Introduction
In this post we are going to see Linux user and group administration, this is applicable for RHCSA Exam for RHEL 8 / 7 versions. We are going to see Linux users and group creation, modification, deletion. Managing user and group can be done by command or GUI tools
For RHCSA Exam we have user and group administration one of the questions, get practice by creating user, group with different scenarios. Few users are created by default, each users are created for the services / application to use.
Three important files that has to be noted
User | /etc/passwd |
Group | /etc/groups |
Shadow | /etc/shadow |
User file
The /etc/passwd file contains the username,password,userid, group id, groupname,shell.
The values are separated by colon (:), the value x denotes the password, which is stored in the /etc/shadow file
[root@server1 ~]# cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin
Group file
The /etc/group contains list of groups are created in the server, users are mapped with the group
[root@server1 ~]# cat /etc/group root:x:0: bin:x:1: daemon:x:2: sys:x:3:
Shadow file
The /etc/shadow file consists of the username, password and password expiry
[root@server1 ~]# cat /etc/shadow root:$6$mSW2hm02cqJh1wJh$NQVuSxJiaX4sY2MiMwQoXydkQ.49Tmp0RIVx6lQGrEk8E/jtdxeQPw8uc3YD9R3fTU8z9P8I1DUCofTobrm151::0:99999:7::: bin::18358:0:99999:7::: daemon::18358:0:99999:7::: daemon:*:18358:0:99999:7:::
root User
The root user or administrator user will have the user and group id set to 0
[root@server1 ~]# id root uid=0(root) gid=0(root) groups=0(root)
Few points to be noted
- The user and group ID starts with 1000, however we can manually change the User and Group ID
- We are going to create group web and db, and users to web / db group and a user have more than one group
- User can be a single group or multiple group. root user can always over ride the user / group privileges.
User Administration
Creating a User
Creating users as user1 and user2 and user3 with different UID
[root@server1 ~]# useradd user1 [root@server1 ~]# useradd user2
Verify the user has been created successfully, Now you can see user1 and user2 are created with the user/group ID 1000,1001 respectively
[root@server1 ~]# id user1 uid=1000(user1) gid=1000(user1) groups=1000(user1) [root@server1 ~]# id user2 uid=1001(user2) gid=1001(user2) groups=1001(user2)
Setting up the password
Use the passwd command to set the password, the password is case sensitive and minimum 8 characters long, use the passwd command to set password for all other users.
[root@server1 ~]# passwd user2 Changing password for user user2. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@server1 ~]#
User creation with Specific user ID
In scenarios few application needs specific user ID and group ID is need
[root@server1 ~]# useradd -u 501 user6 [root@server1 ~]# id user6 uid=501(user6) gid=1004(user6) groups=1004(user6)
Group Administration
Creating a group
We are going to create two group web and db using the group command
[root@server1 ~]# groupadd web [root@server1 ~]# groupadd db
Verify that group has been created
[root@server1 ~]# grep web /etc/group web:x:1002: [root@server1 ~]# grep db /etc/group db:x:1003:user5 [root@server1 ~]# grep db /etc/group
Group with Specific group ID
In few scenarios the application /db requires specific group ID has to be created, using the -g option in groupadd / groupmod command we can assign the particular group ID
[root@server1 ~]# groupadd -g 555 testgroup [root@server1 ~]# grep 555 /etc/group testgroup:x:555:
Creating new user and with specific group
We are going assign a user with a specific group instead of the default group that is assigned, We are going to create user3 into the group web
[root@server1 ~]# useradd user3 -g web
Create user4 and assign the group db
[root@server1 ~]# useradd user4 -g db
Create user5 with primary group as web and secondary group as db
[root@server1 ~]# useradd user5 -g web -G db
Verify the User and group ID of all the three users created
[root@server1 ~]# id user3 uid=1002(user3) gid=1002(web) groups=1002(web) [root@server1 ~]# id user4 uid=1003(user4) gid=1003(db) groups=1003(db) [root@server1 ~]# id user5 uid=1004(user5) gid=1002(web) groups=1002(web),1003(db)
Note:
User can have only one primary group and multiple secondary groups, Primary group denotes with -g and secondary group with -G, for multiple secondary group with -G group1, group2,..,groupX
User / Group Modification
We can alter user and group depending upon the requirement. Suppose we want to change the user to some other group or set a default shell variable we can use the following methods
Adding Secondary group to db, primary group remains same as user2
[root@server1 ~]# id user2 uid=1001(user2) gid=1001(user2) groups=1001(user2)
We are going to alter user2 secondary group as db and verify it using the id command
[root@server1 ~]# usermod -G db user2 [root@server1 ~]# id user2 uid=1001(user2) gid=1001(user2) groups=1001(user2),1003(db)
In the above example we can see the user2 primary group is user2 and the secondary group is db
Adding multiple group for a user
Adding one or more secondary group, now the user2 will be part of user2 group, as well as web and db as secondary group
[root@server1 ~]# usermod -G db,web user2 [root@server1 ~]# id user2 uid=1001(user2) gid=1001(user2) groups=1001(user2),1002(web),1003(db)
In the above example we can see the secondary group for the user2 will be web and db, We can also verify the changes are also been updated in the /etc/group
root@server1 ~]# grep user2 /etc/group user2:x:1001: web:x:1002:user2 db:x:1003:user5,user2
In the above output we could see user is in user2/web/db group
Group modification
Using group modification command we are going to rename the testgroup to devgroup
[root@server1 ~]# groupmod testgroup -n devgroup [root@server1 ~]# grep 555 /etc/group devgroup:x:555:
Deleting the User / Group
We are going to delete the user6 and the group devgroup, check the id command output, we could see user6 has the group assigned devgroup
[root@server1 ~]# id user6 uid=501(user6) gid=555(devgroup) groups=555(devgroup) [root@server1 ~]# userdel user6 [root@server1 ~]# groupdel devgroup
Verify the command using the id command
[root@server1 ~]# id user6 id: 'user6': no such user [root@server1 ~]#
Thats is from the user and group administration session for RHCSA Exam , hope this will be help for the RHCSA Exam preparation, we will be posting few more exam preparation posts in the coming days, please let you your feedbacks,
RHCSA Exam – https://www.redhat.com/en/services/training/ex200-red-hat-certified-system-administrator-rhcsa-exam
LVM Filesystem creation – https://computercarriage.com/2020/06/07/lvm-filesystem-creation-in-linux/
yum package manager RHEL-CentOS 6/7/8 – https://computercarriage.com/2020/05/31/easy-use-of-yum-package-manager/
How to extend a partition using Logical Volume Manager – https://computercarriage.com/2020/05/12/lvm-howto/
RCHSA Exam duration : 2.30 Hours
RHCSA Exam Code: EX200
RHCSA Exam objectives – https://www.redhat.com/en/services/training/ex200-red-hat-certified-system-administrator-rhcsa-exam?section=Objectives
RHCSA Exam recommended course
RH134 – https://www.redhat.com/en/services/training/rh134-red-hat-system-administration-ii
RH124 – https://www.redhat.com/en/services/training/rh124-red-hat-system-administration-i