Previous Page | Next Page

  1. Introduction
  2. About Linux
  3. Installation and getting started
  4. Logging in and out
  5. Basic Linux Commands
  6. Linux Files and File Permissions
  7. Linux Directory Structure
  8. Finding Files
  9. Linux Help
  10. Setting Time
  11. Devices
  12. Tips
  13. Accessing Other Filesystems
  14. Accessing Removable Media
  15. Making and Managing Filesystems
  16. Emergency Filesystems and Procedures
  17. LILO and Runlevels
  18. Init
  19. Environment, Shell Selection, and Startu
  20. Linux Kernel
  21. Package Installation and Printing
  22. Configuration, Logging and CRON
  23. Keys and Terminal Configuration
  24. Sound Configuration
  25. Managing Users
  26. Passwords
  27. Process Control
  28. Configuration and Diagnostic Tools
  29. Overall Configuration
  30. Using PAM
  31. Basic Network Setup
  32. Tools and Terms
  33. Novell and Printing
  34. Inetd Services
  35. Xinetd Services
  36. Other Network Services
  37. FTP and Telnet
  38. Samba
  39. Identd (auth)
  40. X Configuration
  41. X Use
  42. Using X Remotely
  43. X Documentation
  44. DNS
  45. DHCP and BOOTP
  46. Apache
  47. NFS
  48. PPP
  49. Mail
  50. Routing
  51. IP Masquerading
  52. Proxy Servers and ipchains
  53. UUCP
  54. News
  55. NIS
  56. Network Security
  57. Secure Shell
  58. Text Processing
  59. Shell Programming
  60. Emacs
  61. VI
  62. Recommended Reading
  63. Credits

Managing Linux Users

Linux Commands for managing users:

  • adduser(8) - Command used to add user accounts.
  • chage (1) - Used to change the time the user's password will expire.
  • chfn(1) - Change a user's finger information
  • chsh(1) - Change a user's shell.
  • chgrp (1) - Changes the group ownership of files.
  • chown (1) - Change the owner of file(s ) to another user.
  • gpasswd (1) - Used to administer the /etc/group file.
  • groupadd (8) - Create a new group.
  • grpconv (8) - Creates /etc/gshadow from the file /etc/group which converts to shadow passwords.
  • grpunconv (8)- Uses the files /etc/passwd and /etc/shadow to create /etc/passwd, then deletes /etc/shadow which converts from shadow passwords.
  • groupdel (8) - Delete a group
  • groupmod (8) - Modify a group
  • groups (1) - print the groups a user is in
  • grpck (8) - Verify the integrity of group files.
  • id(1) - Print group or user ID numbers for the specified user.
  • newgrp(1) - Allows a user to log in to a new group.
  • newusers (8) - Update and create new users in batch form.
  • nologin (5) - Prevent non-root users from logging onto the system.
  • passwd (1) - Used to update a user's password. The command "passwd username" will set the password for the given user.
  • pwconv (8) - Used to create the file /etc/shadow from the file /etc/passwd to convert to shadow passwords.
  • pwunconv (8) - Uses the files /etc/passwd and /etc/shadow to create /etc/passwd, then deletes /etc/shadow to convert from shadow passwords.
  • su (1) - run a shell with substitute user and group IDs
  • useradd (8) - Create a new user or update default new user information
  • userdel (8) - Delete a user account and their files from the system. The command "userdel -r newuser" will remove the user and deletes their home directory.
  • usermod (8) - Modify a user account.

Other useful commands/examples:

find / -user username -lsGives a list of all files owned by username.
chown -R myuser /home/myuserChanges ownership of all files in mysuer home directory to myuser.
chmod +s filenameSets the uid

Files

  • /etc/passwd - Where the user's name, and other pertinent information are stored. This includes the password unless your system is using shadow passwords.
  • /etc/shadow - Where the user's password is stored if you are using shadow passwords.
  • /etc/group - Where group names are stored.
  • /etc/aliases - Where the user's name is matched to a nickname for e-mail.
  • /etc/sudoers - A list of users with special privileges along with the commands they can execute.

File Formats

Note group ID numbers start at 100 and user ID numbers start at 500. The file /etc/group gives groups

The /etc/passwd file:

username:password:uid:gid:gecos:homedir:shell
Gecos contains information about the user, including the real name. Shell is the name and path of the user's default shell program.

The /etc/group file:

groupname:password:gid:members
If the entry "bigclown:*: mark,george" is in the group file, the users mark and george are members of the bigclown group.

Examples

To add a user, while logged in as root, type "adduser username".
To set a user password, while logged in as root or the user that will be changed, type "passwd username". If "passwd" is typed, the password will be changed for the user, you are logged in as.
To remove a user, while logged in as root, type "userdel -r username". This will remove the user's home directory. You can delete the user without the "-r" option and delete the user's home directory manually. If the group the user was in, is no longer needed, you may delete it by editing the "/etc/group" file.

