There are three types of accounts on a Unix system:

1. Root account: This is also called superuser.A superuser can run any commands without any restriction.

2. System accounts:These accounts are usually needed for some specific function on your system. ex. sshd, mailserver ...

3. User accounts:User accounts provide interactive access to the system for users and groups of users.

Managing Users and Groups:

#cat /etc/passwd => display the user account and password information.

#cat /etc/shadow => display the encrypted password of the

corresponding account.

#cat /etc/group => display the group information for each account.

# cat /etc/gshadow => display the secure group account information.

UID:
UID 0 – reserved for the user root
UID 0-99 – reserved for the system user accounts
UID 100-499 – used for special system users

 Normal users start from UID 500.

 Root user is called supper user.
 Root users has unlimited access to all the files,devices, and programs on the system.
 Root user has a complete control over the system.

GID:
 Group ID 0 reserved for root group.
 Group ID range 1-99 user service and program groups.
 Group ID 100 for normal users group.
 Normal groups start from ID 101

Command Description

useradd Adds accounts to the system.

usermod Modifies account attributes.

userdel Deletes accounts from the system.

groupadd Adds groups to the system.

groupmod Modifies group attributes.

groupdel Removes groups from the system.

Create and Manage a Account

Create a User Account

[root@desktop17 ~]# useradd thomas

Create a User Account with particular user id

[root@desktop17 ~]# useradd -u 1000 james

u - unique id number

[root@desktop17 ~]# id james

uid=1000(james) gid=1000(james) groups=1000(james)
[root@desktop17 ~]#

Create a Account with a particular shell

[root@desktop17 ~]# useradd -s /bin/bash vasanth

s - to change a shell

[root@desktop17 ~]# cat /etc/passwd | grep vasanth

Mail: [email protected] Ph:9952590457

vasanth:x:1001:1001::/home/vasanth:/bin/bash
[root@desktop17 ~]#

Creat an account with nologin

[root@desktop17 ~]# useradd -s /sbin/nologin jaikopee

[root@desktop17 ~]# cat /etc/passwd | grep jaikopee

jaikopee:x:1002:1002::/home/jaikopee:/sbin/nologin
[root@desktop17 ~]#

[root@desktop17 ~]# su - jaikopee

This account is currently not available.
[root@desktop17 ~]#

Note : /sbin/nologin - user can't login from the PC, but he can
login from remote PC

[root@desktop17 ~]# useradd -s /sbin/false pradeep

[root@desktop17 ~]# cat /etc/passwd | grep pradeep

pradeep:x:1003:1003::/home/pradeep:/sbin/false

[root@desktop17 ~]# su - pradeep

su: /sbin/false: No such file or directory

Note : User cannot able to login from this PC and remote PC

Create a account to change a home directory of an a user

[root@desktop17 ~]# useradd -d /usr/ajmal ajmal

-d => to change home directory of a user

[root@desktop17 ~]# cat /etc/passwd | grep ajmal

ajmal:x:1004:1004::/usr/ajmal:/bin/bash
[root@desktop17 ~]#

To create user account in multiple properties

[root@desktop17 ~]# useradd -u 1200 -d /sbin/saroj -s /bin/ksh saroj

[root@desktop17 ~]# cat /etc/passwd | grep saroj

saroj:x:1200:1200::/sbin/saroj:/bin/ksh
[root@desktop17 ~]#

To check the status of the user account

[root@desktop17 ~]# passwd -S ajmal

ajmal PS 2014-09-17 0 99999 7 -1 (Password set, SHA512 crypt.)

