top of page

Manage users

Sep 28

2 min read

1

22

0



Under the manage users objective for the RHCSA exam, Red Hat lists two things.

  • Create, delete, and modify local user accounts

  • Change passwords and adjust password aging for local user accounts


Create users with useradd


useradd john creates the user john.

Checkout useradd --help to see more available options.

Settings in /etc/default/useradd apply to the useradd command only.

Login.defs a configuration file used to define defaults for user account creation, take a look at /etc/login.defs. Changing this will not affect previously created users, only users that will be created in the future.

When you create new users the files in /etc/skel are copied to the user home directory.


This command creates the user bruce and puts him in the group wheel, creates a comment about this user and makes the zsh his default shell.


useradd -G wheel -c "Bruce the contractor" -s /bin/zsh bruce


Modify users with usermod


Check out the options for usermod with usermod --help.

Change the login name of a user, usermod -l new-username old-username.

Add carter to the printers-admin group. usermod -aG printers-admin carter.


Delete users with userdel


Let's delete the user carter. userdel carter.

This command leaves the home directory for carter in place. If we want to delete the home directory as well do, userdel -r carter.


Password management


Set password


Do passwd john to issue John a password.


Another way to issue a password to a user you can do the following. It's a good method if you are managing users via scripting.

openssl passwd -6 

usermod -p 'hashed-passwd' username.

Put the password hash in single quotes because if it contains a $ sign, Bash will interpret that incorrectly. Don't use double quotes.


You can also view the password options in /etc/shadow. You can see if the user account is locked out. The second field is the password hash. If the password hash starts with ! The user account is locked out. You also view password-related information such as, password last changed, minimum password age, maximum password age, password warning period.


If you want to transfer a password from another server to another one, simply copy the password hash in /etc/shadow from the server with the correct password and paste it into field number 2.


To edit /etc/passwd use vipw. Do not edit the file directly.


Password aging


To view password settings for user John. chage -l john

To set password options for John. chage john

To set a specific password option you can do for example, chage -M 90 john.

That sets the maximum number of days before a password change to 90.


If an account is expired, you can remove the expiration date this way.

usermod --expiredate '' rambo 


Lock and unlock account


To lock a user account. usermod -L john

To unlock an account. usermod -U john


You can also see if the account is locked with passwd -S armann.


Logout other users


Use the loginctl command.

To see who is logged in. loginctl list-sessions 

To logout a user. loginctl terminate-session 3 and 3 being the session number you want to logout. :)

Comments

Share Your ThoughtsBe the first to write a comment.
bottom of page