The administrator’s login id of Linux or UNIX is “root”. So the owner of most system files and other files is “root” by default. It has the maximum authority to access the system.
Maintaining normal uses of the system is one of the most important tasks, such as creating and deleting user’s account, privileging and giving quota to user. It needs a skilled and efficient administrator. Because of taking some little wrong steps can destroy the whole security system of the computer.
The Important Command for administrator are given and explained with examples in below:
useradd – To create a new user
Syntax:
useradd [-c comment] [-d home_dir] [-e expire_date] [-f inactive_time]
[-g initial_group] [-G group[,...]] [-m [-k skeleton_dir] | -M] [-p passwd]
[-s shell] [-u uid] login_id
| Briefly | Description | |
| -c | Comment | The comment could be user’s full name, briefly about password or other’s. |
| -d | Home Directory | The new user will be created using home director for the user’s login directory. |
| -e | Expire Date | The date on which the user account will be disabled. The date format is “YYYY-MM-DD”. |
| -f | Inactive Days | The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, a value of -1 disables the feature and so on. The default value is -1. |
| -g | Initial Group | The group name or number of the user’s initial login group. The group name must exist. The default group number is 1 (/etc/default/useradd). |
| -G | group,[...] | A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening white space. The default is for the user to belong only to the initial group. |
| -p | Password | The encrypted password. The default is to disable the account. |
| -s | Shell | The name of the user’s login shell. |
| -u | UID | The numerical value of the user’s ID. This value must be unique, unless the -o option is used. The value must be nonnegative. The default is to use the smallest ID value greater than 99 and greater than every other user. Values between 0 and 99 are typically reserved for system accounts. |
Example,
[root@localhost root]# useradd –c “Tajuddin Parvez” –e 2005-12-30 –f 3 azgar
ð It creates a new user’s account on the system who’s login id is azgar, login password will be expired on 30 December of 2005, comment is Tajuddin Parvez and inactive days is 3 after when the password is expired.
Example,
[root@localhost root]# useradd
ð It creates a new user’s account in the system. If no options are specified, useradd sets the current default values for new user’s account. To change these default values we can use –D option with useradd command.
Example,
[root@localhost root]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
Changing the default values
| Options | Briefly | Description |
| -b | Default Home Directory | The initial path prefix for a new user’s home directory. By default normal users’ home directory is “/home”. |
| -e | Default Expire Date | The date on which the user account is disabled. |
| -f | Default Inactive | The number of days after a password has expired before the account will be disabled. |
| -s | Default Shell | The name of the new user’s login shell. |
Example,
[root@localhost root]# useradd –D –b /newhoom
[root@ localhost root]# useradd -D
GROUP=100
HOME=/newhome
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
[root@www root]# vi /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
passwd - update a user’s authentication tokens
But a user can't login the account until the user has not been set any login’s password.
Syntax,
passwd [-n mindays] [-x maxdays] [-w warndays] [-i inactivedays] username
Example,
[root@localhost root]# passwd azgar
Changing password for user azgar.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
ð When the new password and the re-password are similar then the new password is set for the user to login further.
[root@localhost root]# passwd –w 1 azgar
Adjusting aging data for user azgar.
passwd: Success
/etc/skel – directory
[root@localhost root]# cd /etc/scale
[root@localhost scale]# ls -a
.bash_logout
.bashrc
.profile
ð All files of this directory will be copied to the user's home directory at the creating time of new user.
usermod - Modify a user account
Syntax:
usermod [-c comment] [-d home_dir] [-e expire_date] [-f inactive_time]
[-g initial_group] [-G group [,...]] [-l login_name] [-p passwd]
[-s shell] [-u uid [-o]] [-L] [-U] login_id
| Options | Briefly | Description |
| -c | Comment | The comment could be user’s full name, briefly about password or other’s. |
| -d | Home Directory | The new user will be created using home director for the user’s login directory. |
| -e | Expire Date | The date on which the user account will be disabled. The date format is “YYYY-MM-DD”. |
| -f | Inactive Days | The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired; a value of -1 disables the feature and so on. The default value is -1. |
| -g | Initial Group | The group name or number of the user’s initial login group. The group name must exist. The default group number is 1 (/etc/default/useradd). |
| -G | group,[...] | A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening white space. The default is for the user to belong only to the initial group. |
| -p | Password | The encrypted password. The default is to disable the account. |
| -s | Shell | The name of the user’s login shell. |
| -u | UID | The numerical value of the user’s ID’ING This value must be unique, unless the -o option is used. The value must be nonnegative. The default is to use the smallest ID value greater than 99 and greater than every other user. Values between 0 and 99 are typically reserved for system accounts. |
| -L | Lock | Lock user’s password. |
| -U | Unlock | Unlock user’s password. |
Example,
[root@localhost root]# usermod -l <>
ð It will change the user's login name.
