Linux User Management

From KevinWiki

Revision as of 05:13, 29 September 2008 (view source) Kevin (Talk | contribs) (Linux User Management) ← Older edit		Revision as of 05:50, 29 March 2009 (view source) Kevin (Talk | contribs) m Newer edit →
Line 5:		Line 5:
	<pre>		<pre>
-	$ useradd <username>	+	$ useradd <username>
	</pre>		</pre>
	# You probably need to use [[wikipedia:en:Sudo|Sudo]] command.		# You probably need to use [[wikipedia:en:Sudo|Sudo]] command.
-	$ sudo useradd <username>	+	$ sudo useradd <username>
Line 16:		Line 16:
	<pre>		<pre>
-	$ useradd -d <home directory path> -m <username>	+	$ useradd -d <home directory path> -m <username>
-	$ useradd -d /home/newuser -m newuser	+	$ useradd -d /home/newuser -m newuser
	</pre>		</pre>
Line 25:		Line 25:
	<pre>		<pre>
-	$ useradd -d <home directory path> -m <username> -s <shell>	+	$ useradd -d <home directory path> -m <username> -s <shell>
-	$ useradd -d /home/newuser -m newuser -s /bin/bash	+	$ useradd -d /home/newuser -m newuser -s /bin/bash
	</pre>		</pre>
Line 33:		Line 33:
	To get valid login shell list, check out ''/etc/shells'' file.		To get valid login shell list, check out ''/etc/shells'' file.
	<pre>		<pre>
-	$ cat /etc/shells	+	$ cat /etc/shells
	# /etc/shells: valid login shells		# /etc/shells: valid login shells
	/bin/csh		/bin/csh
Line 55:		Line 55:
	=== '''useradd''' Help Result ===		=== '''useradd''' Help Result ===
	<pre>		<pre>
-	$ useradd --help	+	$ useradd --help
	Usage: useradd [options] LOGIN		Usage: useradd [options] LOGIN
Line 90:		Line 90:
	<pre>		<pre>
-	$ userdel <username>	+	$ userdel <username>
	</pre>		</pre>
	# You probably need to use [[wikipedia:en:Sudo|Sudo]] command.		# You probably need to use [[wikipedia:en:Sudo|Sudo]] command.
-	$ sudo userdel <username>	+	$ sudo userdel <username>
	=== Also Remove Home Directory ===		=== Also Remove Home Directory ===
	<pre>		<pre>
-	$ userdel -r <username>	+	$ userdel -r <username>
-	$ userdel -r newuser	+	$ userdel -r newuser
	</pre>		</pre>
	=== Help Result ===		=== Help Result ===
	<pre>		<pre>
-	$ userdel --help	+	$ userdel --help
	Usage: userdel [options] LOGIN		Usage: userdel [options] LOGIN
Line 119:		Line 119:
	<pre>		<pre>
-	$visudo	+	$visudo
	</pre>		</pre>
Line 133:		Line 133:
	-Do not forget to have at least one sudoer user before running this.		-Do not forget to have at least one sudoer user before running this.
	<pre>		<pre>
-	$ passwd -l root	+	$ passwd -l root
	</pre>		</pre>
	=== Help Result ===		=== Help Result ===
	<pre>		<pre>
-	$ passwd --help	+	$ passwd --help
	Usage: passwd [options] [LOGIN]		Usage: passwd [options] [LOGIN]
Line 165:		Line 165:
	If you need a persistent root login, use		If you need a persistent root login, use
	<pre>		<pre>
-	$ sudo -i	+	$ sudo -i
	</pre>		</pre>
Line 178:		Line 178:
	-To display all the processes belong to the user.		-To display all the processes belong to the user.
	<pre>		<pre>
-	$ ps aux | grep ${USER}	+	$ ps aux | grep ${USER}
	</pre>		</pre>
	-To display only PIDs and processes belong to the user		-To display only PIDs and processes belong to the user
	<pre>		<pre>
-	$ ps aux | grep ${USER} | awk '{print $2 " " $11}' | sort -gr	+	$ ps aux | grep ${USER} | awk '{print $2 " " $11}' | sort -gr
	</pre>		</pre>
	-To kill the process		-To kill the process
	<pre>		<pre>
-	$ sudo kill -s 9 <PID number>	+	$ sudo kill -s 9 <PID number>
	</pre>		</pre>
Line 196:		Line 196:
	# username is 'user'		# username is 'user'
-	$ ps aux | grep ${USER}	+	$ ps aux | grep ${USER}
	root    19087  0.0  0.7  67964  2904 ?        Ss  13:32  0:00 sshd: user  [priv]		root    19087  0.0  0.7  67964  2904 ?        Ss  13:32  0:00 sshd: user  [priv]
	user    19089  0.0  0.4  67964  1724 ?        S    13:32  0:00 sshd: user@pts/0		user    19089  0.0  0.4  67964  1724 ?        S    13:32  0:00 sshd: user@pts/0
Line 204:		Line 204:
	</pre>		</pre>
-	$ ps aux | grep ${USER} | awk '{print $2 " " $11}' | sort -gr	+	$ ps aux | grep ${USER} | awk '{print $2 " " $11}' | sort -gr
	19105 sort		19105 sort
	19104 awk		19104 awk
Line 225:		Line 225:
	-Kill the bash		-Kill the bash
	<pre>		<pre>
-	$ sudo kill -s 9 19090	+	$ sudo kill -s 9 19090
	</pre>		</pre>
	===To Kick out Another Login of Yours===		===To Kick out Another Login of Yours===
-	$ who	+	$ who
	user    pts/0        2008-08-24 13:25		user    pts/0        2008-08-24 13:25
	'''user    pts/1        2008-08-24 12:50 ''' <= to kick this out.		'''user    pts/1        2008-08-24 12:50 ''' <= to kick this out.
-	$ ps a	+	$ ps a
	PID TTY      STAT  TIME COMMAND		PID TTY      STAT  TIME COMMAND
	2552 tty1    Ss+    0:00 /sbin/getty 38400 tty1		2552 tty1    Ss+    0:00 /sbin/getty 38400 tty1
Line 241:		Line 241:
	19078 pts/0    R+    0:00 ps a		19078 pts/0    R+    0:00 ps a
-	$ kill -s 9 18988	+	$ kill -s 9 18988
-	$ who	+	$ who
	user    pts/0        2008-08-24 13:25		user    pts/0        2008-08-24 13:25
-	$ ps a	+	$ ps a
	PID TTY      STAT  TIME COMMAND		PID TTY      STAT  TIME COMMAND
	2552 tty1    Ss+    0:00 /sbin/getty 38400 tty1		2552 tty1    Ss+    0:00 /sbin/getty 38400 tty1
	19044 pts/0    Ss    0:00 -bash		19044 pts/0    Ss    0:00 -bash
	19080 pts/0    R+    0:00 ps a		19080 pts/0    R+    0:00 ps a

