6.15 Management of user accounts and files permissions
6.15 Management of user accounts and files permissions
useradd user_name
passwd user_name
(as root) Create a new account (you must be root). E.g., useradd barbara Don't forget to set up the password for the new user in the next step. The user home directory (which is created) is /home/user_name. You may also use an equivalent command adduser user_name.
ls -l /home/peter
useradd peter -u 503 -g 503
(as root). Create an account to match an existing directory (perhaps from previous installation). If the user ID and the group ID (shown for each file) were both 503, I create an account with a matching user name, the user ID (UID) and the group ID (GID). This avoids the mess with changing the ownership of user files after a system upgrade.
userdel user_name
Remove an account (you must be a root). The user's home directory and the undelivered mail must be dealt with separately (manually because you have to decide what to do with the files). There is also groupdel to delete groups.
groupadd group_name
(as root) Create a new group on your system. Non-essential on a home machine, but can be very handy even on a home machine with a small number of users.
For example, I could create a group "friends", using
groupadd friends
then edit the file /etc/group, and add my login name and the names of my friends to the line that lists the group, so that the final line might look like this:
friends:x:502:stan,pete,marie
Then, I can change the permissions on a selected file so that the file belongs to me AND the group "friends".
chgrp friends my_file
Thus, the listed members of this group have special access to these files that the rest of the world might not have, for example read and write permission:
chmod g=rw,o= my_file
The alternative would be go give write permission to everybody, which is definitely unsafe even on a home computer.
groups
List the groups to which the current user belongs. Or I could use groups john to find to which groups the user john belongs.
usermod
groupmod
(as root) Two command-line utilities to modify user accounts and groups without manual editing of the files /etc/passwd /etc/shadow /etc/group and /etc/gshadow. Normally non-essential.
userconf
(as root) Menu-driven user configuration tools (password policy, group modification, adding users, etc). Part of linuxconf package, but can be run separately.
passwd
Change the password on your current account. If you are root, you can change the password for any user using: passwd user_name
chfn
(="change full name"). Change the information about you (full name, office number, phone number, etc). This information is displayed when the finger command is run on your login_name.
chage -M 100 login_name
(= "change age"). Set the password expiry to 100 days for the user named login_name .
quota username
setquota username
quotaon /dev/hda
quotaoff /dev/hda
quotastats
A set of commands to manage user disk quotas. Normally not used on a home computer. "Disk quota" means per-user limits on the usage of disk space. The commands (respectively) display the user quota, set the user quota, turn the quota system on the for a given filesystem (/dev/hda in the above example), turn the quota system off, display quota statistics. "Typical" Linux distros I have seen set on default: no limits for all users, and the quota system is off on all filesystems.
kuser
(as root, in X terminal) Manage users and groups using a GUI. Nice and probably covering most of what you may normally need to manage user accounts.
chmod perm filename
(=change mode) Change the file access permission for the files you own (unless you are root in which case you can change any file). You can make a file accessible in three modes: read (r), write (w), execute (x) to three classes of users: owner (u), members of the group which owns the file (g), others on the system (o). Check the current access permissions using:
ls -l filename
If the file is accessible to all users in all modes it will show:
rwxrwxrwx
The first triplet shows the file permission for the owner of the file, the second for the group that owns the file, and the third for others ("the rest of the world"). A "no" permission is shown as "-".
When setting permissions, these symbols are used: "u"(=user or owner of the file), "g"(=group that owns the file), "o"(=others), "a" (=all, i.e., owner, group and others), "="(=set the permission to), "+"(=add the permission), "-"(=take away the permission), "r"(=permission to read the file), "w"=(write permission, meaning the permission to modify the file), "x"(=permission to execute the file).
For example, this command will add the permission to read the file junk to all (=user+group+others):
chmod a+r junk
This command will remove the permission to execute the file junk from others:
chmod o-x junk
Also try here(lnag_basics.html#file_permissions) for more info.
You can set the default file permissions for the new files that you create using the command umask (see man umask).
chown new_ownername filename
chgrp new_groupname filename
Change the file owner and group. You should use these two commands after you copy a file for use by somebody else. Only the owner of a file can delete it.
lsattr files
List attributes for the file(s). Not very often used because the most interesting attributes are still not implemented. The attributes can be changed using the chattr command. The attributes are: A (=don't update a time when the file is modified), S (=synchronous updates), a (=append only possible to this file), c (=file compressed on the kernel level, not implemented yet), i (=immutable file), d (=no dump), s (=secure deletion), and u (undeletable, not implemented yet). An interesting usage may be to make a file undeletable even by root (until s/he clears the attribute).
sudo /sbin/shutdown -h now
(as a regular user, I will be prompted for my user password) Run the command "shutdown" (or another command which you have been given permission to run by your system administrator). With sudo, the administrator can give selected users the rights to run selected commands, without handing out the root password. The file /etc/sudoers must be configured to contain something like:
my_login_name my_host_computer_name = /sbin/shutdown
pwck
grpck
(as root, two commands). Verify the integrity of the password and group files.
pwconv
grpconv
(as root) Unlikely you need these commands. They convert old-style password and group files to create the more-secure "shadow" files.
Recent comments