##########: CHAPTER 6 :##########

==========: MANAGING LOCAL USERS & GROUPS :==========

1- Describing User and Group Concepts ===== System User, Normal User, Group
2- Managing Local User Accounts ===== useradd, usermod, userdel
3- Managing Local Group Accounts ===== groupadd, groupmod, groupdel
4- Managing User Passwords ===== Passwd, chage
5- Gaining Superuser Access ===== Wheel, sudoers

================================================================================

##########: Users :##########

• In Computing, a user is a Person who uses a Computer’s Objects,

Resources.
• A User will have a user Account That identifies the user by a Username.
• To Log on To a System, a user is Required to Authentication himself with a
Password for the Purpose of Accounting, Security, Logging, And Resource
Managemeng.
================================================================================

##########: Types of Users :##########

USER : System User Root User UID- 0

UID – 1 To 999

Normal Users
UID – 1000 To 65535
================================================================================

##########: Types of Users: ##########

Super User System User

Regular User

Is for Administration Used by Processes of They use for their

of the System Program
day-to-day Work

Root is the Supper Users do not interactively This User have

user With UID 0. log in using a System user Limited Access to
Account
the System

The Supper user has Processes or daemons This User UID

Full Access to the Usually do not Need to Generally Start
from
System Run as Supper User
1000
================================================================================

##########: UID Range :##########

UID 0 ===== It is Reserved for Root User

UID 1-200 ===== Is Reserved for System users Assigned Statically to System
Process by Red hat.
UID 201-999 ===== Is Reserved for System Users, Used by System Processes that do
not own Files on the file System, This ID Normally
Assign
Dynamically from the Available Pool when the Software
Installed.
UID 1000+ ===== Is the Range Available for Regular Users.
================================================================================

##########: Users Database Files :##########

• This information Regarding the User is Stored in the Following Files.

➢ /etc/passwd
➢ /etc/shadow
================================================================================

##########: User Properties :##########

• This information of each User Created is Stired in a Separate Line in the

File /etc/passwd.

• Each Record has Seven Fields Separated by a : as Given:-

1. Username 3. UID 5. Comment 7. Shell

2. Password 4. GID 6. Home Directory

Parwez : x : 1001 : 1001 : Admin : /home/Parwez : /bin/bash

❶ ❷ ❸ ❹ ❺ ❻ ❼

➢ When a User is Created in Linux / Unix, The Following are Also Created by
Default:

- User Private Group Scheme

- Mail Account /var/spool/mail/[username]

Note:- Mail Accounts can be use if mail Server is Working.

Unique User identifier (UID) and Group identifier (GID)
================================================================================

##########: User Password Properties :##########

• This File Contains the Encrypted User Password

• Password are Encrypted Using SHA 512 default which can even be Change
/etc/shadow

1. Username 3. Number of Days Since 1970

2. Encrypted Password 4. Minimum Life of The Password
5. Minimum Life of The Password 6. Warning Days

Parwez : $6$IX/oe6SGuR9rgsua$0 : 19271 : 0 : 99999 : 7 :::

❶ ❷ ❸ ❹ ❺ ❻

================================================================================

##########: Creating a Users :##########

• After Creating a User, User Home Directory will be Created in default

 path /home

• Once Group wil be Created with Same username (Primary Group)

• Files from /etc/skel will be Copied Automatically to user home Directory.

/etc/passwd file is Updated with user information.

==========: Adding a User :==========

[root@JAVED ~]# useradd <username>

Or
[root@JAVED ~]# useradd <Options> <Arguments> <username>

Options:==========

-u UID
-g Primary group
-G Create user in Secondary group
-G Add User in Multiple Groups
-c Create User with Comment
-d Change Default Home Directory
-s Create user With Specific Login Shell
-M Create user Without Home Directory
-N Create user Without Primary Group
-r Create user With UID less that 1000
================================================================================

User Properties Viewing Commands:==========

[root@JAVED ~]# cat /etc/passwd

[root@JAVED ~]# grep Parwez /etc/passwd
[root@JAVED ~]# head /etc/passwd
[root@JAVED ~]# tail /etc/passwd
[root@JAVED ~]# less /etc/passwd
================================================================================

PRACTICALS:==========

Create User:- Syntex:- useradd <username>

Create User:- Syntex:- adduser <username>

[root@JAVED ~]# useradd Parwez ( Create User )

[root@JAVED ~]# passwd Parwez ( Assign

Password )
Changing password for user Parwez.
New password:redhat
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: redhat
passwd: all authentication tokens updated successfully.
================================================================================

=====: Create User Syntex:- useradd <username> ; echo “Password” | paswd username
--stdin

[root@JAVED ~]# useradd Tabrez ; echo "redhat" | passwd Tabrez --stdin

Changing password for user Tabrez.
passwd: all authentication tokens updated successfully.

