you would use the command: passwd john. You will be
prompted to enter the new password.
Answer: The userdel command is used to delete a user account in Linux. When you run userdel followed
by the username, it removes the user from the system, deletes the user's home directory (if specified),
and removes the user's mail spool (if present)
Answer: You can use the usermod command to add a user to a group in Linux. The syntax is usermod -
aG groupname username. For example, to add the user "john" to the "developers" group, you would use
the command: usermod -aG developers john.
Answer: You can use the cut and sort commands in combination with the /etc/passwd file to list all users
in Linux. The command cut -d: -f1 /etc/passwd | sort will display a sorted list of all usernames.
Answer: To lock or unlock a user account in Linux, you can use the passwd command with the -l or -u
options, respectively. For example, to lock the user "john", you would use the command: passwd -l john.
To unlock the user, you would use: passwd -u john.
Answer: You can use the chsh command to assign a specific shell to a user in Linux. Running chsh
followed by the username will allow you to change the user's default shell. The command will prompt
you to enter the new shell path.
Follow these steps to create a user without using useradd command in Red Hat Linux.
Step 1
username:password:UID:GID:Comments:Home_Directory:Login Shell
# vi /etc/passwd
user:x:501:501:test user:/home/user:/bin/bash
Step 2
You will have to create a group with same name. So add a new entry in /etc/group
# vi /etc/group
user:x:501:
Step 3
# passwd user
New password:
# su - user
-bash-4.1$
You should see [user@test ~]$ instead of -bash-4.1$ prompt. So why does this happens?
So, as you see none of the default contents of a normal user home directory is present
like .bashrc, .bash_profile etc.
Final Step 4
NOTE:
/etc/skel directory contains all the defaults files which are present inside the home folder of any user
So, copy the contents from /etc/skel inside /home/user using the below command
[user@test ~]$
answe : 700
answer : Every time you login to a Linux (Red Hat) machine .bash_profile file is executed but In case you
are already logged in and you open a new terminal then .bashrc file is executed
12. What is the command to create a user with a pre defined uid, shell and home directory?
answer : deepak:x:512:512:User:/home/deepak:/bin/bash
15. If I delete a user, does it's home directory gets deleted? If not then what is the command
to delete the home directory of user along with the user ?
answer : No.
# userdel -r <username>
16. Name any 3 files which are automatically created inside any user's home directory when a
user is added?
answer :
.bashrc
.bash_profile
.bash_history
17. What is the command to view all the currently logged in users?
answer : w
18. What is the command to change and view the expiry date for any user?
answer : chage
19. What are the details you get with finger command?
Home directory
Last login
20. How can you give a normal user all the root level privileges?
answer : Add the user to wheel group and uncomment the wheel group line in sudoers file
22. How can you give sudo access to any user without asking him to provide passord every
time he runs a command?
answer : Add an extra parameter NOPASSWD in sudoers file while giving the user permission to run root
level commands
23. Which files stores the user min UID, max UID, password expiration settings, password
encryption method being used etc.,?
ANS : /etc/login.defs
24. How do you make a file copied to a new user account automatically upon user account
creation?
<Couple of lines from /etc/passwd file are pasted below for reference>
redhat:x:500:500:Redhat User:/home/redhat:/bin/bash
mssm:x:501:501:another user:/home/mssm:/bin/bash
– “x” in the password column indicates that the encrypted password is stored in /etc/shadow file.
ANS: This can be done by using either “usermod -L <UserName>” or “passwd -l <UserName>”
commands
Example:-
#usermod -L mango
Once an account gets locked, there would be an exclamation mark before the encrypted password files
in “/etc/shadow” as shown below:
mango:!$1$O5zV5Rj/$XhuRe8Og.AiXMXDGSIsae/:16266:0:99999:7:::
To un-lock an account:-
#usermod -U mango
These commands would normally lock the file while editing to avoid corruption.
29. Whenever an user tries to login via terminal, system would throw up the error “The
account is currently not available”, otherwise, via GUI when user enters password, it looks to
be logging in, however, comes back to the login prompt. How could this issue be fixed?
ANS: This is because of the shell field set as “/sbin/nologin” in “/etc/passwd” file, so change this back to
“/bin/bash” and user should be allowed to login.
If the shell field is set as “/bin/false” then whenever an user tries to login there would not be any error
or messages, it just comes back to the login prompt and same happens in GUI mode.
30. How do you make a new user to reset his password upon his first login?
Password:
ANS: Use ‘chage’ command and set the expiration date as given below
31. Create users home directory in /home1 directory instead of default /home directory. This
gets applicable to any new users who gets created i.e the home directory of that user should
be /home1/<UserName>/
– Save the changes and exit. After this any new users home directory would be under /home1
– You could check the useradd defaults using the command :#useradd -D
OR
#cat /etc/default/useradd
After this you can add users with the command “useradd <UserName>”. This would create the users
home directory with the name of the user under the specified HOME directory as defined in
/etc/default/useradd.
alldoctors:x:912:913::/root/doctor:/bin/bash
total 28
32. How do you make/grant complete access (rwx) on files created for a user and deny any
level of access to others including group?
ANS : – Need to define the umask value for the required user.
umask 0077
– Next time this user logs in, files/directories would get exclusive permissions only for this user as
masked by umask parameter.
– For root user the umask is defined in “/etc/init.d/functions” file. Otherwise, in /etc/profile (login shell)
or /etc/bashrc (non-login shell) file.
ANS:- Run the command “passwd -S <UserName>”, this would show if the password has been locked or
not. Otherwise, grep for the username from /etc/shadow file and you could see “!” mark prefixed to the
encrypted password field.
smurthy:!!$6$jZqvS4ju$k.o6o7OoL7EZ1Bn52uPKeI2gqA76A7qyTl2PM8192jF2mz4ssVTz/
u8DfbY2zJ7xCjFymh5FuATWxW5RxFugM1:0:0:99999:7:::
If you notice a double exclamation mark here (“!!”) this indicates that the account got locked-up by
running the command “passwd -l <UserName>” command (available only for root user). Otherwise, a
single exclamation mark indicates that the account got locked with the command “usermod -L
<UserName>”. Accounts locked with usermod command would record it in /var/log/secure file by
default.
To “unlock” an user account, run this command “passwd -u <UserName”>. Otherwise, run “usermod -U
<UserName” command twice to get rid off double exclamation marks in the encrypted password field.
Otherwise, “usermod -U <UserName” would unlock an account locked by the “usermod -L <UserName>”
command.
EXAMPLE:-
[root@server6 ~]# grep smurthy /etc/shadow
smurthy:!!$6$jZqvS4ju$k.o6o7OoL7EZ1Bn52uPKeI2gqA76A7qyTl2PM8192jF2mz4ssVTz/
u8DfbY2zJ7xCjFymh5FuATWxW5RxFugM1:0:0:99999:7:::
passwd: Success
smurthy:$6$jZqvS4ju$k.o6o7OoL7EZ1Bn52uPKeI2gqA76A7qyTl2PM8192jF2mz4ssVTz/
u8DfbY2zJ7xCjFymh5FuATWxW5RxFugM1:0:0:99999:7:::
34. How to find out the shadow password encryption method being used in Linux? How
could this be changed (example : from md5 to sha512)?
ANS:- We can find out the password encryption method being used for shadow passwords as shown
below:
– Check in /etc/login.defs
ENCRYPT_METHOD MD5
MD5_CRYPT_ENAB yes
OR