Example,
[root@localhost root]# usermod -u
ð It will change the user's ID.
Example,
[root@localhost root]# usermod -h
ð It will change user's home directory.
Example,
[root@localhost root]# usermod -s
ð To change the shell.
userdel - Delete a user account and related files
Example,
[root@localhost root]# userdel
ð It will delete a user except user’s home directory.
[root@localhost root]# userdel -r
ð It will delete user along with user's home directory also.
Consider you want to go to root user from normal login user then you can give the command as
[root@localhost root]# su -
password:
ð Now, give the root's password. It will login the root user. Other user also can use this switch user.
[root@localhost root]# su sumon
password:
ð Give the sumon's password (normal user). It will login. When work will finish then you should give "exit" command.
[root@localhost sumon]# pwd
/home/sumon
[root@localhost sumon]# su -
password:
[root@localhost root]# pwd
/root
[root@localhost root]# exit
[root@localhost sumon]#
user and id command:
You can see how many users are currently working in the system by the user command.
[root@localhost root]# user
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@localhost root]# id
ð It will show how many users in the root group.
[root@www root]# id sumon
uid=500(sumon) gid=500(sumon) groups=500(sumon),503(susanta)
[root@www root]# id azgar
uid=502(azgar) gid=502(azgar) groups=502(azgar),503(susanta)
/etc/passwd And /etc/shadow files
All the information of user is store in the file, named "passwd".
[root@localhost root]# vi /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
sumon:x:500:500::/home/sumon:/bin/bash
shovon:x:501:501::/home/shovon:/bin/bash
azgar:x:502:502::/home/azgar:/bin/bash
apache:x:48:48:Apache:/var/www:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
mailman:x:41:41:GNU Mailing List Manager:/var/mailman:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
1st field is Login user name,
2nd field is hidden password,
3rd field is User ID,
4th field is User's Primary group ID,
5th field is optional,
6th field is user's home directory,
7th field is for which shell will used.
Now we come a question that where the password are stored? Yes the file is called "shadow" file. There are many fields in this file which are given below:
[root@localhost root]# vi /etc/shadow
root:$1$gVcPsDcv$HCumd/61oPKZK7.m37SRI1:12948:0:99999:7:::
bin:*:12948:0:99999:7:::
daemon:*:12948:0:99999:7:::
adm:*:12948:0:99999:7:::
lp:*:12948:0:99999:7:::
sync:*:12948:0:99999:7:::
shutdown:*:12948:0:99999:7:::
halt:*:12948:0:99999:7:::
mail:*:12948:0:99999:7:::
news:*:12948:0:99999:7:::
uucp:*:12948:0:99999:7:::
operator:*:12948:0:99999:7:::
games:*:12948:0:99999:7:::
gopher:*:12948:0:99999:7:::
ftp:*:12948:0:99999:7:::
nobody:*:12948:0:99999:7:::
rpm:!!:12948:0:99999:7:::
vcsa:!!:12948:0:99999:7:::
nscd:!!:12948:0:99999:7:::
sshd:!!:12948:0:99999:7:::
rpc:!!:12948:0:99999:7:::
rpcuser:!!:12948:0:99999:7:::
nfsnobody:!!:12948:0:99999:7:::
pcap:!!:12948:0:99999:7:::
mailnull:!!:12948:0:99999:7:::
smmsp:!!:12948:0:99999:7:::
dbus:!!:12948:0:99999:7:::
xfs:!!:12948:0:99999:7:::
ntp:!!:12948:0:99999:7:::
gdm:!!:12948:0:99999:7:::
sumon:$1$DiNEqiWg$S/B4lf.MuBt9833G0MRxL/:12948:0:99999:7:::
shovon:$1$Ro8R.cuX$Cat9FxTRkeMlZmg6PrDzN0:12948:0:99999:7:::
azgar:$1$a.CXkciG$SpKMfZqud4Geex7XW/jyI0:12948:0:99999:7:::
apache:!!:12953::::::
squid:!!:12953::::::
webalizer:!!:12953::::::
named:!!:12957::::::
dovecot:!!:12962::::::
postfix:!!:12962::::::
mailman:!!:12962::::::
mysql:!!:12975::::::
postgres:!!:12975::::::
1st field is Login user name,
2nd field is encrypted password,
3rd field is User ID,
4th field is User's Primary group ID,
5th field is optional,
6th field is user's home directory,
7th field is for which shell will used.
