Linux administration, user management
Users and groups management
Users are stored in /etc/passwd file in next format:
user:x:1000:1000:denis,,,:/home/user:/bin/bash
- Username
- Has password in /etc/shadow
- uid = user id
- gid = group id
- Friendly username, might include email or phone
- Default home directory
- Default shell or no login
Encrypted password are stored in /etc/shadow file.
Groups are listed in /etc/group.
Create user accounts
Defaults for creating user account are located in /etc/adduser.conf.
There it’s possible to configure user default directory, prefix for default directory, skeleton for default directory.
Modifying and deleting user accounts
- Login as user "su username"
- Changing password "passwd" or using with sudo, if user do not know the password
- Changing shell possible using "chsh"
- Change user info "chfn username"
- Change user name "usermod -l newusername oldusername"
- Change default directory "usermod -d /home/user -m username"
Create and modify groups
- Create a group "sudo addgroup name"
- Add user to group "sudo adducer username groupname"
- Add user to group "sudo usermod -a -G groupname username"
- Modify or delete group "groupmod/delgroup"
Home folder templating and global environment configuration
There is a possibility to set skeleton in /etc/skel.
Configure and monitor user resources.
To check resources used by user "top -u username".
Same with "ps -u username".
Setting limits for users "/etc/security/limits.etc".
Configure permissions to allow group collaboration
- To change folder group "chgrp groupname folder"
- Allowing write for group "chmod g+w folder"
- Check user group "/etc/group"
- Forcing all files belong to a group, not user "chmod g+s folder"
Granting users and groups sudo access
Check if user has sudo access "/etc/sudoers".
Possible to assign user to "sudo" group.
Authentication tools
PAM (pluggable authentication modules) configuration location is /etc/pam.d folder.
LDAP: Lightweight directory access protocol, you would need server + client.
Packages needed ldap-utils (client), slapd(server).
Reconfigure LDAP server:
dpkg reconfigure ldap-auth-config
To configure LDAP on the machine we need to add changes to "/etc/nsswitch.conf":
- passwd: compat ldap
- group: compat ldap
- shadow: compat ldap
Kerberos needs Key Distribution Center (KDC) to work.
We need krb5-kdc and krb5-admin-server to work with Kerberos.