User Account and Group Applications

There are two basic types of applications one can use when managing user accounts and groups on Red Hat Linux systems:

For detailed instructions on using User Manager, see the chapter titled User and Group Configuration in the Official Red Hat Linux Customization Guide.

While both the User Manager application and the command line utilities perform essentially the same task, the command line tools have the advantage of being scriptable and therefore, more easily automated.

The following table describes some of the more common command line tools used to create and manage users:

Table 6-1. User Management Command Line Tools

ApplicationFunction
/usr/sbin/useraddAdds user accounts. This tool is also used to specify primary and secondary group membership.
/usr/sbin/userdelDeletes user accounts.
/usr/sbin/usermodEdits account attributes including some functions related to password aging. For more fine-grained control, use the passwd command. usermod is also used to specify primary and secondary group membership.
passwdSets passwords. Although primarily used to change a user's password, it also controls all aspects of password aging.
/usr/sbin/chpasswdReads in a file consisting of username and password pairs, and updates each users' password accordingly.
chageChanges the user's password aging policies. The passwd command can also be used for this purpose.
chfnChanges the user's GECOS information.
chshChanges the user's default shell.

The following table describes some of the more common command line tools used to create and manage groups:

Table 6-2. Group Management Command Line Tools

ApplicationFunction
/usr/sbin/groupaddAdds groups, but does not assign users to those groups. The useradd and usermod programs should then be used to assign users to a given group.
/usr/sbin/groupdelDeletes groups.
/usr/sbin/groupmodModifies group names or GIDs, but does not change group membership. The useradd and usermod programs should be used to assign users to a given group.
gpasswdChanges group membership and sets passwords to allow non-group members who know the group password to join the group. It is also used to specify group administrators.
/usr/sbin/grpckChecks the integrity of the /etc/group and /etc/gshadow files.

The tools listed thus far provide system administrators great flexibility in controlling all aspects of user accounts and group membership. To learn more about how they work, refer to the man page for each. These applications do not, however, determine what resources these users and groups have control over. For this, the system administrator must use file permission applications.

File Permission Applications

Permissions for files, directories, and applications are an integral part of managing resources within an organization. The following table describes some of the more common command line tools used for this purpose.

Table 6-3. Permission Management Command Line Tools

ApplicationFunction
chgrpChanges which group owns a given file.
chmodChanges access permissions for a given file. It is also capable of assigning special permissions.
chownChanges a file's ownership (and can also change group).

It is also possible to alter these attributes in GNOME and KDE graphical environments by right-clicking on the desired object and selecting Properties. The next section will review what happens when an application is used to create user accounts and groups.