[root@JAVED ~]# grep Tabrez /etc/passwd ( Find Tabrez User)

Tabrez:x:1002:1002::/home/Tabrez:/bin/bash
================================================================================

=====: Create User Specific UID Syntex:- useradd -u <UID> <username>

[root@JAVED ~]# useradd -u 3001 User1 ( Create User Specific

UID )
[root@JAVED ~]# grep User1 /etc/passwd ( Check Tom User Details
)
User1:x:3001:3001::/home/User1:/bin/bash
================================================================================

=====: Create User in Specifig GID Syntex:- useradd -g <Group> <username>

[root@JAVED ~]# groupadd HR ( Create Group )

[root@JAVED ~]#grep HR /etc/group ( Check Group Details )

HR:x:1005:

[root@JAVED ~]# useradd -g HR User2 ( Create User in

Primary Group )

[root@JAVED ~]# grep user1 /etc/passwd ( To Check User1 Group )

User2:x:1004:1005::/home/ User2:/bin/bash
================================================================================

=====: Create User in Secondary Group Syntex:- useradd -G <Group> <username>

[root@JAVED ~]# grep IT /etc/group

IT:x:2000:

[root@JAVED ~]# useradd -G IT User3 ( Create User in

Secondary Group )
[root@JAVED ~]# grep IT /etc/group ( To Check user2 details
)
IT:x:2000:User3
================================================================================

=====: Create User in Multiple Group Syntex:- useradd -G <Grp> <Grp> <username>

[root@JAVED ~]# useradd -G HR,IT User4 ( Add User in Multiple

Groups )
[root@JAVED ~]# grep HR /etc/group
HR:x:3017:User4

[root@JAVED ~]# grep IT /etc/group

IT:x:2000:User4
================================================================================

=====: Create User With Comment Syntex:- useradd -c “Comment” <username>

[root@JAVED ~]# useradd -c "System Admin" User5

[root@JAVED ~]# grep User5 /etc/passwd ( To Check user3 details

)
User5:x:3002:3002:System Admin:/home/User5:/bin/bash
================================================================================

=====: Create User Specific Directpry Syntex:- useradd -d <Directory> <username>

[root@JAVED ~]# mkdir /Data

[root@JAVED ~]# useradd -d /Data/User6 User6

[root@JAVED ~]# grep User6 /etc/passwd

User6:x:3011:3011::/Data/User6:/bin/bash

[root@JAVED ~]# passwd User6 ( Assign

Password )
Changing password for user User6.
New password: :redhat
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: :redhat
passwd: all authentication tokens updated successfully.

Note:- Now User Can Login Graphical & CLI Also.

================================================================================

=====: Create User Specific Shell Syntex:- useradd -s <New Shell> <username>

[root@JAVED ~]# mkdir /Data

[root@JAVED ~]# useradd -s /sbin/nologin User6

[root@JAVED ~]# grep User6 /etc/passwd

User6:x:3022:3023::/home/User6:/sbin/nologin
================================================================================

=====: Create User Without Home Directpry Syntex:- useradd -M <username>

[root@JAVED ~]# mkdir /Data

[root@JAVED ~]# useradd -M Linux ( Create User

Without Home Directory )

[root@JAVED ~]# passwd Linux

Changing password for user User6.
New password: :redhat
Retype new password: :redhat
passwd: all authentication tokens updated successfully.

Note:- User Can't Login Because it has Not Permission on /home Direcrory.

[root@JAVED ~]# ls -l /home/

drwx------. 15 Admin Admin 4096 Sep 30 17:21 Admin
drwxr-xr-x. 14 Parwez root 279 Oct 9 00:26 Parwez

[root@JAVED ~]# mkdir -p /home/Linux ( Create Directory

)
[root@JAVED ~]# ls -ld /home/Linux/
drwxr-xr-x. 14 root root 279 Oct 9 15:41 /home/Linux/

[root@JAVED ~]# usermod -d /home/Linux Linux ( Change Home Directory )

usermod: no changes
[root@JAVED ~]# chown Linux /home/Linux/ ( Change Ownership )
[root@JAVED ~]# ls -ld /home/Linux/
drwxr-xr-x. 14 Linux root 279 Oct 9 15:41 /home/Linux/
Note:- Now Login With Linux User And Copy From /etc/skel/ .bash_profile &
.bashrc in Home Directory.

[root@JAVED ~]# su -l Linux

[Linux@ JAVED ~]$ ls -la (There is No

.bash_profile & .bashrc in Home Directory)

[Linux@ JAVED ~]$ cp /etc/skel/.bash_profile . ( Copy FIle )

[Linux@ JAVED ~]$ cp /etc/skel/.bashrc . ( Copy FIle )

[Linux@ JAVED ~]$ exec bash ( Execute FIle )

Note:- Now You Can Login Graphical & CLI Also.

================================================================================

=====: Create User Without Primary Group Syntex :- useradd -N <username>

[root@JAVED ~]# useradd -N Linux1

[root@JAVED ~]# grep Linux1 /etc/group

No Linux1 Group is Created.
================================================================================

=====: Create System User Less Than 1000 UID Syntex :- useradd -r <username>

[root@JAVED ~]# useradd -N Linux1

[root@JAVED ~]# useradd -r Linux2

[root@JAVED ~]# grep Linux2 /etc/passwd

Linux2:x:974:974::/home/Linux2:/bin/bash
[root@JAVED ~]#
================================================================================

##########: Modifying User Properties :##########

Syntex:- usermod <Options> <Arguments> <username>

OPTIONS:-

-c ===== Comment Add the user's real name to the comment field
-g ===== Group Specify the primary group for the user account
-G ===== Groups Supplementary groups for the user account.
-a ===== Append Used with the -G option to add the supplementary
groups
to the user's current set of group memberships
instead of
replacing the set of supplementary groups with a new
set.
-a -G ===== Append a user in Multiple Group
-d ===== Home DIR Specify a particular home directory for the user
account.
 -m ===== Move Home Move the user's home directory to a new location.
Must
be used with the -d option.
-s ===== SHELL Specify a particular login shell for the user account
-l ===== Change The Login Name
-L ===== Lock The user Account
-U ===== Unlock The user Account
-u ===== Change the user ID

