Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that can only be assigned by the user.  Group is set of users that has permission to access special files(read, write, execute) and that owner and the root can manage level of accesses to them.  All users have a user ID (UID) and a group ID (GID). 2

The su Command  It is necessary for regular users to run a command as if they were root.  The su means substitute user.  This command changes the UID and GID of the existing user.  The syntax for the su command is this: su option username arguments su -c 'ls /home/bob' – bob the following command switches to user bob's account and produces a list of the contents of bob's home directory  To return to the regular users’ identity  exit 3

The sudo Command  It gives to the certain users only a few superuser permissions.  The list of authorized users is kept in /etc/sudoers  Sudo will prompt for a password and then check the /etc/sudoers.  Sample:  Sudo fdisk /dev/hda1 4

SU VS SUDO  SU is a command that root user with his own password can perform all commands but SUDO is a command that regular user with his own password can perform especial commands that mention in /usr/sbin/visudo.  Users can add or remove from /usr/sbin/visudo in format that mention below: User_name Machine_name=(Effective_user) command 5

Groups  /etc/group  The custom is to use GIDs of 500 or more for regular users and less for administrations or special program.  Groupname:password:gid:users root:x:0:root bin:x:1:root,bin,daemon test:x:500:  Special group  Allow these services to manage their own files with permissions that restrict other users from them. 6

The Password File  /etc/passwd  It is the database file for all users on the system.  Username:password:uid:gid:comment:homedir:shell  * in password means disable. 7

Shadow Passwords  shadow-utils package  /etc/shadow  It is considered to use the encrypted passwords found in /etc/passwd.  Only x or * appears in the passwprd field of /etc/passwd.. 8

Shadow Passwords  Advantages of shadow over the traditional mode  Shadow passwords improve system security by moving encrypted password hashes from the world-readable /etc/passwd file to /etc/shadow, which is readable only by the root user.  Shadow passwords store information about password aging. 9

Shadow Password Fields  The user’s login name  The encrypted password  The number of days since jan 1970  The number of days before the the password can be changed  The number of days before the password is to expire that the user is warned it will expire.  The number of days after the password expires the account is disabled.  The number of days since jan that account has been disabled. 10

User’s Home Directory  When each user is created, a home directory is created for him (/home/ ).  The set of files that initially are used to populated this home directory are kept in /etc/skel. 11

Using the User Accounts Tool  The User Accounts configuration tool allows you to view, modify, add, and delete local users. To run the tool, select Applications → System Tools → System Settings from the Activities menu and click the User Accounts icon.  By default, the tool only allows you to change certain settings regarding your account. This is because only the root user is allowed to configure users and groups. To unlock the configuration tool for all kinds of changes, click the Unlock button in the top-right corner of the window, and provide the correct password when prompted. 12

Using the User Accounts Tool 13

Adding a New User 14

Removing a User 15

Using the User Manager Tool  The User Manager application allows you to view, modify, add, and delete local users and groups in the graphical user interface. To start the application, either select Applications → Other → Users and Groups from the Activities menu, or type system-config-users at a shell prompt. Note that unless you have superuser privileges, the application will prompt you to authenticate as root. 16

Using the User Manager Tool  Fedora reserves user and group IDs below 1000 for system users and groups. By default, the User Manager does not display the system users. To view all users and groups, select Edit → Preferences to open the Preferences dialog box, and clear the Hide system users and groups check box. 17

Viewing Users and Groups 18

Adding a New User 19

Adding a New User  To specify a user ID for the user, select Specify user ID manually. If the option is not selected, the next available user ID above 1000 is assigned to the new user. Because Fedora reserves user IDs below 1000 for system users, it is not advisable to manually assign user IDs 1–

Adding a New Group 21

Modifying User Properties Properties 22

Modifying Group Properties 23

User Management Commands  useradd [option] user name  Create a new user  userdel  Delete a user  usermod  Modify a user account  groupadd [option] group_name  Create a new group  groupdel  Delete a group  groupmod  Modify a group  grpck  Verify the integrity of the system authentication information. 24

Adding a New User  useradd [option] user name  Options:  -c ‘comment’  comment can be replaced with any string. This option is generally used to specify the full name of a user.  -d home_directory  Home directory to be used instead of default /home/username/.  -e date  Date for the account to be disabled in the format YYYY-MM-DD.  -f days  Number of days after the password expires until the account is disabled. If 0 is specified, the account is disabled immediately after the password expires. If -1 is specified, the account is not be disabled after the password expires. 25

Adding a New User  Options:  -g group_name  Group name or group number for the user's default group.  -G group_list  List of additional (other than default) group names or group numbers, separated by commas, of which the user is a member.  -m  Create the home directory if it does not exist.  -M  Do not create the home directory.  -N  Do not create a user private group for the user. 26

Adding a New User  Options:  -p password  The password encrypted with crypt.  -r  Create a system account with a UID less than 1000 and without a home directory.  -s  User's login shell, which defaults to /bin/bash.  -u uid  User ID for the user, which must be unique and greater than

Adding a New Group  groupadd [option] group_name  Options:  -g gid  Group ID for the group, which must be unique and greater than 999.  -p, --password password  Use this encrypted password for the new group.  -o, --non-unique  Allow to create groups with duplicate.  -f, --force  When used with -g gid and gid already exists, groupadd will choose another unique gid for the group. 28

configure password  To configure password expiration for a user from a shell prompt, run the following command as root:  chage [options] username  Options:  -d days  Specifies the number of days since January 1, 1970 the password was changed.  -I days  Specifies the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires. 29

Communicating With Users  wall  Sends a message to the terminals of all user connected to the system.  talk  Allows two-way communication between any two users.  write  Send a message to a user 30

Some Useful Command  chmod  Change file access permission  chown  Change file owner or group  chroot  Run command with special root directory 31

Thanks for your attention 32