---

Revision as of 05:50, 29 March 2009

Contents 1 Add a new user on Linux 1.1 Essential 1.2 With Home Directory 1.3 With Specifying Login Shell 1.4 useradd Help Result 2 Remove User 2.1 Essential 2.2 Also Remove Home Directory 2.3 Help Result 3 Sudoer 3.1 Add User to sudo List 3.2 Disable root User ID 3.3 Help Result 3.4 Root Login 3.5 References 4 Kick Out User Logged in 4.1 How to 4.2 Example 4.3 To Kick out Another Login of Yours

Add a new user on Linux

Essential

One way to add a new user on Linux is using useradd command.

 $ useradd <username> 

# You probably need to use Sudo command.
$ sudo useradd <username> 

With Home Directory

However, the user added will have neither the password nor the home directory. If you want to specify the home directory, you can use -d option. If you also want to create home directory and set it for the user when adding a new user, you can use -m option with -d.

$ useradd -d <home directory path> -m <username> 

$ useradd -d /home/newuser -m newuser 

With Specifying Login Shell

After using useradd above, you may realise that the new user's login shell is not the one you want him or her to have. So in order to specify the login shell, you can -s option.

$ useradd -d <home directory path> -m <username> -s <shell> 

$ useradd -d /home/newuser -m newuser -s /bin/bash 

To get valid login shell list, check out /etc/shells file.

