Chapter Three

User Management
 User Management
 Users are both the reason that computers exist and their greatest threat.

 The role of the computer, as a tool, has changed extensively throughout history.

 System administrators must provide to all needs, and ensure the stability and
security of the system.

 User management is about interfacing humans to computers.

 User registration
 One of the first issues on a new host is to issue accounts for users.
 For small organizations, user registration is a relatively simple matter than large
organizations.

 Users can be registered at a centralized location and made available to all of the
hosts in the network.
 It is convenient for autonomous departments to be able to register their users,

 it is also important for all users to be registered under the umbrella of the
organization,
 to ensure unique identities for the users and flexibility of access to different parts
of the organization.
What are users and Groups?
 Linux system having a username for each user allowed access to a system, each
system has user groups.
 A user group is a group of one or more users. A user can be a member of more
than one group.
 File and directory permissions can be granted for:-
 The owner of the file,
 The group associated with the file, and
 All users on the system.
 User groups can be any grouping of users on which you decide:

 Groups of users in a functional department, groups in the same physical

location, or groups based on security access.
 Managing user
 Each user on Linux system is assigned a unique user identification number, also
known as a UID.
 UIDs below 500 are reserved for system users such as the root user.
 System users also include those added for a specific service such as the NFS
service.
 When a user is added, a private user group is created—meaning that a user group
of the same name is created and that the new user is the sole user in that group.
• Linux includes a graphical program for managing users and groups.

The system-config-users package is required to manage users graphically.

• Start the user and group tool from the System menu on the top panel of the
desktop by selecting Administration, Users and Groups or
Cont….

 By default, system users are not shown in the list of users.

 To show system users in the list.
select Edit,
Preferences from the pull-down menu.
• In the Preferences dialog, unselect the Hide system users and groups option,
and click Close.

FIGURE 9.1 List of Existing Users

Adding and Modifying Users
• To add a new user graphically, click Add User to display the dialog window in
Figure 9.2.
• Configure the username, full name, and password for the new user.

 To manually set the UID, select the Specify user ID

manually option and then select a UID.
 Click OK to add the user to the system.
 The user immediately appears on the Users tab of
the main window, and is also added to the system.

FIGURE 9.2 Adding a New User

Cont…
• Features such as account expiration, password locking, password expiration,
and groups to which the user is a member are configurable from the User
Properties dialog box.

• FIGURE 9.3 Modifying User Properties

Cont…
Deleting Users
• To delete a user, select her from the list and click Delete.
• Changes take effect immediately, so clicking Yes will remove the user and the
user’s files.
• Any remaining files will still exist with the user’s old UID, so be careful when
creating new users.
• If the UID is reused for a different user, you might be giving the new user access
to the old user’s files because file permissions are based on the UID and GID
associated with the file.

• When using the graphical application, the private user group for the user is
deleted when the user is deleted from the system.
• The user being deleted is also removed from any other groups of which it was a
member.
Configuring via the Command Line

 If you prefer the command line or do not have a graphical desktop installed on the
system, the shadow-utils RPM package provides utilities to add, modify, and
delete users from a shell prompt.

 The commands discussed in this section require the administrator to be logged in

as the root user.

 If you are logged in as a non-root user, execute the su- command from a shell
prompt, and enter the root password to become the root user.
Cont…
Adding Users
 To add a new user, use the useradd command.
The basic syntax is #useradd <username>.
e.g #useradd user1
 The username is the only information required to add a new user.
 User account information available in /etc/password.
 To check created user
# cat /etc/password
 To check password information
#cat /etc/shadow
 When we press enter, after the user what we cerate there is !! Symbol, that means
password is not created for the user.
Cont…

 The useradd command creates the account, but the account is locked.
 To unlock the account and create a password for the user, use the command
passwd <username>.
 To login in to user
#su username
 To add user in to multiple groups.
#user –G g1,g2,g3 User1
 To come out from group
#gpasswd –d user1 g1

 etc/passwd consist of column’s, to view those column's vim/etc/passwd.