8th field is optional,
9th field is optional,
pwunconv pwconv and pwch command
You can store all the data of the shadow file to the passwd file and on that time shadow file will delete. To do this, you can give the command as,
[root@localhost root]# pwunconv
Again to store the data from passwd file to shadow file give the command as,
[root@localhost root]# pwconv
After editing the passwd file, it may be store some wrong data. If you want to check the passwd file, give the command
[root@localhost root]# pwch /etc/passwd
[root@localhost root]# groupadd
ð It will create a group. All the information of the group are stored in the file, named "group" which is in etc directory.
[root@localhost root]# vi /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail,postfix
news:x:13:news
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
lock:x:54:
nobody:x:99:
users:x:100:
rpm:x:37:
floppy:x:19:
vcsa:x:69:
utmp:x:22:
slocate:x:21:
nscd:x:28:
sshd:x:74:
rpc:x:32:
rpcuser:x:29:
nfsnobody:x:65534:
pcap:x:77:
mailnull:x:47:
dbus:x:81:
ntp:x:38:
gdm:x:42:
sumon:x:500:
shovon:x:501:
azgar:x:502:
susanta:x:503:sumon,azgar
apache:x:48:
squid:x:23:
webalizer:x:67:
named:x:25:
dovecot:x:97:
postdrop:x:90:
postfix:x:89:
mailman:x:41:
mysql:x:27:
postgres:x:26:
ð There are several fields in the file.
1st field is group's name
2nd field is group's password
3rd field is group's ID
4th field is the name of group's member
We can add a user, delete a user, change group's Id or Group's name by the command as groupmod or usermod with different option.
[root@localhost root]# groupmod -n
ð It will change group's old name and set a new name.
[root@localhost root]# groupmod -g
ð It will change the group's Id.
[root@localhost root]# usermod -G
ð It will add a user in the group.
chown and chgrp - To change owner ship or group of the file
We can change owner and group of the file or directory by the command,
[root@localhost root]# chown
ð It will change the owner of the file or directory.
[root@localhost root]# chgrp
ð It will change the group of the file or directory.
Chage – change user password expiry information
Syntax,
chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive]
[-E expiredate] [-W warndays] user
chage -l user
[root@localhost root]# chage -d 2004-06-25 <>
ð After the date 2004-06-25, the user can't login the system. Administrator can send to the user a warning message by the following command.
[root@localhost root]# chage -W 5 <>
ð Here 5 mean the days. User will get a warning message that he can't login after the date, 2004-06-25.
Finger
[root@localhost root]# finger
ð When you give the command only finger, then it will show the entire user's information.
[root@localhost root]# finger <>
ð And when you give the command finger with user name then it will show all information of that particular user.
Giving quota for a normal user, we will follow some statements which are given below.
1. First we will create a new drive and it will be ext3 (Linux) format.
2. Mount this drive to "/home" directory. Also we can edit the fstab file and add a new line.
[root@localhost root]# vi /etc/fstab
/dev/hda6 /home ext3 default,usrquota 0 0
After saving this line to the file, we will reboot the system.
3. Again remount the /home directory by the given command.
[root@localhost root]# mount -o remount /home
4. You can check the quota by the command.
[root@localhost root]# quotacheck -c /home
Then we can find a binary file in the /home directory called "aquota.user"
[root@localhost home]# pwd
/home
[root@localhost home]# ls
aquota.user
5. Now we can give quota permission to the /home directory by the command as,
[root@localhost root]# quotaon /home
To off the quota permission, give the command as below,
[root@localhost root]# quotaoff /home
6. Now, we will create a user, consider the user's login Id is "roy" and password is "roy123".
[root@localhost root]# useradd roy
[root@localhost root]# passwd roy
new Password:
re- Enter password:
Password is changed.
7. Now, give the permission to user that how many block she/he can use on the disk and how many inodes he can create. In Red Hat Linux there two types of Quota.
I Blocks
II Inodes (How many files, he can store on disk).
[root@localhost root]# edquota roy
Filesystem blocks soft hard inodes soft hard
/dev/hda6 6 0 0 6 12 14
Here soft means minimum required and hard means maximum require. After the minimum required, the user will get a warning message from the administrator.
Note: Don't edit the blocks and inodes field. It will automatically update. First time they always are 6.
[root@localhost root]# edquota roy 0 0
ð To remove all quota.
[root@localhost root]# repquota /home
ð It will show all the reports of Quota for /home directory.
Note: 1 block = 1024 bytes.