================================================================================

PRACTICALS:==========

=====: Change Login Name Syntex :- usermod -l <New Name> <Old Name>

[root@JAVED ~]# grep Linux1 /etc/passwd

Linux1:x:1001:1001:System Admin:/home/Linux1:/sbin/nologin

[root@JAVED ~]# usermod -l Jetking Linux1

[root@JAVED ~]# grep Linux1 /etc/passwd

Jetking:x:1001:1001:System Admin:/home/Linux1:/sbin/nologin

Note:- The id command to show information about the currently logged-in user
================================================================================

=====: Change User UID Syntex :- usermod -u <UID> <username>

[root@JAVED ~]# grep Linux1 /etc/passwd

Linux1:x:1001:1001:System Admin:/home/Linux1:/bin/bash

[root@JAVED ~]# usermod -u 1020 Linux1

[root@JAVED ~]# grep Linux1 /etc/passwd

Linux1:x:1020:1001:System Admin:/home/Linux1:/bin/bash
[root@JAVED ~]#
================================================================================

=====: Add User in Primary Group Syntex:- usermod -g <GroupName> <username>

[root@JAVED ~]# grep Linux3 /etc/passwd

Linux3:x:1003:1003::/home/Linux3:/bin/bash

[root@JAVED ~]# usermod -g 3002 Linux3

[root@JAVED ~]# grep Linux3 /etc/passwd

Linux3:x:1003:3002::/home/Linux3:/bin/bash
================================================================================

=====: Add User in Secondary Group Syntex:- usermod -G <GroupName> <username>

[root@JAVED ~]# useradd -N Linux1

[root@JAVED ~]# useradd Linux1 ; echo "redhat" | passwd Linux1 --stdin

Changing password for user Linux1.
passwd: all authentication tokens updated successfully.

[root@JAVED ~]# useradd Linux2 ; echo "redhat" | passwd Linux2 --stdin

Changing password for user Linux2.
passwd: all authentication tokens updated successfully.

[root@JAVED ~]# useradd Linux3 ; echo "redhat" | passwd Linux3 --stdin

Changing password for user Linux3.
passwd: all authentication tokens updated successfully.

[root@JAVED ~]# groupadd -g 3000 HR

[root@JAVED ~]# groupadd -g 3001 IT
[root@JAVED ~]# grep HR /etc/group
HR:x:3000:
[root@JAVED ~]# usermod -G HR Linux1
[root@JAVED ~]# grep HR /etc/group
HR:x:3000:Linux1

Note:- You Can Add User in Secondary Gropu But When You Assign Linux1 User
into Another Group it Will Move From HR Group.
================================================================================

=====: Add User in Multiple Group Syntex :- usermod -a -G <GroupName> <username>

[root@JAVED ~]# grep HR /etc/group

HR:x:3000:Linux1 ( Linux1
User Added in HR Group )

[root@JAVED ~]# grep IT /etc/group

IT:x:3001: ( No
User Added in IT Group )

[root@JAVED ~]# usermod -a -G IT Linux1

[root@JAVED ~]# grep IT /etc/group

IT:x:3001:Linux1 ( Linux1
User Added in IT Group )

[root@JAVED ~]# grep HR /etc/group

HR:x:3000:Linux1
================================================================================

=====: Add User Comment Syntex :- usermod -c “Comment” <username>

[root@JAVED ~]# grep Linux1 /etc/passwd

Linux1:x:1001:1001::/home/Linux1:/bin/bash

[root@JAVED ~]# usermod -c "System Admin" Linux1

[root@JAVED ~]# grep Linux1 /etc/passwd

Linux1:x:1001:1001:System Admin:/home/Linux1:/bin/bash
================================================================================

=====: Change Home Directory Syntex :- usermod -m -d “Path” <username>

[root@JAVED ~]# mkdir /UserData

[root@JAVED ~]# ls -l /home/

drwx------. 3 Linux1 Linux1 78 Oct 9 17:00 Linux1
drwx------. 3 Linux2 Linux2 78 Oct 9 17:00 Linux2

[root@JAVED ~]# usermod -m -d /UserData/Linux2 Linux2

[root@JAVED ~]# ls -l /home/
drwx------. 3 Linux1 Linux1 78 Oct 9 17:00 Linux1

[root@JAVED ~]# ls -l /UserData/

drwx------. 3 Linux2 Linux2 78 Oct 9 17:54 Linux2
[root@JAVED ~]#
================================================================================

=====: Change Login SHELL Syntex :- usermod -s <New SHELL> <username>

[root@JAVED ~]# grep Linux1 /etc/passwd

Linux1:x:1001:1001:System Admin:/home/Linux1:/bin/bash

[root@JAVED ~]# usermod -s /sbin/nologin Linux1

[root@JAVED ~]# grep Linux1 /etc/passwd

Linux1:x:1001:1001:System Admin:/home/Linux1:/sbin/nologin

Note:- Now Linux1 User Can Login.

================================================================================

=====: Lock User Account Syntex :- usermod -L <username>

[root@JAVED ~]# passwd -S Linux1 ( Check Password

Status )
Linux1 PS 2022-10-09 0 99999 7 -1 (Password set, SHA512
crypt.)

