Users and groups
- 1 File list
- 2 User management
- 3 Group management
- 4 See Also
||User account information (Generated from master.passwd)|
||User account information|
||Defines the groups to which users belong|
||List of who can run what by sudo|
A list of all users currently logged into the system can be retrived with the who(1) command.
To get all users on the system, regardless of if they are currently logged in or not use the users(1) command.
To get information about a user on the system use the finger(1) command.
$ finger username
Creating a new user account
An easy way to create new user accounts is with the adduser(8) utility. The adduser utility can be used interactively to add one user, or it can work in batch mode reading from a file to create multiple users at once.
# adduser Username: jsmith Full name: John Smith Uid (Leave empty for default): Login group [jsmith]: Login group is jsmith. Invite jsmith into other groups? : wheel Login class: [default]: Shell (sh csh tcsh bash rbash zsh git-shell nologin) [sh]: bash Home directory [/home/jsmith]: Home directory permissions (Leave empty for default): Use password-based authentications? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : jsmith Password : ***** Full Name : John Smith Uid : 1002 Class : Groups : jsmith wheel Home : /home/jsmith Home Mode : Shell : /usr/bin/bash Locked : no OK? (yes/no) : yes adduser: INFO: Successfully added (jsmith) to the user database. Add another user? (yes/no): no Goodbye!
This adds a new user to the system with the username jsmith which is part of the jsmith and wheel group using /usr/bin/bash for the login shell and whose home directory is /home/jsmith. This also adds the user's full name to GECOS comment, to add other information for the user use
# chfn username
Running in batch mode
adduser in batch mode, it takes in a list of users from a file with one line per file. If
adduser encounters an error while processing a line, it prints out an error to STDERR and moves on to the next line.
The format for the input file is # at the start of a line is a comment and is ignored, all other lines must consist of ten colon (:) separated fields. Only the password field may contain a : character as part of the string.
|name||Login name. This field may not be empty.|
|uid||Numeric login user ID. If this field is left empty, it will be automatically generated.|
|gid||Numeric primary group ID. If this field is left empty, a group with the same name as the user name will be created and its GID will be used instead.|
|class||Login class. This field may be left empty.|
|change||Password ageing. This field denotes the password change date for the account. The format of this field is the same as the format of the -p argument to pw(8). It may be dd-mmm-yy[yy], where dd is for the day, mmm is for the month in numeric or alphabetical format: 10 or Oct, and yy[yy] is the four or two digit year. To denote a time relative to the current data the format is +n[mhdwoy], where n denotes a number, followed by the minutes, hours, days, weeks, months, or years after which the password must be changed. This field may be left empty to turn it off.|
|expire||Account expiration. This field denotes the expiry date of the account. The account may not be used after the specified date. The format of this field is the same as that for password ageing. This field may be left empty to turn it off.|
|gecos||Full name and other extra information about the user.|
|home_dir||Home directory. If this field is left empty, it will be automatically created by appending the username to the home partition. The /nonexistent home directory is considered special and is understood to mean that no home directory is to be created for the user.|
|shell||Login shell. This field should contain either the base name or the pull path to a valid login shell|
|password||User password. THis field should contain a plaintext string, which will be encrypted before being placed in the user database. If the password type is yes and this field is empty, it is assumed the account will have an empty password. If the password type is random and this field is not empty, its contents will be used as a password. This field will be ignored if the -w option is used with a no or none argument. Be careful not to terminate this field with a closing : because it will be treated as part of the password.|
An example of adding users in batch:
# adduser -f users.txt
Edit and Remove Users
Besides adding users with
adduser, tools to used to achieve other user maintenance tasks include
rmuser to removing users,
chpass to change user database information,
passwd to change user passwords, and
pw allows for editing all aspects of user accounts.
Details on already created user accounts can be changed with the
chpass command. Non-privileged users have the ability to change their default shell and personal information, but the root user can change additional account information for users. When ran with no options other than a username for the account to edit,
chpass displays an editor containing user information. When the user exits from the editor, the user database is updated with the new information.
# chpass jsmith
#Changing user database information for jru. Login: jsmith Password: * Uid [#]: 1001 Gid [# or name]: 1001 Change [month day year]: Expire [month day year]: Class: Home directory: /home/jsmith Shell: /usr/bin/bash Full Name: John Smith Office Location: Office Phone: Home Phone: Other information:
rmuser command takes the following steps when deleting an account:
- Removes the user's crontab entry, if one exists.
- Removes any at jobs belonging to the user.
- Kills all processes owned by the user.
- Removes the user from the systems's local password file.
- Optionally removes the user's home directory, if it is owned by the user.
- Removes the incoming mail files belonging to the users from /var/mail.
- Removes all the files owned by the user from temporary file storage areas such as /tmp.
- Finally, removes the username from all groups to which it belongs in /etc/group. If a group becomes empty and the group name is the same as the username, the group is removed. This complements the per-user unique groups created by
# rmuser jsmith
Matching password entry: jsmith:*:1001:1001::0:0:John Smith:/home/jsmith:/usr/bin/bash Is this the entry you wish to remove? y Remove user's home directory (/home/jsmith)? y Removing user (jsmith): mailspool home passwd.
Updating User Password
Any user can easily change their password, and root can change anyone's password, using
passwd. To prevent accidental or unauthorized changes, this command will prompt for the user's original password before a new password can be set (root user is an exception to this as root isn't required to enter a user's current password). To change another user's password, as root,
passwd takes an optional argument of the username of the account to act on.
$ passwd Changing local password for jsmith. Old password: New password: Retype new password: passwd: updating the database... passwd: done
/etc/group file defines the groups on the system. A entry in the group file consists of the group name, the encrypted password for the group, if any, the numeric Group ID (GID), and comma-delimited list of members. For more information about groups see groups(5).
The superuser can modify
/etc/group using a text editor. Alternatively, pw(8) can be used to add and edit groups.
Listing Groups and Group Membership
List all groups a user is a member of with the
$ groups user
If user is omitted, the current user's group names are displayed.
id command provides additional detail, such as the user's UID and associated GIDs:
$ id user
To list all groups on the system:
$ cat /etc/group
To get information about a group:
# pw groupshow www
Adding New Groups
To create a new group called alpha use:
# pw groupadd alpha
Adding users to a new group
# pw groupmod alpha -M jsmith
The -M argument takes a comma-delimited list of users to add the a new (empty) group or to replace the members of an existing group. To the user, this group membership is different from the user's primary group listed in the password file. This means that the user will not show up as a member when using
pw groupshow, but will show up with the
Adding New Member to a Group
Unlike the previous example which will replace any existing members of a group with the users listed as the argument. To add new users to a group that already has members:
# pw groupmod alpha -m jru
This adds the user named jru to the alpha group without affecting other members in the group. Like the uppercase counterpart -M, the lowercase -m takes a comma-delimited list of users to append to the group member list.
Removing a User from a Group
To remove a user from a group,
pw usermod command can be used:
# pw groupmod group_name -d username
This will remove the user from the named group.
To remove a group from the system run
# pw groupdel group