Cont…
• U1:x:s01:s10::/home/u1:/bin/bash
1 2 3 4 5 6 7

1:user name
2: password
3:UID
4:GID
5:Reserved for comment
6:Home directory of user
7:Login shell, if there is no home directory system directory get in to
this.
Cont…
• To show details of a given user
#change –l user2
 It will displayed
Last password expires Agust 05, 2018
Password expires never
Password inactive never
Account expire never

 The default expire day of password is 42 days.

Cont…

Modifying Users
 The usermod command can also be used to modify options for an existing user
with the usermod <options> <username> command.
 Table 9.2 lists additional usermod options.
Cont….

• How to lock user

#usermod –l user2
• To unlock users
#usermod –U user2
Password Aging
 Optionally, password aging can also be configured with the chage command.

 If the chage command is immediately followed by a username, the administrator

will be interactively prompted for the password aging values as shown in Listing
9.1.
 To list current password aging values, use the chage -l <username> command.
Cont…
Cont…
Deleting Users
• The userdel command is available for deleting users using the userdel
<username> syntax.

• The private user group for the user is also deleted, and the user is removed
from any other groups of which he was a member.

• However, the user’s home directory and any other files the user owned are not
deleted from the system.

• To remove the user’s home directory and mail spool, use the userdel -r
<username> command.
Managing Groups
 As previously mentioned, a new group with the same name as the user is created
by default when a new user is added.
 This new group is referred to as a private user group.
 Every user has a default group, which is usually the user’s private user group,
but every user can also be a member of more than one group.

 The additional groups a user is a member of allows the user to have access to files
associated with the group and with the proper group file permissions.

 A unique integer known as a GID is associated with each group.

 GIDs below 500 are reserved for system groups just like UIDs below 500 are
reserved for system users.
Cont…
• To start the graphical application for managing users and groups, select
Administration, Users and Groups from the System menu on the top panel of
the desktop, or execute the command system-config-users.
• If the program is run as a non-root user, enter the root password when prompted.
• As shown in Figure 9.4, select the Groups tab to view all existing groups.
 Cont…
 By default, system groups are not displayed in the list. To show system users in the
list, select Preferences, Filter system users and groups.
Adding and Modifying Groups
• To add a group, click Add Group to display the dialog box in Figure 9.5

FIGURE 9.5 Adding a Group

 In this dialog box, type the name of the new group.
 If the option to specify the GID is not selected, the next available GID above 500 is
used.
 Click OK to add the group. The changes take place immediately, and the group is
added to the list of existing groups in the main window.
Cont….

 To add a user to an existing group or change the name of the group, select it
from the list on the Groups tab of the main application window, and click
Properties.
 On the Group Users tab, select the users who should be members of the group,
and click OK to enable the changes.
 The Group Data tab allows an administrator to change the name of the group.
Once again, the changes take place immediately.

Deleting Groups
 To delete a group, select it from the list on the Groups tab, and click the Delete
button in the toolbar.
 Click Yes to confirm the deletion. The changes take place immediately, and the
group is removed from the list of existing groups.
Configuring via the Command Line
• If you prefer command-line configuration or just don’t have the X Window
System installed on the system, command can be used to manage groups.

• The commands discussed in this section must be executed by the root user.

Adding Groups
• The groupadd command can be used to add user groups to the system.
• The basic syntax is groupadd <groupname>.

• To specify a GID, use the groupadd -g <gid> <groupname> command.

• To add a system group, use the groupadd -r <groupname> command.
Con…

• The first available GID below 500 is used for the system group.
• To add a system group and specify the GID, use the groupadd -r -g <gid>
<groupname> command.

• Even if you specify a GID for the system group, the GID still needs to be below
500 to follow the numbering convention.

• To add users to a group, use the usermod -G <groups> <username> command.

• To cerate and add a user single command.
#useradd –G g1 user2
 Cont…

Modifying Groups
• Other than adding users to the group, the name of the group and the GID of the
group can be changed with the groupmod command.
• To change the GID of a group, use the groupmod -g <gid> <groupname>
command.
• To change the name of the group, use the groupmod -n <newname>
<groupname> command.
• Linux also includes the gpasswd command for managing groups.
• It allows an administrator to configure group administrators, group members,
and a group password.
• Group administrators can add and delete users as well as set, change, or remove
the group password. A group can have more than one group administrator.
Cont…
 To add group administrators, use the gpasswd -A <users> <groupname>
command, where <users> is a comma separated list of existing users you want to be
group administrators. Don’t use any spaces between the commas.
 The root user or a group administrator can add users to the group with the gpasswd
–a <user> <groupname> command.
 Using this method, only one user can be added at a time.
 Similarly, to remove a user from a group, use the gpasswd -d <user>
<groupname> command.