[root@desktop17 ~]#

Delete a user account password

[root@desktop17 ~]# passwd -d ajmal

Removing password for user ajmal.
passwd: Success

[root@desktop17 ~]#

Lock a Particular User account

[root@desktop17 ~]# passwd -l ajmal

Locking password for user ajmal.
passwd: Success
[root@desktop17 ~]#

Unlock a Particular Locked User account

Mail: [email protected] Ph:9952590457

[root@desktop17 ~]# passwd -u ajmal
Unlocking password for user ajmal.
passwd: Success
[root@desktop17~]#

To list the User Name

[root@desktop17 ~]# ls /home/

jaikopee james lost+found pradeep student thomas vasanth visitor
[root@desktop17 ~]#

To set the Passwd for a User

[root@desktop17 ~]# passwd james

Changing password for user james.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@desktop17 ~]#

Check the status of a User

[root@desktop17 ~]# passwd -S james

james PS 2014-09-16 0 99999 7 -1 (Password set, SHA512 crypt.)
[root@desktop17 ~]#

To view only a particular user information

[root@desktop17 ~]# getent passwd james

james:x:1000:1000::/home/james:/bin/bash

[root@desktop17 ~]# getent shadow james

james:$6$bBYicnNc$oQHHA7smq6lV6mgUV.Lb7EIeaD2obzllGF.rG.TlCzrgsu9H.duT21TvXrIxqM6Xz/v8h7mi2WKV.HdOUAyly.:1632
9:0:99999:7:::
[root@desktop17 ~]#

Delete a User Password

[root@desktop17 ~]# passwd -d james

Removing password for user james.
passwd: Success

[root@desktop17 ~]#

Delete a User

[root@desktop17 ~]# userdel james

Note : The user is deleted, But the content is available in Home directory

[root@desktop17 ~]# ls /home/

jaikopee james lost+found pradeep student thomas vasanth visitor
[root@desktop17 ~]#

[root@desktop17 ~]# ls -a /home/james

. .. .bash_logout .bash_profile .bashrc .gnome2 .mozilla
[root@desktop17 ~]#

[root@desktop17 ~]# rm -rf /home/james/

[root@desktop17 ~]# ls /home/

jaikopee lost+found pradeep student thomas vasanth visitor
[root@desktop17 ~]#

or

[root@desktop17 ~]# userdel -r james

Note : delete a user permanently from home directory

Mail: [email protected] Ph:9952590457

usermod --> Modify an existing user account

[root@desktop17 ~]# getent passwd ajmal

ajmal:x:1004:1004::/usr/ajmal:/bin/bash
[root@desktop17 ~]#

Change a user id a and group id in a user name

[root@desktop17 ~]# usermod -u 2000 ajmal

[root@desktop17 ~]# getent passwd ajmal
ajmal:x:2000:1004::/usr/ajmal:/bin/bash
[root@desktop17 ~]#

[root@desktop17 ~]# groupmod -g 2000 ajmal

[root@desktop17 ~]# getent passwd ajmal
ajmal:x:2000:2000::/usr/ajmal:/bin/bash
[root@desktop17 ~]#

To change a shell an existing user

[root@desktop17 ~]# usermod -s /bin/ksh ajmal

[root@desktop17 ~]# getent passwd ajmal

ajmal:x:2000:1004::/usr/ajmal:/bin/ksh
[root@desktop17 ~]#

To write a full name for existing user

[root@desktop17 ~]# usermod -c "Ajmal Khan" ajmal

[root@desktop17 ~]# getent passwd ajmal

ajmal:x:2000:1004:Ajmal Khan:/usr/ajmal:/bin/ksh
[root@desktop17 ~]#

Rename the existing User Name

[root@desktop17 ~]# usermod -l akram ajmal

Note: akram - New Name

ajmal - Old Name

Group Administration

Create a New Group

[root@desktop17 ~]# groupadd oracle

Add a New User in existing Group

[root@desktop17 ~]# useradd -G oracle -m ayaan

G - Group Name
m - Create home directory

[root@desktop17 ~]# cat /etc/group | grep oracle

oracle:x:504:ayaan
[root@desktop17 ~]#

Change group id in existing group

[root@desktop17~]# groupmod -g 1000 oracle

[root@desktop4 ~]# cat /etc/group | grep oracle

oracle:x:1000:ayaan
[root@desktop17 ~]#

Rename a Group Name

[root@desktop17 ~]# groupmod -n software oracle

software --> new group name

oracle ----> old group name

[root@desktop17 ~]# cat /etc/group

Mail: [email protected] Ph:9952590457

student:x:500:
visitor:x:501:
james:x:502:
jaikopee:x:503:
ayaan:x:505:
software:x:1000:ayaan
[root@desktop17 ~]#

