Account Management - Command Line Interface
This section explains how to add new accounts and change account parameters using command line utilities.
Adding Accounts
To add a new user account from the command line run:
su -c "/usr/sbin/useradd luke"
Enter the root password when prompted.
The above command creates a new user account with the username luke, whose primary group is luke. The directory /home/luke
is created as the user's home directory and the user's shell environment is set to /bin/bash
. (These are Fedora defaults for user accounts.)
Upon creation, the user account is locked. To unlock the account, run:
su -c "passwd luke"
To set user's password, enter the root password at the first password prompt. You are then be presented with the following:
Changing password for user luke. New UNIX password:
Type in what you want the user's password to be (remember passwords are case sensitive) and press [Enter] . Prompt changes to:
Retype new UNIX password:
Type the same password again and press [Enter] . Prompt returns:
passwd: all authentication tokens updated successfully.
User luke
is now able to logon and use the system.
User account defaults are controlled through the /etc/login.defs
configuration file. Administrators can manually change values in this file and create a different set of account defaults. Settings from /etc/login.defs
file can be overridden by supplying options to the useradd
command. For example:
su -c "useradd -c "Luke McAlister" -g primary -G additional,another -d /home/second -s /bin/tcsh luke2"
creates a new user account for the user luke2
with the following characteristics:
- user's full name is
Luke McAlister
- user's primary group is
primary
- user
luke2
is also a member ofadditional
andanother
groups /home/second
is created as the home directory forluke2
TCShell
is set as the shell environment forluke2
Adding Group Accounts
To add a new group account, from the command line run:
su -c "groupadd black"
and enter the root password when prompted.
The above command creates a new group account with the group name black.
Modifying Account Parameters
To edit user account parameters, use the usermod
command. Depending on what account parameters need modification, usermod
command may need to be supplied with an option specific to that parameter. For example, to change the comment field for the account, run:
su -c "usermod -c "Luke McAlister" luke"
Enter the root password at the password prompt.
This alters the account information in /etc/passwd
file, placing the user's full name in the fifth field. The line changes from:
luke:x:503:503::/home/luke:/bin/bash
to
luke:x:503:503:Luke McAlister:/home/luke:/bin/bash
You can also edit a user's group membership using the usermod
command. When a user is created, a new group with the same name as the username is created. This group is the user's Primary Group. Files or directories created by said user inherit said users Primary Group. Use the id
command to view Primary and Secondary Group memberships:
id uid=500(user1) gid=500(user1) groups=10(wheel),500(user1) context=user_u:system_r:unconfined_t
The above example shows that the Primary Group for the user user1, is gid 500 (user1). The user1 user is also a member of the wheel Secondary Group. Primary Groups are defined in /etc/passwd
:
user1:x:500:500:UserOne:/home/user1:/bin/bash
The fourth field shows the Primary Group ID (500) for the user. The /etc/passwd
file uses the following syntax: account:password:UID:GID:GECOS:directory:shell
The Primary Group can be temporarily changed using the newgrp
command. However, the user must already be a member of the group specified:
newgrp testing
The results can be seen using the id
and touch
commands:
id uid=500(user1) gid=502(testing) groups=10(wheel),500(user1),502(testing) context=user_u:system_r:unconfined_t
Note, the Primary Group is now gid 502 (testing).
touch file1 ls -l file1 -rw-r--r-- 1 user1 testing 0 2007-10-13 20:31 file1
The file1
file belongs to the testing group instead of the user1 group. Type exit
to return to your original Primary Group; the output of the exit
command is exit
:
exit exit id uid=500(user1) gid=500(user1) groups=10(wheel),500(user1) context=user_u:system_r:unconfined_t
The Primary Group is now back to user1. Also note the id
command has not displayed the testing group. Changes to group membership require you to log out and then log in, before the changes are displayed using the id
and groups
commands. Users can also be members of Secondary Groups. Secondary groups are defined in /etc/group
. Use the groups
and id
commands to view group membership:
groups user1 wheel testing
id uid=500(user1) gid=500(user1) groups=10(wheel),500(user1),502(testing) context=user_u:system_r:unconfined_t
To add a user to a Secondary Group, use the following command:
su -c "/usr/sbin/usermod -a -G <group> <username>"
Enter the root password when prompted.
This adds the user specified with <username> to the Secondary Group specified in <group>. To add a user to multiple Secondary Groups list the group names in comma-separated form:
su -c "/usr/sbin/usermod -a -G <group1>,<group2>,<group3> <username>"
Enter the root password when prompted.
Removing a user from a group is a little different. Use the usermod
command without the -a
append switch to specify the group memberships you want to keep. For example, if said user is a member of group1, group2, group3, and group4, but you want to remove the user from group4, run the following command:
su -c "/usr/sbin/usermod -G group1,group2,group3 <username>"
This command keeps the user's group memberships of group1, group2, and group3, while removing them from the group4 group.
For the full list of available command options, refer to the usermod(8)
manual page.
Modifying Group Accounts
To modify group account parameters, use the groupmod
command. This command can change two group account parameters, the group ID (GID) and group name. To change the group ID (GID) of the group black, run:
su -c "groupmod -g 600 black"
Enter root password at the prompt. This command would change the GID of the group black
to 600. If you do not use -o
option, the GID numerical value supplied to the command must be unique.
To assign a new name to the group account, run:
su -c "groupmod -n blue black"
Enter the root password at the prompt. This changes the group's name from black to blue.
Changing Password Expiration Information
To change the user's password expiration information use the chage
command. This command changes the number of days between password changes and the date of the last password change and is used by the system to determine when the user is forced to change the password. For example, to set the number of days the password of the user dan to be valid for 90 days (three months), run:
su -c "chage -M 90 dan"
Enter the root password at the prompt. The above option is usually used in conjunction with -W
option, which sets the number of days before expiration the user is warned about the pending expiration:
su -c "chage -W 10 -M 90 dan"
Enter the root password when prompted. The above command forces the user dan to change the password after 90 days. User dan is warned about this every day, starting 10 days before the password expiration.
The next section explains how to manage accounts using a graphical interface.
Previous Page - What Happens in the Background | Manage Accounts Using CLI | Next Page - Manage Accounts Using GUI |