$ cat /etc/shells 
# /etc/shells: valid login shells
/bin/csh
/usr/bin/es
/usr/bin/ksh
/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/usr/bin/screen
/bin/sh
/bin/dash
/bin/false
/bin/bash
/bin/rbash

useradd Help Result

$ useradd --help 
Usage: useradd [options] LOGIN

Options:
  -b, --base-dir BASE_DIR	base directory for the new user account
				home directory
  -c, --comment COMMENT		set the GECOS field for the new user account
  -d, --home-dir HOME_DIR	home directory for the new user account
  -D, --defaults		print or save modified default useradd
				configuration
  -e, --expiredate EXPIRE_DATE	set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE	set password inactive after expiration
				to INACTIVE
  -g, --gid GROUP		force use GROUP for the new user account
  -G, --groups GROUPS		list of supplementary groups for the new
				user account
  -h, --help			display this help message and exit
  -k, --skel SKEL_DIR		specify an alternative skel directory
  -K, --key KEY=VALUE		overrides /etc/login.defs defaults
  -m, --create-home		create home directory for the new user
				account
  -o, --non-unique		allow create user with duplicate
				(non-unique) UID
  -p, --password PASSWORD	use encrypted password for the new user
				account
  -r, --system			create a system account
  -s, --shell SHELL		the login shell for the new user account
  -u, --uid UID			force use the UID for the new user account

Remove User

Essential

A simple way to remove the existing Linux user is using userdel command.

 $ userdel <username> 

# You probably need to use Sudo command.
$ sudo userdel <username> 

Also Remove Home Directory

$ userdel -r <username> 
$ userdel -r newuser 

Help Result

$ userdel --help 
Usage: userdel [options] LOGIN

Options:
  -f, --force			force removal of files, even if not owned by user
  -h, --help			display this help message and exit
  -r, --remove			remove home directory and mail spool

Sudoer

Add User to sudo List

-To add a uer to sudo list, run the command below

$visudo 

-Add the username after root

# User privilege specification
root,username      ALL=(ALL) ALL

i -> edit -> ESC -> : -> wq

Disable root User ID

-Do not forget to have at least one sudoer user before running this.

$ passwd -l root 

Help Result

$ passwd --help 
Usage: passwd [options] [LOGIN]

Options:
  -a, --all                     report password status on all accounts
  -d, --delete                  delete the password for the named account
  -e, --expire                  force expire the password for the named account
  -h, --help                    display this help message and exit
  -k, --keep-tokens             change password only if expired
  -i, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --lock                    lock the named account
  -n, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -q, --quiet                   quiet mode
  -r, --repository REPOSITORY   change password in REPOSITORY repository
  -S, --status                  report password status on the named account
  -u, --unlock                  unlock the named account
  -w, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
  -x, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS

Root Login

If you need a persistent root login, use

$ sudo -i 

References

[RootSudo]

Kick Out User Logged in

How to

-Check the processes of the user whom you want to kick out, then kill the user's login shell (e.g. bash)

-To display all the processes belong to the user.

$ ps aux | grep ${USER} 

-To display only PIDs and processes belong to the user

$ ps aux | grep ${USER} | awk '{print $2 " " $11}' | sort -gr 

-To kill the process

$ sudo kill -s 9 <PID number> 

Example

# username is 'user'

$ ps aux | grep ${USER} 
root     19087  0.0  0.7  67964  2904 ?        Ss   13:32   0:00 sshd: user  [priv]
user     19089  0.0  0.4  67964  1724 ?        S    13:32   0:00 sshd: user@pts/0
user     19090  0.0  0.6  19336  2248 pts/0    Ss   13:32   0:00 -bash
user     19100  0.0  0.2  15056  1088 pts/0    R+   13:32   0:00 ps aux
user     19101  0.0  0.2   5160   828 pts/0    S+   13:32   0:00 grep user

$ ps aux | grep ${USER} | awk '{print $2 " " $11}' | sort -gr 
19105 sort
19104 awk
19103 grep
19102 ps
19090 -bash
19089 sshd:
19087 sshd:

-awk option.

#print the 2nd and the 11th columns
print $2 " " $11

(sort options
-g, --general-numeric-sort  compare according to general numerical value
-r, --reverse               reverse the result of comparisons)

-Kill the bash

$ sudo kill -s 9 19090 

To Kick out Another Login of Yours

$ who 
user    pts/0        2008-08-24 13:25 
user    pts/1        2008-08-24 12:50  <= to kick this out.

$ ps a 
  PID TTY      STAT   TIME COMMAND
 2552 tty1     Ss+    0:00 /sbin/getty 38400 tty1
18988 pts/1    Ss+    0:00 -bash
19044 pts/0    Ss     0:00 -bash
19078 pts/0    R+     0:00 ps a

$ kill -s 9 18988 

$ who 
user    pts/0        2008-08-24 13:25 

$ ps a 
  PID TTY      STAT   TIME COMMAND
 2552 tty1     Ss+    0:00 /sbin/getty 38400 tty1
19044 pts/0    Ss     0:00 -bash
19080 pts/0    R+     0:00 ps a