Adding user ayaan to group java

[root@desktop17 ~]# groupadd java

[root@desktop17 ~]# groupadd hr
[root@desktop17 ~]# gpasswd -a ayaan java
[root@desktop17 ~]#

Add number of existing users into a group along with primary group

[root@desktop17 ~]# gpasswd -M pradeep,raj,ameen,ajmal java

[root@desktop17 ~]# cat /etc/group | grep java

java:x:1001:pradeep,raj,ameen,ajmal
[root@desktop17 ~]#

[root@desktop17 ~]# usermod -l kabeer -c "Ayaan Kabeer" -u 3000 -G java -a ayaan

[root@desktop17 ~]# cat /etc/passwd | grep kabeer

kabeer:x:3000:505:Ayaan Kabeer:/home/ayaan:/bin/bash
[root@desktop4 ~]#

Remove a Group

[root@desktop4 ~]# groupdel hr

Removing a user from a Group

[root@desktop4 ~]# gpasswd -d ajmal java

Removing user ajmal from group java
[root@desktop4 ~]#

Group Administration

Create a New Group

[root@desktop17 ~]# groupadd oracle

Add a New User in existing Group

[root@desktop17 ~]# useradd -G oracle -m ayaan

G - Group Name
m - Create home directory

[root@desktop17 ~]# cat /etc/group | grep oracle

oracle:x:504:ayaan
[root@desktop17 ~]#

Change group id in existing group

[root@desktop17~]# groupmod -g 1000 oracle

[root@desktop4 ~]# cat /etc/group | grep oracle

oracle:x:1000:ayaan
[root@desktop17 ~]#

or

[root@server ~]# useradd -g iffa -G s1,s2 veritas

[root@server ~]# id veritas

uid=1109(veritas) gid=1101(iffa) groups=1101(iffa),1103(s1),1104(s2)

Mail: [email protected] Ph:9952590457

[root@server ~]#

Rename a Group Name

[root@desktop17 ~]# groupmod -n software oracle

software --> new group name

oracle ----> old group name

[root@desktop17 ~]# cat /etc/group

student:x:500:
visitor:x:501:
james:x:502:
jaikopee:x:503:
ayaan:x:505:
software:x:1000:ayaan
[root@desktop17 ~]#

Adding user ayaan to group java

[root@desktop17 ~]# groupadd java

[root@desktop17 ~]# groupadd hr
[root@desktop17 ~]# gpasswd -a ayaan java
[root@desktop17 ~]#

Add number of existing users into a group along with primary group

[root@desktop17 ~]# gpasswd -M pradeep,raj,ameen,ajmal java

[root@desktop17 ~]# cat /etc/group | grep java

java:x:1001:pradeep,raj,ameen,ajmal
[root@desktop17 ~]#

[root@desktop17 ~]# usermod -l kabeer -c "Ayaan Kabeer" -u 3000 -G java -a ayaan

[root@desktop17 ~]# cat /etc/passwd | grep kabeer

kabeer:x:3000:505:Ayaan Kabeer:/home/ayaan:/bin/bash
[root@desktop4 ~]#

Remove a Group

[root@desktop4 ~]# groupdel hr

Removing a user from a Group

[root@desktop4 ~]# gpasswd -d ajmal java

Removing user ajmal from group java
[root@desktop4 ~]#

Change Password of a specific user account

[root@desktop17 ~]# passwd -S ajmal

ajmal PS 2014-09-17 0 99999 7 -1 (Password set, SHA512 crypt.)
[root@desktop17 ~]#

[root@desktop17 ~]# chage -l ajmal

Last password change : Sep 17, 2014
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@desktop4 ~]#

[root@desktop17 ~]# date

Wed Sep 17 07:31:45 IST 2014
[root@desktop17 ~]#

[root@desktop4 ~]# chage -M 10 -m 5 -W 3 -E 20141015 -I 30 ajmal && chage -l ajmal

Last password change : Sep 17, 2014
Password expires : Sep 27, 2014

Mail: [email protected] Ph:9952590457

Password inactive : Oct 27, 2014
Account expires : Mar 25, 57114
Minimum number of days between password change : 5
Maximum number of days between password change : 10
Number of days of warning before password expires :3
[root@desktop17~]#