The file "/etc/aliases" is where the user's real name is matched to their user name for e-mail accounts. Add users to this file in the form:

Firstname,Lastname:username

Then update the database by typing "newaliases".

User Process Accounting

Process accounting is supported by new kernels. To use this feature, you'll need to get the acct-1.3.73.tar.gz package or later. The package contains some programs used to manage users. The following commands are useful for user accounting:

  • ac(1) - Print statistics about users' connect time.
  • accton (8) - Turn on accounting of processes. To turn it on type "accton /var/log/pacct".
  • last(1) - Shows a list of users who have logged in.
  • lastb(1) - Shows failed login attempts. This command requires the file /var/log/btmp to exist in order to work. Type "touch /var/log/btmp" to begin logging to this file.
  • lastcomm (1) - Display information about previous commands in reverse order. Works only if process accounting is on.
  • sa(8) - Generates a summary of information about users' processes that are stored in the /var/log/pacct file.
  • utmpdump(1) - Used for debugging.
  • who(1) - Find out what users are logged onto the system.

Files that hold accounting information

  • /var/log/wtmp - Stores information about all logins and logouts.
  • /var/run/utmp - Stores information about who is currently on the system and is used by the who command.
  • /var/log/btmp - Used to store information about failed logins.

The /var/log/wtmp file, contains the following information:

  • Type of Login
  • Process ID of login process
  • The device name of the tty used
  • The init ID or abbreviated ttyname
  • User Name
  • Hostname for remote login
  • Exit Status of a process
  • The session ID
  • The time entry was made
  • IP address of remote host

See the man page for wtmp(5) for more information.

The ability to set quotas limits a user's disk storage by setting:

  1. The number of inodes the user or group may use.
  2. The number of disk blocks a user or group may use.

This limits user's ability to use up all system resources. It only works on ext2 filesystems. Quotas must be set for each filesystem that the user may use. The kernel must have quota support compiled in.

User Quotas

The ability to set quotas limits a user's disk storage by setting:

  1. The number of inodes the user or group may use.
  2. The number of disk blocks a user or group may use.

This limits the user's ability to use up all system resources. It only works on ext2 filesystems. Quotas must be set for each filesystem that the user may use. The kernel must have quota support compiled in.

Commands used to set quotas and limits are:

  • edquota(8) - Used to edit user or group quotas. This program uses the vi editor to edit the quota.user and quota.group files. If the environment variable EDITOR is set to emacs, the emacs editor will be used. Type "export EDITOR=emacs" to set that variable.
  • quota(1) - Display users' limits and current disk usage.
  • quotaoff(8) - Turns system quotas off.
  • quotaon(8) - Turn system quotas on.
  • quotacheck(8) - Used to check a filesystem for usage, and update the quota.user file.
  • repquota(8) - Lists a summary of quota information on filesystems.
  • ulimit - A bash builtin command for setting the processes a user can run. The command "ulimit -n 9000" will set the limit on open files to 9000.

Files:

  • /etc/mtab
  • quota.user - Resides on the filesystem quotas are being set on.
  • quota.group

Read the Quota mini howto for more information. Here's roughly what is needed to enable and set quotas:

  1. In your startup scripts, you should use the quotacheck and quotaon commands to start quota checking at system startup. Read the "How Linux Works" or the "Linux Startup Manual" for more information on startup scripts. This is already setup properly in most current versions of Linux.
  2. In the /etc/fstab file, add the mount options "usrquota" and "grpquota". You only need "grpquota" if you are going to set group quotas also. An example entry:
    /dev/hda2       /    ext2    defaults,usrquota,grpquota       1       1
    
  3. Issue the following commands, where "fs" is the name of the filesystem where quotas are to be set. The first two commands create the quota files, and the second two commands keep users from accessing those files.
    touch /fs/quota.user
    touch /fs/quota.group
    chmod 600 /fs/quota.user
    chmod 600 /fs/quota.group
    
  4. If you use emacs rather than vi to edit files, type "export EDITOR=emacs". You may want to add this command to your shell startup script such as $HOME/.bash_profile.
  5. Type "edquota username" to edit the quota file. You get a screen like this:
    Quotas for user george:
    /dev/hda2: blocks in use: 10672, limits (soft = 0, hard = 0)
                  inodes in use: 1856, limits (soft = 0, hard = 0)
    /dev/hda3: blocks in use: 0, limits (soft = 0, hard = 0)
                  inodes in use: 0, limits (soft = 0, hard = 0)
    

    Enter the limits you want to set and save the file. The soft limits are those that may be exceeded for limited periods of time, and the hard limits may not be exceeded.