Monday, May 11, 2015

Users and Groups in CentOS / RHEL

system-config-users is a GUI for managing users and groups in CentOs/RHEL systems. Easily use system-config-users at terminal. It is not installed by default on minimal installation so you have to install it 1st: 
#yum install system-config-users 
If your system is not running in graphical target/runlevel, you can use ssh -Y to connect to the server and run system-config-users.  
But you'd better learn how to use commands for the task. To add a user:

# useradd behnam
When you create a user, an entry will be created in /etc/passwd for the user, a user private group (UPG) is created which can be seen in /etc/group file, the home directory i.e. /home/behnam will be created and the contents of /etc/skell will be copped into the user's home directory. 

If this user creates a new file or directory, it gets it's own permission which is different from the default permission for root user's default permission. The setting which tells what permissions are applied to a new file or directory is called umask and is configured in the /etc/bashrc file

Do not forget to set password for the user. If you do not set a password, he/she can not log in:
#passwd behnam

Note: /etc/login.defs is a file to enforce policies of shadow passwords. 

The passwords will be stored into /etc/shadow. It also stores information about password aging. 

To manage Linux password expiration and aging, you can either manipulate /etc/shadow file or use chage command.

To show the aging information: 
# chage --list bp

Of course it is much more human readable than the aging information in the /etc/shadow file which looks like: 

To set password expiration date:
# chage -M 10 bp
Or to disable the password expiration for a particular user, type the following command:
# chage -m 0 -M 99999 -I -1 -E -1 bp
  • -m 0 sets the minimum time between password change to zero days. 
  • -M 99999 sets the maximum time between password change to 99999 days. 
  • -I -1  sets the "Password inactive" to never.
  • -E -1  sets "Account expires" to never.