Note

-M ---> Maximum number of days between password changed

-m ---> Minimum number of days between password changed
-W ---> Warning days
-E ---> Account Expiry date
-I ---> Account Inactive days

[root@desktop17 ~]# chage -d 0 ajmal

-d ---> No of days to change the Password

Create Un-encrypted Password for User

#cat /etc/shadow | grep aleem

aleem:$1$u1$vj29pj9lO1Ll5zsXYomiW1:16368:0:99999:7:::

# usermod -p redhat aleem

#cat /etc/shadow | grep aleem

aleem:redhat:16387:0:99999:7:::

Note : create an un-encrypted password, we use option -p (password).

Note: Colore display a particular content

# grep -E --color 'aleem' /etc/passwd

aleem:x:500:500:syed aleem:/home/aleem:/bin/bash

# grep -E --color 'aleem' /etc/shadow

aleem:redhat:16387:0:99999:7:::

[root@localhost ~]#
Model II

#useradd s1

#useradd s2

#useradd m1

#useradd m2

#groupadd sales

#groupadd market

#usermod -G sales s1

#usermod -G sales s2

#usermod -G market m1

#usermod -G market m2

#cat /etc/group

Mail: [email protected] Ph:9952590457

[root@server ~]# mkdir /data

[root@server ~]# ls -ld /data

drwxr-xr-x. 2 root root 4096 Oct 21 14:02 /data

[root@server ~]# chmod 777 /data

[root@server ~]# ls -ld /data

drwxrwxrwx. 2 root root 4096 Oct 21 14:02 /data

[root@server ~]#

[root@server ~]# chgrp sales /data

[root@server ~]# chgrp market /data

[root@server ~]# ls -ld /data

drwxrwxrwx. 2 root market 4096 Oct 21 14:02 /data

[root@server ~]#

[root@server ~]# useradd velu

[root@server ~]# setfacl -m u:velu:rwx /data

[root@server ~]# setfacl -m u:s1:--- /data

[root@server ~]# cat /etc/passwd | grep velu

velu:x:1107:1107::/home/velu:/bin/bash

[root@server ~]# getfacl /data

getfacl: Removing leading '/' from absolute path names

# file: data

# owner: root

# group: market

user::rwx

user:s1:---

user:velu:rwx

group::rwx

mask::rwx

other::rwx

Mail: [email protected] Ph:9952590457

[root@server ~]# su - velu

[velu@server ~]$ cd /data

[velu@server data]$ touch a b c

[velu@server data]$ ls

a b c

[velu@server data]$

sudo user

#visudo

## Allow root to run any commands anywhere

root ALL=(ALL) ALL

velu ALL=(ALL) ALL

:wq

[root@server ~]# su - velu

[velu@server ~]$ sudo useradd mickel

[sudo] password for velu:

[velu@server ~]$ cat /etc/passwd

veritas:x:1109:1101::/home/veritas:/bin/bash

mickel:x:1110:1110::/home/mickel:/bin/bash
#

[root@server ~]# cat /etc/login.defs

group permission

[root@server ~]# mkdir /test

[root@server ~]# ls -ld /test
drwxr-xr-x. 2 root root 4096 Oct 21 14:56 /test
[root@server ~]# chmod 777 /test
[root@server ~]# ls -l /test
total 0
[root@server ~]# ls -ld /test
drwxrwxrwx. 2 root root 4096 Oct 21 14:56 /test
[root@server ~]# chgrp sales /test
[root@server ~]# ls -ld /test
drwxrwxrwx. 2 root sales 4096 Oct 21 14:56 /test
[root@server ~]# su - s1
[s1@server ~]$ cd /test
[s1@server test]$ touch a b c d

Mail: [email protected] Ph:9952590457

[s1@server test]$ ls
a b c d
[s1@server test]$ exit
logout
[root@server ~]# su - m1
[m1@server ~]$ cd /test
[m1@server test]$ touch a b c
touch: cannot touch `a': Permission denied
touch: cannot touch `b': Permission denied
touch: cannot touch `c': Permission denied
[m1@server test]$

To remove a user which is not in home directory

[root@server ~]# rm -rvf kabeer | grep /etc/passwd

backup of a us

scenarios

User name prompt on Linux is appearing with "I have no name!@SERVER:"

solution

#pwsc

Lock User Accounts After Failed Login

#vim /etc/pam.d/password-auth

Now write these lines just above the line stating auth sufficient pam_unix.so:

Now the account will be locked after three failed login attempts.