 The root user to modify the members of a group with the gpasswd -M <users>
<groupname> command, where <users> is a comma separated list of all the users
in the group.

 When this command is executed, the group members list changes to the users listed
in this command. Any existing members not listed will be removed.
Cont…
 To add or change the password for a group, the root user or a group administrator
can use the gpasswd <groupname> command.
 When changing the password, the old password is not needed.

 To remove the group password, use the gpasswd -r <groupname> command.

• If the group has a password, the user must enter the correct password before
successfully switching groups.

• If the group has a password, users who aren’t members of the group can also make
the group their default group with the newgrp command.
Cont…
• If the group doesn’t have a password configured, only users who are members
of the group can use the newgrp command to change groups for that login
session.
• To disable the use of the newgrp command for a group, use the gpasswd -R
<groupname> command.

Deleting Groups
• To delete an existing group, use the groupdel <groupname> command.

• The group is removed, and the users in the group are no longer members of the
group.
How It All Works
• A list of all local users is stored in the /etc/passwd file.
• This file is in plain text format and is readable by anyone logged in to the system
because it is referenced by user-accessible utilities such as ls and who to map user
and group IDs to usernames and group names.
• Each user is listed on a separate line, with the following format:
username:password:uid:gid:real_name:/home/directory:shell
Cont…
 If shadow passwords are used (the default), the encrypted passwords are stored in
the /etc/shadow file, readable only by root for security reasons.

 All user groups are stored in the /etc/group file, readable by everyone but only
writable by root.

 Each group is listed on a separate line in the following format:

groupname:password:gid:users

 The gid is the unique group ID for the group, and the users field is a comma-
delimited list of users in the group.
Disk management
• We have two types of partition:
 Primary and
 Extended.
• In Linux we can cerate a maximum of 4 partition.
• The minimum size of a partition should be 8mb.
• We can install Linux and Windows OS in a single derive.
• To install Linux and windows in single machine first we have to install windows
and Linux should install later.
• In dual boot, if we didn’t specify default OS, the latest OS(Linux) become a
default OS.
• If the Linux is default and Linux corrupt system can’t boot from windows,
unless we select windows because Linux is default OS.
Cont…

• All bootable file available in mbr(Master boot record).

• When the first installed OS corrupt, system can’t boot from other OS, because if
first OS failed mbr also failed.
• To check partition.
#fdisk –l
It will displayed available partition like:-
/dev/sda1
/dev/sda2
/dev/sda3
 To check capacity of partition hard disk
#disk/dev/sda1
Cont…

 If we connect any extended device like, external HD, flash, it will displayed
like:
#/dev/sdb1
• To check wither the external device is detected or not, type #dmesg, if it detect
new usb device found message will be available.
• To partition a disk we can use #fdisk.
#fdisk –cu /dev/sda
 When we cerate a partition, unless we use –cu, 2mb partition will be available.
 To remove created partition
#d
#5 partition number.
Cont….
• To use partition we have to do three things, sequentially.
Cerate
Format
Mount
Format
#mkfs.ext4 /dev/sda5
Mount partition
To mount a partition first cerate a directory.
#mkdir /mnt/data
Cont…

• There are two types of mount:

Temporary: After reboot the mount will be removed
Permanent: Mount available after the system boot.
Temporary:
#mount /dev/sda5 /mnt/data
 To check wither it is mount or not
#df -h
 It display message like
File system size used avel mount
/dev/sda5 20G 172mb 19G /mnt/data

 Mostly used by external device like external HD, filash.

