- userldel – delete user, delete user home directory (user -r)
- chage / passwd – managing password aging
- chage -l user10 – lists password aging attributes for user
- # chage -l user10
Last password change : May 24, 2021
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
- # chage -l user10
- chage -E 2024-12-31 user10 – deactivate user user10 at 2024-12-31
- chage -d 0 user60 – force to change the password at next login (аналог sudo passwd -e weril)
- passwd -n 7 -x 15 -w 3 user5 – configures password aging for user5 with mindays (–n) set to 7, maxdays (–x) to 16, and warndays (–w) to 3 using the passwd
- The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change
his/her password.
- chage -l user10 – lists password aging attributes for user
- gpasswd – define group administrator(s) & members, group password, disable access to group with newgrp
- If a password is set the members can still use newgrp(1) without a password, and non-members must supply the password. Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.
- vipw / vigr – edit the password/group/shadow-password/shadow-group files
- The vipw and vigr commands edits the files /etc/passwd and /etc/group, respectively. With the -s flag, they will edit the shadow versions of those files, /etc/shadow and /etc/gshadow, respectively. The programs will set the appropriate locks to prevent file corruption. When looking for an editor, the programs will first try the environment variable $VISUAL, then the environment variable $EDITOR, and finally the default editor, vi(1).
- pwck / grpck – verify integrity of password/group files
- The pwck command verifies the integrity of the users and authentication information. It checks that all entries in /etc/passwd and /etc/shadow have the proper format and contain valid
data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors.
- The pwck command verifies the integrity of the users and authentication information. It checks that all entries in /etc/passwd and /etc/shadow have the proper format and contain valid
- These four programs all operate on the normal and shadow password and group files: /etc/passwd, /etc/group, /etc/shadow, and /etc/gshadow.
- pwconv – creates shadow from passwd and an optionally existing shadow
- pwunconv – creates passwd from passwd and shadow and then removes shadow.
- grpconv – creates gshadow from group and an optionally existing gshadow.
- grpunconv – creates group from group and gshadow and then removes gshadow.
ID
id – просмотр информации по себе uid (user id), gid (primary group id – она назначается для новых файлов), список групп с их ID.
root@serv:~# id uid=0(root) gid=0(root) groups=0(root) user@serv:~$ id uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev)
user
Создание пользователя. В файле /etc/passwd хранятся все пользователи (бекап в /etc/passwd-).
sudo useradd -m -s /bin/bash weril sudo passwd weril sudo login weril - тестово логинемся sudo passwd -e weril - (expire) делаем пароль протухшим (после авторизации пользователя заставят поменять пароль) # sudo passwd -l weril - (lock) блокируем пользователя sudo vi /etc/ssh/sshd_config - добавляем в AllowUsers в sshd (AllowUsers <username>@*) sudo /etc/init.d/sshd restart - рестартуем службу (sudo service sshd restart)
При смене пароля может запрашивать старый пароль, мы его можем не знать (напр. потерял пользователь/учетная запись создана облаком), в таком случае меняем из под root.
sudo su passwd weril
Добавление конкретного пользователя в sudo (sudoers).
sudo vi /etc/sudoers ## Allow root to run any commands anywhere root ALL=(ALL) ALL weril ALL=(ALL) ALL
В Centos чтобы не добавлять каждого пользователя отдельно есть группа wheel, в Ubuntu группа sudo. Если добавить в эту группу – будут так же права sudo.
sudo usermod -a -G wheel [user name] sudo usermod -a -G sudo [user name]
groups
Просмотр групп без ID (с ID смотрим по ID).
$ groups user cdrom floppy audio dip video plugdev netdev
Add group shared with GID 9999. В файле /etc/group хранятся все группы (бекап в /etc/group-). groupmod используется для модификации существующей группы.
$ sudo groupadd -g 9999 shared
$ tail -1 /etc/group
shared:x:9999:
Add existing users as members to group
$ sudo usermod -G shared test_user1
$ sudo usermod -G shared test_user2
$ tail -1 /etc/group
shared:x:9999:test_user1,test_user2 # shared - имя группы, х - пароль зашифрован (чаще всего отсутствует и хранится в отдельном файле), 9999 - id группы, test_user1/2 - члены группы