There are various other options you can use like:

unlock_time=100 will unlock the account after 100 seconds.

You can use any value for unlock_time field.

If you don t use this parameter then you ll have to manually unlock a locked account using

# pam_tally2 -r -u username command.

lock_time=100 will lock the account for 100 seconds after failed attempts to login.

no_magic_root will avoid locking root account.

Mail: [email protected] Ph:9952590457

How To Find The Users With Empty Password

/etc/shadow is the file which we look for password information.

/etc/shadow content:
===============
scott:!!:16236:0:99999:7:::
peter:!!:16236:0:99999:7:::
kevin:!!:16236:0:99999:7:::
This is actual content for a default user/new user.
[root@node1 /]# passwd -d scott

Removing password for user scott.

passwd: Success

[root@node1 /]# passwd -d peter

Removing password for user peter.

passwd: Success

[root@node1 /]# passwd -d kevin

Removing password for user kevin.

passwd: Success
scott::16236:0:99999:7:::
peter::16236:0:99999:7:::
kevin::16236:0:99999:7:::
The above is the content after remving the password for the user using the command # passwd -d

[root@node1 /]# cat /etc/shadow | awk -F: ($2== ){print $1}

scott
peter
kevin
[root@node1 /]#
Now the above script will give the list of users with EMPTY PASSWORD.

Unix Password-less Login

On source server side:

First generate public key using rsa
#ssh-keygen -t rsa
( here it will ask some questions, please give all default options, especially
we have to press enter (leave as empty) in the passphrase option)

Copying the .pub files content from source server to target server.

#scp ~/.ssh/id_rsa.pub username@destination:~/.ssh/authorized_keys

(OR)
Better we can follow the below steps

#cp ~/.ssh/id_rsa.pub ~/.ssh/authorize_keys

next copy this authorize_keys file to client /root/.ssh/

#scp ~/.ssh/authorize_keys username@destination:~/.ssh/.

Now client will be able to login without password.

pam_tally2 – The login counter (tallying) module

I have set up PAM Authentication to lock a user accoount

after 3 attempts of incorrect password.

PAM Module: pam_tally2.so

password-auth-ac:

Mail: [email protected] Ph:9952590457

=============
auth required pam_tally2.so deny=3 file=/var/log/tallylog
account required pam_tally2.so
[root@node1 /]# pam_tally2 –user test
Login Failures Latest failure From
test 0
[root@node1 /]#
login as: test
[email protected] s password:
Access denied
[email protected] s password:
Access denied
[email protected] s password:
Access denied
[email protected] s password:
Access denied
[email protected] s password:
Account locked due to 4 failed logins
Account locked due to 5 failed logins
Account locked due to 6 failed logins
Account locked due to 7 failed logins
Last login: Sun Jun 15 00:14:30 2014 from 192.168.183.1
[test@node1 ~]$
[root@node1 /]# pam_tally2 –user=test
Login Failures Latest failure From
test 6 06/15/14 00:23:20 192.168.183.1
[root@node1 /]# pam_tally2 –user=test –reset
Login Failures Latest failure From
test 6 06/15/14 00:23:20 192.168.183.1
[root@node1 /]# pam_tally2 –user=test
Login Failures Latest failure From
test 0
[root@node1 /]#
login as: test
[email protected] s password:
Last login: Sun Jun 15 00:20:07 2014 from 192.168.183.1
[test@node1 ~]$ whoami
test
[test@node1 ~]$

Changing The Password In Linux Without Prompting

[root@node1 /]# echo -e password | (passwd –stdin user1)

Changing password for user user1.
passwd: all authentication tokens updated successfully.
[root@node1 /]#

Mail: [email protected] Ph:9952590457