[root@localhost ~]# usermod -L Linux1 ( Lock User Password )

[root@localhost ~]# passwd -S Linux1 ( Check Password

Status )
Linux1 LK 2022-10-09 0 99999 7 -1 (Password locked.)
================================================================================

=====: UnLock User Account Syntex :- usermod -U <username>

[root@JAVED ~]# passwd -S Linux1 ( Check Password

Status )
Linux1 LK 2022-10-09 0 99999 7 -1 (Password locked.)

[root@JAVED ~]# usermod -U Linux1 ( Unlock Password of

Users )

[root@JAVED ~]# passwd -S Linux1 ( Check Password

Status )
Linux1 PS 2022-10-09 0 99999 7 -1 (Password set, SHA512
crypt.)
================================================================================

##########: Managing User Password :##########

Creating or Changing User’s Password

[root@JAVED ~]# passwd <username>

Options:=====

passwd ===== To Set Password For Users

 passwd -S ===== To Check Password Status
Passwd -d ===== Remove User Password
Passwd -l ===== Lock User Account Password
Passwd -u ===== Unlock The user Account Password
================================================================================

PRACTICALS:=====

=====: Set Password For Users Syntex :- passwd <username>

[root@JAVED ~]# passwd Linux1

Changing password for user Linux1.
New password: :redhat
Retype new password: :redhat
passwd: all authentication tokens updated successfully.
================================================================================

=====: Check Password Status Syntex :- passwd -S <username>

[root@JAVED ~]# passwd -S Linux1

Linux1 PS 2022-10-09 0 99999 7 -1 (Password set, SHA512 crypt.)
[root@JAVED ~]#
================================================================================

=====: Remove Password Syntex :- passwd -d <username>

[root@JAVED ~]# passwd -S Linux1

Linux1 PS 2022-10-09 0 99999 7 -1 (Password set, SHA512 crypt.)

[root@JAVED ~]# passwd -d Linux1

Removing password for user Linux1.
passwd: Success

[root@JAVED ~]# passwd -S Linux1

Linux1 NP 2022-10-09 0 99999 7 -1 (Empty password.)
[root@JAVED ~]#
================================================================================

=====: Lock User Account Password Syntex :- passwd -l <username>

[root@JAVED ~]# passwd -S Linux2
Linux2 PS 2022-10-09 0 99999 7 -1 (Password set, SHA512 crypt.)

[root@JAVED ~]# passwd -l Linux2

Locking password for user Linux2.
passwd: Success

[root@JAVED ~]# passwd -S Linux2

Linux2 LK 2022-10-09 0 99999 7 -1 (Password locked.)
[root@JAVED ~]#
================================================================================

=====: UnLock User Account Password Syntex :- passwd -u <username>

[root@JAVED ~]# passwd -S Linux2

Linux2 LK 2022-10-09 0 99999 7 -1 (Password locked.)

[root@JAVED ~]# passwd -u Linux2

Unlocking password for user Linux2.
passwd: Success
[root@JAVED ~]# passwd -S Linux2
Linux2 PS 2022-10-09 0 99999 7 -1 (Password set, SHA512 crypt.)
[root@JAVED ~]#
================================================================================

##########: Deleting a User :##########

Syntex:- userdel <options> <username>

Options:=====

userdel ===== Detele the User

userdel -r ===== Delete the User & Home Directory Also
================================================================================

PRACTICALS:=====

=====: Delete User Account Syntex :- userdel <username>

[root@JAVED ~]# grep Linux3 /etc/passwd

Linux3:x:1003:3002::/home/Linux3:/bin/bash

[root@JAVED ~]# userdel Linux3

userdel: group Linux3 not removed because it is not the primary group of user
Linux3.

[root@JAVED ~]# ls /home/

Admin Linux1 Linux2 Linux3
[root@JAVED ~]#
================================================================================

=====: Delete User With Home Directory Syntex :- userdel -r <username>

[root@JAVED ~]# grep Linux2 /etc/passwd

Linux2:x:1002:1002::/home/Linux2:/bin/bash

[root@JAVED ~]# userdel -r Linux2

[root@JAVED ~]# ls /home/

Admin Linux1 Linux3
[root@JAVED ~]#

================================================================================

##########: Group :##########

Group is a Collection of users that need to share access to files and

other system resources.
• Each group has unique number which is know as group id (GID).
• Group ID is reserved in RHEL 8 between 1-999
• Local group are define in /etc/group.
• There are Two Types of Groups

- Primary or Private
- Secondary or Supplementary
================================================================================
==========: Primary Group :==========

• All users will have primary group.

• A User can have only One Primary Group.
• By default this is the group that will own new files created by the users.
• Primary group is created whenever new user is created with same name
of user.
• Primary group is defined by the GID number of the group, listed in 4th
field of /etc/passwd
• The user is only the member of the Primary Group or user private
group(UPG).
• The Main use of Primary group is to Apply File Permission & Disk Quotas.
================================================================================

==========: Secondary Group :==========

• The group which Created Manually by Root User to Add an Existing Users is
Called Secondary Group.
• User may a member of none or more supplementary group.
• Users are granted access to files based on whether any of their group
have access.
• Users of the supplementary members of local group are listed in last
field of /etc/group.
• User will be separated by comma in /etc/group
================================================================================

##########: Group Properties :##########

• The information of each group Created is Stored in a Seprate Line in the

File /etc/group.
• Each Record has Four Fields Separated by : as given:-

1. Group Name 3. GID

2. Mask Password 4. Secondary Member

HR : x : 1007 : Tabrez,Parwez
❶ ❷ ❸ ❹

================================================================================

##########: Group Password Properties :##########

• This File Contains the Encrypted Group Password.

