Under the manage users objective for the RHCSA exam, Red Hat lists two things.
Create, delete, and modify local user accounts
Change passwords and adjust password aging for local user accounts
Create users with useradd
useradd john creates the user john.
Checkout useradd --help to see more available options.
Settings in /etc/default/useradd apply to the useradd command only.
Login.defs a configuration file used to define defaults for user account creation, take a look at /etc/login.defs. Changing this will not affect previously created users, only users that will be created in the future.
When you create new users the files in /etc/skel are copied to the user home directory.
This command creates the user bruce and puts him in the group wheel, creates a comment about this user and makes the zsh his default shell.
useradd -G wheel -c "Bruce the contractor" -s /bin/zsh bruce
Modify users with usermod
Check out the options for usermod with usermod --help.
Change the login name of a user, usermod -l new-username old-username.
Add carter to the printers-admin group. usermod -aG printers-admin carter.
Delete users with userdel
Let's delete the user carter. userdel carter.
This command leaves the home directory for carter in place. If we want to delete the home directory as well do, userdel -r carter.
Password management
Set password
Do passwd john to issue John a password.
Another way to issue a password to a user you can do the following. It's a good method if you are managing users via scripting.
openssl passwd -6
usermod -p 'hashed-passwd' username.
Put the password hash in single quotes because if it contains a $ sign, Bash will interpret that incorrectly. Don't use double quotes.
You can also view the password options in /etc/shadow. You can see if the user account is locked out. The second field is the password hash. If the password hash starts with ! The user account is locked out. You also view password-related information such as, password last changed, minimum password age, maximum password age, password warning period.
If you want to transfer a password from another server to another one, simply copy the password hash in /etc/shadow from the server with the correct password and paste it into field number 2.
To edit /etc/passwd use vipw. Do not edit the file directly.
Password aging
To view password settings for user John. chage -l john
To set password options for John. chage john
To set a specific password option you can do for example, chage -M 90 john.
That sets the maximum number of days before a password change to 90.
If an account is expired, you can remove the expiration date this way.
usermod --expiredate '' rambo
Lock and unlock account
To lock a user account. usermod -L john
To unlock an account. usermod -U john
You can also see if the account is locked with passwd -S armann.
Logout other users
Use the loginctl command.
To see who is logged in. loginctl list-sessions
To logout a user. loginctl terminate-session 3 and 3 being the session number you want to logout. :)