Red Hat Linux 8.0: The Official Red Hat Linux System Administration Primer | ||
---|---|---|
Prev | Chapter 6. Managing Accounts and Groups | Next |
There are two basic types of applications one can use when managing user accounts and groups on Red Hat Linux systems:
The graphical User Manager application
A suite of command line tools
For detailed instructions on using User Manager, see the chapter titled User and Group Configuration in the Official Red Hat Linux Customization Guide.
While both the User Manager application and the command line utilities perform essentially the same task, the command line tools have the advantage of being scriptable and therefore, more easily automated.
The following table describes some of the more common command line tools used to create and manage users:
Table 6-1. User Management Command Line Tools
Application | Function |
---|---|
/usr/sbin/useradd | Adds user accounts. This tool is also used to specify primary and secondary group membership. |
/usr/sbin/userdel | Deletes user accounts. |
/usr/sbin/usermod | Edits account attributes including some functions related to password aging. For more fine-grained control, use the passwd command. usermod is also used to specify primary and secondary group membership. |
passwd | Sets passwords. Although primarily used to change a user's password, it also controls all aspects of password aging. |
/usr/sbin/chpasswd | Reads in a file consisting of username and password pairs, and updates each users' password accordingly. |
chage | Changes the user's password aging policies. The passwd command can also be used for this purpose. |
chfn | Changes the user's GECOS information. |
chsh | Changes the user's default shell. |
The following table describes some of the more common command line tools used to create and manage groups:
Table 6-2. Group Management Command Line Tools
Application | Function |
---|---|
/usr/sbin/groupadd | Adds groups, but does not assign users to those groups. The useradd and usermod programs should then be used to assign users to a given group. |
/usr/sbin/groupdel | Deletes groups. |
/usr/sbin/groupmod | Modifies group names or GIDs, but does not change group membership. The useradd and usermod programs should be used to assign users to a given group. |
gpasswd | Changes group membership and sets passwords to allow non-group members who know the group password to join the group. It is also used to specify group administrators. |
/usr/sbin/grpck | Checks the integrity of the /etc/group and /etc/gshadow files. |
The tools listed thus far provide system administrators great flexibility in controlling all aspects of user accounts and group membership. To learn more about how they work, refer to the man page for each. These applications do not, however, determine what resources these users and groups have control over. For this, the system administrator must use file permission applications.
Permissions for files, directories, and applications are an integral part of managing resources within an organization. The following table describes some of the more common command line tools used for this purpose.
Table 6-3. Permission Management Command Line Tools
Application | Function |
---|---|
chgrp | Changes which group owns a given file. |
chmod | Changes access permissions for a given file. It is also capable of assigning special permissions. |
chown | Changes a file's ownership (and can also change group). |
It is also possible to alter these attributes in GNOME and KDE graphical environments by right-clicking on the desired object and selecting Properties. The next section will review what happens when an application is used to create user accounts and groups.