|
Utilities
|
Description
|
|
useradd, usermod, userdel
|
Standard utilities for adding,
modifying, and deleting user accounts.
|
|
groupadd, groupmod, groupdel
|
Standard utilities for adding,
modifying, and deleting groups.
|
|
gpasswd
|
Standard utility for
administering the /etc/groupconfiguration
file.
|
|
pwck, grpck
|
Utilities that can be used for
verification of the password, group, and associated shadow files.
|
|
pwconv, pwunconv
|
Utilities that can be used for
the conversion of passwords to shadow passwords, or back from shadow
passwords to standard passwords.
|
3.3.1. Adding a New User
To add a new user to the system, typing the following at a
shell prompt as root:
useradd [options] username
By default, the useradd command
creates a locked user account. To unlock the account, run the following command
as root to assign a password:
passwd username
Optionally, you can set password aging policy. Refer to Red Hat Enterprise Linux 6 Security Guide for
information on how to enable password aging.
|
Option
|
Description
|
|
-c 'comment'
|
comment can
be replaced with any string. This option is generally used to specify the
full name of a user.
|
|
-d home_directory
|
Home directory to be used
instead of default /home/username/.
|
|
-e date
|
Date for the account to be
disabled in the format YYYY-MM-DD.
|
|
-f days
|
Number of days after the
password expires until the account is disabled. If 0 is specified, the account is disabled
immediately after the password expires. If -1 is
specified, the account is not be disabled after the password expires.
|
|
-g group_name
|
Group name or group number for
the user's default group. The group must exist prior to being specified here.
|
|
-G group_list
|
List of additional (other than
default) group names or group numbers, separated by commas, of which the user
is a member. The groups must exist prior to being specified here.
|
|
-m
|
Create the home directory if it
does not exist.
|
|
-M
|
Do not create the home
directory.
|
|
-N
|
Do not create a user private
group for the user.
|
|
-p password
|
The password encrypted with crypt.
|
|
-r
|
Create a system account with a
UID less than 500 and without a home directory.
|
|
-s
|
User's login shell, which
defaults to /bin/bash.
|
|
-u uid
|
User ID for the user, which
must be unique and greater than 499.
|
following steps illustrate what happens if
the command useradd juan is issued on a
system that has shadow passwords enabled:
1.
A new line for juan is created in /etc/passwd:
juan:x:501:501::/home/juan:/bin/bash
The line has the following characteristics:
o It begins with the username juan.
o There is an x for the
password field indicating that the system is using shadow passwords.
o A UID greater than 499 is created. Under Red Hat Enterprise
Linux, UIDs below 500 are reserved for system use and should not be assigned to
users.
o A GID greater than 499 is created. Under Red Hat Enterprise
Linux, GIDs below 500 are reserved for system use and should not be assigned to
users.
o The optional GECOS information
is left blank. The GECOS field can be used to provide additional information
about the user, such as their full name or phone number.
o The home directory for juan is set to /home/juan/.
o The default shell is set to /bin/bash.
2.
A new line for juan is created in /etc/shadow:
juan:!!:14798:0:99999:7:::
The line has the following characteristics:
o It begins with the username juan.
o Two exclamation marks (!!) appear in the
password field of the /etc/shadowfile,
which locks the account.