• Password are Encrypted using MD5 (Message Digest Version 5) Algorithm
/etc/gshadow

HR : $6$lwLI1icaR : Admin : Tabrez,Parwez

❶ ❷ ❸ ❹
Group Encrypted List of List of
Name Password Administrative Members
Members
================================================================================

Creating Group :==========

Syntex:- groupadd <groupname>

 or
Syntex:- groupaadd <options> <Arguments> <Groupname>

Options:=====

-g ===== Used To Specify New GID

-r ===== Create Group With GID Less than 1000
-o ===== Allow Creating groups with Duplicate GID
================================================================================

RACTICALS:==========

##########: Create Group :##########

Syntex :- groupadd <groupname>

[root@JAVED ~]# groupadd SALE

[root@JAVED ~]# grep SALE /etc/group

SALE:x:3004:
================================================================================

=====: Create Group with GID Syntex :- groupadd -g <groupname>

[root@JAVED ~]# groupadd -g 4000 HR

[root@JAVED ~]# grep HR /etc/group

HR:x:4000:
================================================================================

=====: Create Group GID Less Than 1000 Syntex :- groupadd -r <groupname>

[root@JAVED ~]# groupadd -r IT

[root@JAVED ~]# grep IT /etc/group
IT:x:973:
[root@JAVED ~]#
================================================================================

=====: Create Group Duplicate GID Syntex :- groupadd -o -g <groupname>

[root@JAVED ~]# grep HR /etc/group

HR:x:4000:
[root@JAVED ~]# groupadd -o -g 4000 Group1
[root@JAVED ~]# groupadd -o -g 4000 Group2
[root@JAVED ~]# groupadd -o -g 4000 Group3
[root@JAVED ~]# grep Group /etc/group
Group1:x:4000:
Group2:x:4000:
Group3:x:4000:
================================================================================

##########: Modifying Group :##########

Syntex:- groupamod <options> <Arguments> <Groupname>

Options:=====

-g ===== Used To Specify New GID

-o ===== Allow Creating groups with Duplicate GID
-n ===== Used For Changing the Group Name
================================================================================

RACTICALS:==========

=====: Change Group GID Syntex :- groupmod -g <GID> <groupname>

[root@JAVED ~]# grep HR /etc/group

HR:x:4000:

[root@JAVED ~]# groupmod -g 5000 HR

[root@JAVED ~]# grep HR /etc/group

HR:x:5000:
================================================================================

=====: Create Group Duplicate GID Syntex :- groupadd -r <groupname>

[root@JAVED ~]# groupadd -r IT

[root@JAVED ~]# grep IT /etc/group
IT:x:973:
================================================================================

=====: Changing Group Name Syntex :- groupmod -n <New Name> <Old Name>

[root@JAVED ~]# grep HR /etc/group

HR:x:5000:
[root@JAVED ~]# groupmod -n Account HR
[root@JAVED ~]# grep Account /etc/group
Account:x:5000:
================================================================================

##########: Group Membership :##########

Syntex:- gpasswd <options> <Arguments> <Groupname>

Options:=====

-M ===== Add Multiple Users To The Group

-A ===== Add a Group Administrator
-a ===== Add a User To the Group
-d ===== Delete a User From The Group
================================================================================

RACTICALS:==========

=====: Add Multiple User in Group Syntex :- gpasswd -M <U1> <U2> <groupname>

[root@JAVED ~]# grep Linux /etc/passwd

Linux1:x:1001:1001::/home/Linux1:/bin/bash
Linux2:x:1002:1002::/home/Linux2:/bin/bash
Linux3:x:1003:1003::/home/Linux3:/bin/bash
Linux4:x:1004:1004::/home/Linux4:/bin/bash

[root@JAVED ~]# gpasswd -M Linux1,Linux2,Linux3 HR

[root@JAVED ~]# grep HR /etc/group

HR:x:3000:Linux1,Linux2,Linux3
[root@JAVED ~]# su - Linux1

[Linux1@ JAVED ~]$ id

uid=1001(Linux1) gid=1001(Linux1) groups=1001(Linux1),3000(HR)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

=====: Add Group Administrator Syntex :- gpasswd -A <Username> <groupname>

[root@JAVED ~]# grep HR /etc/gshadow

HR:!::Linux1,Linux2,Linux3

[root@JAVED ~]# gpasswd -A Admin HR

[[root@JAVED ~]# grep HR /etc/gshadow

HR:!:Admin:Linux1,Linux2,Linux3

=====: Add a User in Group Syntex :- gpasswd -a <Username> <groupname>

[root@JAVED ~]# gpasswd -a Linux4 IT

Adding user Linux4 to group IT

[root@JAVED ~]# grep IT /etc/group

IT:x:3001:Linux4

Note:- Before You Add User into Group Create a User.

=====: Delete User From Group Syntex :- gpasswd -d <username> <groupname>

[root@JAVED ~]# grep HR /etc/group

HR:x:3000:Linux1,Linux2,Linux3

[root@JAVED ~]# gpasswd -d Linux3 HR

Removing user Linux3 from group HR

[root@JAVED ~]# grep HR /etc/group

HR:x:3000:Linux1,Linux2
================================================================================

##########: Assign Password of Group :##########

Syntex:- gpasswd <groupname>

[root@JAVED ~]# gpasswd HR

Changing the password for group HR
New Password: redhat
Re-enter new password: redhat
[root@JAVED ~]#

================================================================================

##########: Deleting Group ##########

Syntex:- groupdel <groupname>

[root@JAVED ~]# groupdel HR

Note:- A group Cannot be Deleted if it has Primary Members.

