MANAGING USERS [add, dell, chage] and group

The Linux operating system has never been separated from the process management of file ownership and permissions where these three functions require a user and group account

A user account is used to provide security boundaries between different people and programs that can run commands. Internally, the system distinguishes user accounts by the unique identification number assigned to them, the user ID or UID. If a user account is used by humans, it will generally be assigned a secret password that the user will use to prove that they are the actual authorized user when logging in.

There are three main types of user account: the superuser, system users, and regular users.

1. superuser account is for administration of the system. The name of the superuser is root and the account has UID 0. The superuser has full access to the system.In Windows, this user account is known as the Administrator account.

2. system account
   These accounts are used by different services running on the operating system to access the system resources. The operating system uses these accounts to check whether a particular service that is requesting system resources is allowed to access those resources or not

3. reguler user account
   This user account has moderate privilege. This user account is not allowed to make any changes in system files and properties.

-id command to show information about the currently logged-in user.
-To view basic information about another user, pass the username to the id command as an argument.
-To view the owner of a file use the ls -l command.
-To view the owner of a directory use the ls -ld command.
-To view process information, use the ps command.
-Add the a option to view all processes with a terminal
-By default, systems use the /etc/passwd file to store information about local users.
-Each line in the /etc/passwd file contains information about one user. It is divided up into seven colon-separated fields. Here is an example of a line from /etc/passwd

explanation for line:

-root : username

• x : password that has been encrypted and stored in the /etc/shadow file
• 0 : UID (User Identifier)
• 0 : GID (Group Identifier)
• root : GECOS (General Electric Comprehensive Operating System) contains information on the user's full name, address, telephone, and others
• /root : the default working directory when the user logs into the system
• /bin/bash : the type of shell that runs when the user logs into the system

how to add users?
To add or create a new user, you can use the adduser and useradd commands

• adduser To add a user using the adduser command, information such as full name, address, and phone number is required.

-useradd
You can run the command:

useradd linux

In its simplest form when used without any options, useradd will create a new user account with the default settings specified in the /etc/default/useradd file
In order to log in as the newly created user, you need to set a user password. To do so run the passwd command followed by the username

passwd linuxid 

You will be asked to enter and confirm your password. Make sure you use a strong password.

Changing password for user linuxid.
New password:
Retype new password:
passwd: all authentication tokens updated

Creating Users from the Command Line

The useradd username command creates a new user named username. It sets up the user's home directory and account information, and creates a private group for the user named username. At this point the account does not have a valid password set, and the user cannot log in until a password is set.

The useradd --help command displays the basic options that can be used to override the defaults. In most cases, the same options can be used with the usermod command to modify an existing user.

Some defaults, such as the range of valid UID numbers and default password aging rules, are read from the /etc/login.defs file. Values in this file are only used when creating new users. A change to this file does not affect existing users.

The usermod --help command displays the basic options that can be used to modify an account.

DELL

The userdel username command removes the details of username from /etc/passwd, but leaves the user's home directory intact.

The userdel -r username command removes the details of username from /etc/passwd and also deletes the user's home directory.

The passwd username command sets the initial password or changes the existing password of username.

The root user can set a password to any value. A message is displayed if the password does not meet the minimum recommended criteria, but is followed by a prompt to retype the new password and all tokens are updated successfully.

A regular user must choose a password at least eight characters long and is also not based on a dictionary word, the username, or the previous password

The preceding chage command uses the -m, -M, -W, and -I options to set the minimum age, maximum age, warning period, and inactivity period of the user's password, respectively

What is a Group?

A group is a collection of users that need to share access to files and other system resources. Groups can be used to grant access to files to a set of users instead of just a single user.
Internally, the system distinguishes groups by the unique identification number assigned to them, the group ID or GID.
The mapping of group names to GIDs is defined in databases of group account information. By default, systems use the /etc/group file to store information about local groups.
Each line in the /etc/group file contains information about one group.

In Linux, groups are used to organize and manage user accounts. The main purpose of a group is to assign a set of privileges such as read, write, or execute permissions to a given resource, or which can be shared among users in the group.

So how do you create a group?

To create a new group, type groupadd followed by the name of the group.

grouppad [group name]

If a group with the same name already exists, the system will print an error message like the following:

groupadd: group 'group name' already exists

To suppress the error message if the group already exists, and make the command exit successfully, use the -f (--force) option:

groupadd -f [GROUP NAME]

then how to delete a group?
by using the groupdel perintah command

[user01@host ~]$ sudo groupdel group0022

CHAGE

You can use the chage command to set account expiration dates. When that date is reached, the user cannot log in to the system interactively. The usermod command can lock an account with the -L option.

The chage -d 0 user03 command forces the user03 user to update its password on the next login.

The chage -l user03 command displays the password aging details of user03.

The chage -E 2019-08-05 user03 command causes the user03 user's account to expire on 2019-08-05 (in YYYY-MM-DD format).

The preceding usermod command uses the -e option to set the account expiry date for the given user account. The -L option locks the user's password.

SHELL

shell nologin
The nologin shell acts as a replacement shell for the user accounts not intended to interactively log into the system. It is wise from a security standpoint to disable an account from logging into the system, when the account does not require it. For example, a mail server may require an account to store mail and a password for the user to authenticate with a mail client used to retrieve mail. That user does not need to log directly into the system.

A common solution to this situation is to set the user's login shell to /sbin/nologin. If the user attempts to log in to the system directly, the nologin shell closes the connection.