The ability to manage user accounts and group membership is a crucial tool in any system administrator’s box. In this hands-on lab, we will work with commands like `useradd`, `passwd`, `usermod`, `groupadd`, `groupmod` and `groupdel`. By the time we’re done, we will have a good grasp on how to use these tools for managing user accounts and groups on any Linux system.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create a tester Group in the Reserved Range
Use the
groupadd
command with the-r
option to create the grouptesters
:groupadd -r tester
- Add the test1 User and Make Them a Member of the tester Group. Lock and unlock the test1 User, and Force them to Change their Password
Use the command
useradd
with the-G
option to spection thetester
group:useradd -G tester test1
Set a temporary password (that the user will have to change the first time they log in):
echo Temp@$$ | passwd --stdin test1
We could also set one manually by just running
passwd test1
and typing/confirming a password by hand.Lock and unlock the account using the
usermod
command.usermod -L test1 tail -n1 /etc/passwd /etc/shadow usermod -U test1
We can run
tail -n1 /etc/passwd /etc/shadow
to see if it got set.And to make
test1
change their password on the next login, run:chage -d0 test1
Verify the account and groups using the
id
command.id test1
- Modify cloud_user to Add Secondary Membership in tester Group
Use the
usermod
command with the-aG
options to addcloud_user
to thetester
group:usermod -aG tester cloud_user
We can run
id cloud_user
to check our work and see if the user is in the group now.- Create the /usr/local/test_scripts Directory Owned by cloud_user and Set GID Permission for the testers Group with No Access to Others
Create the directory:
mkdir /usr/local/test_scripts
Make sure it’s owned by
cloud_user
, and thetester
group:chown cloud_user:tester /usr/local/test_scripts
Give the group write permissions, and revoke any permissions from anyone else:
chmod g+ws,o-rx /usr/local/test_scripts
As a best practice, verify your work. Become the new user, get into the new directory, and create a couple things to look at:
su - test1 cd /usr/local/test_scripts mkdir dir1 touch file1 ls -l