================================================================================

##########: Password Aging ##########

Syntex:- chage [Option] <Argument> <Uaername>

Options:-

-l Account aging information

-d Modify the last password change Date
-E set the account expiry date
-m Set the minimum number of days between password change
-M Set the maximum number of days between password change
-I chage command to set the number of days of inactivity
-W Set the number of days of warning before password expires
Chage user- Using chage command without any options (interactive)
-M -1 chage command to set password expires to never
-E -1 Remove expiry date from user account with chage command

Syntex :- chage [Option] <Argument> <Username>

1. Aging Information Syntex :- chage -l <Username>

• -l option shows the aging information of an account.

[root@JAVED ~]# chage -l Parwez ( To Check Password Info )

Last password change : Oct 18, 2022
Password expires : never
Password inactive : never
Account expires : never
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
================================================================================

2. Modify Last Passwprd Chage Date Syntex :- chage -d YYYY-MM-DD <user>

• You can use -d or --lastday option to modify the last password change date.

[root@JAVED ~]# chage -d 2022-10-10 Parwez

[root@JAVED ~]# chage -l Parwez
Last password change : Oct 10, 2022
================================================================================

3. Set Account Expiry Date Syntex :- chage -E YYYY-MM-DD <user>

• You can set account expiry date by using -E or --expiredate option.

[root@JAVED ~]# chage -E 2022-10-30 Parwez

[root@JAVED ~]# chage -l Parwez
Account expires : Oct 30, 2022
================================================================================

4. Set Minimum Number of Days Between Password Change

Syntex :- chage -m NUM_DAYS <Username>

• You can use -m or --mindays option to change the minimum number of

days between password change. The user cannot change his/her password
before the minimum days between password change.

[root@JAVED ~]# chage -m 10 Parwez

[root@JAVED ~]# chage -l Parwez
Minimum number of days between password change : 10
================================================================================

5. Set Maximum Number of Days Between Password Change

Syntex :- chage -M NUM_DAYS <Username>

• The maximum number of days after which the password will expire. You
can change it using -M or --maxdays option. When the maximum days and
last password change date is less than the current date, the user will need
to change the password to use the account. The value -1 in this field
removes the password validity.

[root@JAVED ~]# chage -M 10 Parwez

[root@JAVED ~]# chage -l Parwez

Minimum number of days between password change : 20
================================================================================

6. Change Command To Set The Number of Days of Inactivity

Syntex :- chage -l NUM_DAYS <Username>

Syntex :- chage - - inactive NUM_DAYS <Username>

• -I or --inactive option sets the number of days of inactivity after the

password has expired. The account will be locked after this time period of
inactivity.

[root@JAVED ~]# chage -l Parwez

Password expires : Dec 20, 2022
Password inactive : Jan 09, 2023

[root@JAVED ~]# chage -I 5 Parwez

[root@JAVED ~]# chage -l Parwez

Password expires : Dec 20, 2022
Password inactive : Dec 25, 2022
================================================================================

7. Set The Number of Days of Warning Before Password Expire

Syntex :- chage -w NUM_DAYS <Username>

Syntex :- chage - - warndays NUM_DAYS <Username>

• The user will be warned before his/her password expiry date. To set or
modify the number of days of warning before a password expires, you can
use -W or --warndays option.

[root@JAVED ~]# chage -l Parwez

Number of days of warning before password expires : 7

[root@JAVED ~]# chage -W 5 Parwez

[root@JAVED ~]# chage -l Parwez

Number of days of warning before password expires : 5
================================================================================

8. Using chage Command Without Any Options (interactive)

Syntex :- chage <Username>

• You can use chage command without any options. It asks the users to enter
the value for all the fields. You can either enter a new value to change the
field or leave a blank to keep the current value. The current values are
displayed between [ ] brackets.

[root@JAVED ~]# chage Parwez

Changing the aging information for Parwez
Enter the new value, or press ENTER for the default
Minimum Password Age [0]: 30
Maximum Password Age [60]: 60
Last Password Change (YYYY-MM-DD) [2022-10-21]: 2022-10-20
Password Expiration Warning [5]: 10
Password Inactive [5]: 5
Account Expiration Date (YYYY-MM-DD) [-1]: 2022-10-30
[root@JAVED ~]# chage -l Parwez
Last password change : Oct 20, 2022
Password expires : Dec 19, 2022
Password inactive : Dec 24, 2022
Account expires : Oct 30, 2022
Minimum number of days between password change : 30
Maximum number of days between password change : 60
Number of days of warning before password expires : 10
================================================================================

9. chage Command To Set Password Expires To Never .

Syntex :- chage -M -1 <Username>

• To change the value in password expires, you have to modify the value in
maximum number of days between password change. If you put the value -
1 in it, it will set the password expires to never.

[root@JAVED ~]# chage -l Parwez

Password expires : Dec 19, 2022

[root@JAVED ~]# chage -M -1 Parwez

[root@JAVED ~]# chage -l Parwez
Password expires : never
================================================================================

10. Remove Expiry Date From User Account

Syntex :- chage -E -1 <Username>

• You can change the value in Account expires using -E or --expiredate

option. If you provide the value -1, it will remove the account expiry date.
[root@JAVED ~]# chage -l Parwez
Account expires : Oct 30, 2022

[root@JAVED ~]# chage -E -1 Parwez

[root@JAVED ~]# chage -l Parwez
Account expires : never
[root@JAVED ~]#
================================================================================

##########: Gaining Super User Access ##########

Super User :==========

• In RHEL root is the super user, who have full access of the system.
• Root user can all commands without any restriction.
• This user managed the complete system administration.
• This user has the power to override normal privileges to local user
to perform some administer the system.
• The root user in Linux is almost like Administrator account in Windows.

Switching User :==========

• With the help of "su" Command You Can Switch Between the Users.
• If it is run by local user it will prompt for the password but if root
user invoke this command no password is required.
• The command su username starts a non-login shell, while the
command su - username starts a login shell

Sudo :=========

• Sudo can give root privileges by configuring /etc/sudoers file.

• With sudo you can specified specific rights to the specific users
• Sudo requires to enter their own password not other unlike you
do in su command.
• In RHEL 8 all members of group wheel able to use sudo to run
command.

Confuguring Sudoers File :=========================

==========: Allow User To Run Administrative Commands :==========

[root@JAVED ~]# vim /etc/sudoers

## Allow root to run any commands anywhere

root ALL=(ALL) ALL
Parwez ALL=(ALL) ALL
:wq! (Save)

[root@JAVED ~]# su - Parwez

[Parwez@ JAVED ~]$ sudo useradd User1 ( Run Command Using sudo)
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
 #3) With great power comes great responsibility.
[sudo] password for Parwez: redhat
[Parwez@ JAVED ~]$ sudo passwd User1 ( Run Command Using sudo)
Changing password for user User6.
New password: :redhat
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: :redhat
passwd: all authentication tokens updated successfully.
[Parwez@ JAVED ~]$ grep User1 /etc/passwd
User1:x:1002:1002::/home/User1:/bin/bash
[Parwez@ JAVED ~]$ sudo lsblk ( Check Blocked Devices)
[sudo] password for Parwez: redhat
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 30G 0 disk
├─sda1 8:1 0 1G 0 part /boot
├─sda2 8:2 0 20G 0 part /
├─sda3 8:3 0 4G 0 part [SWAP]
├─sda4 8:4 0 1K 0 part
└─sda5 8:5 0 5G 0 part /home
sr0 11:0 1 1024M 0 rom
Note:- Now Parwez User Can Run All Administrative Commands Using sudo.
================================================================================

==========: Allow Group To Run Administrative Commands :==========

[root@JAVED ~]# vim /etc/sudoers

## Allows people in group wheel to run all commands

%wheel ALL=(ALL) ALL
%HR ALL=(ALL) ALL
:wq! (Save)

[root@JAVED ~]# useradd Linux1 ; echo "redhat" | passwd Linux1 --stdin

Changing password for user Linux1.
passwd: all authentication tokens updated successfully.
[root@JAVED ~]# useradd Linux2 ; echo "redhat" | passwd Linux2 --stdin
Changing password for user Linux2.
passwd: all authentication tokens updated successfully.

[root@JAVED ~]# groupadd HR ( Create Group)

[root@JAVED ~]# grep HR /etc/group
HR:x:1005:
[root@JAVED ~]# gpasswd -M Linux1,Linux2 HR ( Assign Multiple Useres inGroup)
[root@JAVED ~]# grep HR /etc/group
HR:x:1005:Linux1,Linux2
[root@JAVED ~]# su - Linux1
[Linux1@ JAVED ~]$ sudo useradd u1 ( Run Command Using sudo)
[sudo] password for Linux1: redhat
[Linux1@ JAVED ~]$ grep u1 /etc/passwd
u1:x:1005:1006::/home/u1:/bin/bash
[Linux1@ JAVED ~]$ su - Linux2
Password: redhat
[Linux2@ JAVED ~]$ sudo useradd u2 ( Run Command Using sudo)
[sudo] password for Linux2: redhat

[Linux2@ JAVED ~]$ grep u2 /etc/passwd

u2:x:1006:1007::/home/u2:/bin/bash
[Linux2@ JAVED ~]$
Note:- Now HR Group Users Can Run All Administrative Commands Using sudo.
================================================================================

==========: Sudo Without Password :==========

[root@JAVED ~]# vim /etc/sudoers

## Allow root to run any commands anywhere

root ALL=(ALL) ALL
Parwez ALL=(ALL) NOPASSWD: ALL
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%HR ALL=(ALL) NOPASSWD: ALL
:wq! (Save)

[root@JAVED ~]# su - Parwez

[Parwez@ JAVED ~]$ sudo useradd u3 ( Run Command Using sudo)
[Parwez@ JAVED ~]$ grep u3 /etc/passwd
u3:x:1007:1008::/home/u3:/bin/bash
[Parwez@ JAVED ~]$ su - Linux1
Password: redhat

[Linux1@ JAVED ~]$ sudo useradd u4 ( Run Command Using sudo)

[Linux1@ JAVED ~]$ grep u4 /etc/passwd
u4:x:1008:1009::/home/u4:/bin/bash
[Linux1@ JAVED ~]$ su - Linux2
Password: redhat

[Linux2@ JAVED ~]$ sudo useradd u5 ( Run Command Using sudo)

[Linux2@ JAVED ~]$ grep u5 /etc/passwd
u5:x:1009:1010::/home/u5:/bin/bash

[Linux2@ JAVED ~]$ sudo lsblk ( Check Blocked Devices)

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 30G 0 disk
├─sda1 8:1 0 1G 0 part /boot
├─sda2 8:2 0 20G 0 part /
├─sda3 8:3 0 4G 0 part [SWAP]
├─sda4 8:4 0 1K 0 part
└─sda5 8:5 0 5G 0 part /home
sr0 11:0 1 1024M 0 rom
Note:- Now Group & Users Can Run Commands Without Password.
================================================================================

==========: Allow Specific Commands :==========

[root@JAVED ~]# vim /etc/sudoers

## Allow root to run any commands anywhere

root ALL=(ALL) ALL
Parwez ALL=(ALL) NOPASSWD: ALL
Tabrez ALL=(ALL) /usr/sbin/useradd,/usr/sbin/adduser,/usr/bin/passwd
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%HR ALL=(ALL) /usr/sbin/useradd,/usr/sbin/adduser,/usr/bin/passwd
:wq! (Save)
[root@JAVED ~]# su - Tabrez

[Tabrez@ JAVED ~]$ sudo useradd u6

[sudo] password for Tabrez: redhat

[Tabrez@ JAVED ~]$ grep u6 /etc/passwd

u6:x:1012:1012::/home/u6:/bin/bash

[Tabrez@ JAVED ~]$ sudo fdisk -l

Sorry, user Tabrez is not allowed to execute '/sbin/fdisk -l' as root on
localhost.localdomain.
Note:- Only Specific Commands Run Users & Groups.
================================================================================

==========: Exclude Specific Commands :==========

[root@JAVED ~]# vim /etc/sudoers

## Allow root to run any commands anywhere

root ALL=(ALL) ALL
Parwez ALL=(ALL) NOPASSWD: ALL
Tabrez ALL=(ALL) ALL,!/usr/sbin/useradd,!/usr/sbin/adduser,!/usr/bin/passwd
:wq! (Save)

[root@JAVED ~]# su - Tabrez

[Tabrez@ JAVED ~]$ sudo useradd user10

Sorry, user Tabrez is not allowed to execute '/sbin/useradd user10' as root on
localhost.localdomain.

[Tabrez@ JAVED ~]$ sudo adduser user10

Sorry, user Tabrez is not allowed to execute '/sbin/adduser user10' as root on
localhost.localdomain.

[Tabrez@ JAVED ~]$ sudo passwd user1

Sorry, user Tabrez is not allowed to execute '/bin/passwd user1' as root on
localhost.localdomain.

[Tabrez@ JAVED ~]$ sudo lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 30G 0 disk
├─sda1 8:1 0 1G 0 part /boot
├─sda2 8:2 0 20G 0 part /
├─sda3 8:3 0 4G 0 part [SWAP]
├─sda4 8:4 0 1K 0 part
└─sda5 8:5 0 5G 0 part /home
sr0 11:0 1 1024M 0 rom
[Tabrez@ JAVED ~]$
Note:- Only Specific Commands Run Users & Groups.

================================================================================

==========: Commands Alias :==========

[root@JAVED ~]# vim /etc/sudoers

# Cmnd_Alias DRIVERS = /sbin/modprobe

Cmnd_Alias CUSTOM = /usr/bin/chmod, /usr/bin/chown
Cmnd_Alias HARDDISK = /usr/sbin/fdisk, /usr/sbin/gdisk, /usr/sbin/parted
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
User1 ALL=(ALL) CUSTOM
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%HR ALL=(ALL) HARDDISK

[root@JAVED ~]# useradd User1

[root@JAVED ~]# passwd User1

Changing password for user User1.
New password: redhat
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: redhat
passwd: all authentication tokens updated successfully.

[root@JAVED ~]# su - User1

[User1@ JAVED ~]$ mkdir Jetking

[User1@ JAVED ~]$ ll
drwxrwxr-x. 2 User1 User1 6 Oct 22 18:49 Jetking
[User1@ JAVED ~]$ sudo chown Parwez:Parwez Jetking/
[User1@ JAVED ~]$ ll
drwxrwxr-x. 2 Parwez Parwez 6 Oct 22 18:49 Jetking
[User1@ JAVED ~]$ sudo useradd User2
Sorry, user User1 is not allowed to execute '/sbin/useradd User2' as root on
localhost.localdomain.

[root@JAVED ~]# su - Linux1

[Linux1@ JAVED ~]$ sudo fdisk -l

Disk /dev/sda: 30 GiB, 32212254720 bytes, 62914560 sectors
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 2099199 2097152 1G 83 Linux
/dev/sda2 2099200 44042239 41943040 20G 83 Linux
/dev/sda3 44042240 52430847 8388608 4G 82 Linux swap / Solaris
/dev/sda4 52430848 62914559 10483712 5G 5 Extended
/dev/sda5 52432896 62914559 10481664 5G 83 Linux
[Linux1@ JAVED ~]$ sudo parted /dev/sda print
Number Start End Size Type File system Flags
1 1049kB 1075MB 1074MB primary xfs boot
2 1075MB 22.5GB 21.5GB primary xfs
3 22.5GB 26.8GB 4295MB primary linux-swap(v1)
4 26.8GB 32.2GB 5368MB extended
5 26.8GB 32.2GB 5367MB logical xfs
Note:- Alias Specific Commands Run Users & Groups.

==================================Completed=====================================