#unmount /dev/sda5 to remove mount
 Cont…

Permanent mounting
 #vim /etc/fstab
 Come to last line and pres o
 Type /dev.sda5
 Go to next column and type /mnt/data
 Go to next column and add file system ext4
 Go to next column and type default
 Add 0 0 in the next column
 Save and quite
 #mount –a
Cont…
Logical volume management
 In Linux we can increase and decrease the volume of a partition without losing
file.
 To manage a logical volume we have to do the following steps:
Cerate partition
Change toggle ID
Cerate Pv(physical volume)
Cerate Vg(volume group)
Cerate lv(logical volume)
Format volume
Mount volume
Cont…

Resize logical volume

• Unmount is required when we decrees partition.
 To increase volume
#lvresize –l 8G /dev/vg2/lv2
#resize2fs /dev/vg2/lv2 8G to update file system
 To decrease volume
#unmount /dev/vg2/lv2 Unmounting
#resize2fs /dev/vg2/lv2 5G
#lvresize –l 5G /dev/vg2/lv2
#mount /dev/vg2/lv2/myfile
• To remove logical volume
#unmount /dev/vg1/lv1
#lvremove /dev/vg1/lv1
#y
Reporting Filesystem Usage
• One of the most critical system components to monitor is the filesystem.
• Discovering problems before the system goes down is key to being a successful
administrator.
• The first requires a scheduled action during a scheduled maintenance time, and the
later requires an immediate emergency operation, which can occur at any time,
including when access to the system is most required.
Determining Filesystem Usage
• To determine how much disk space is being used for a given partition, logical
volume, or NFS mount, use the df command.
• If no arguments are given to the command, disk usage for all mounted partitions is
displayed in 1 kilobyte blocks.
Cont…
• The /boot partition and an NFS mounted directory from the
production.example.com server.
Cont…
• To display the output in “human readable” format, use the -h argument to df. The
output is then displayed in kilobytes, megabytes, gigabytes, or terabytes
depending on the size of the filesystem.
Cont…
Reporting Open Files
• The lsof command can be used to list open files, including library and network
files.
• If an error occurs because a device is already in use, lsof can be used to determine
which process is using it and who owns that process.
Reporting Disk Performance
• Disk performance should be constantly monitored over time to determine disk or
controller problems.
• For example, if the access time for a drive suddenly drops, an administrator must
quickly start troubleshooting the problem to determine if it is a software or
hardware issue or simply due to lack of free space on the disk.
Using iostat
• Part of the sysstat RPM package, the iostat utility can be used to gather
performance statistics for devices or partitions.
Cont…
• To create continuous reports, specify a time interval in seconds after the
command.
• Forexample, to generate iostat reports every minute, use the command iostat 60.
• Press Ctrl+C to stop the output. Alternatively, specify the number of intervals as
well with the format iostat <interval> <iterations> such as iostat 60 5 to generate a
report every 60 seconds for 5 iterations.
• As mentioned previously, after the first report of averages, each report is the
instantaneous change from the previous report.
• To include a line of values for the entire device along with the statistics for each
partition, use the iostat -p <device> command such as the following for /dev/sda:
• iostat -p /dev/sda
Writing a Backup Plan
• The backup plan you write and commit to will be specialized to your needs:-
 Your company’s resources,
 The number of systems to back up,
 The operating systems running on those systems, and much more.
What Data to Back Up
• Deciding what data to back up is nontrivial and might vary for each system. Here is a
list of data to consider:
 Home directories
 Email spools
 /etc/ directory for various configuration files
 Shared directories
 Database files
 Content management directories such as CVS or Subversion
Cont….
• Other thoughts to consider when devising a backup plan:
Does your backup plan include backups on an offsite server in case of natural disaster
Is redundant hardware part of your plan in case of unrecoverable hardware failure?
 Is the total recovery time from backup acceptable for the needs of the company?
Are you alerted when a system failure occurs?
Are you alerted when a failure occurs during the backup procedure?
What is the initial cost of equipment and software?
What is the total annual cost of the backup media? Does it fit in your allotted budget?
 Does the plan scale if additional systems need to be added?
• Do multiple administrators have the knowledge to recover each system in case of
personnel changes or vacation times?
• Are the processes well-documented so they can be easily accessed and reviewed on a
regular basis?
Incremental versus Full Backups
• If your organization is large or modifies the same subset of data frequently, you
might want to consider incremental backups.

• You start off with a full backup and then only back up the data that has
changed since the last backup.

• This often saves disk space on the backup servers and shortens the time it takes
to perform backups.

• Each time you perform a full backup, the subsequent incremental backups are
based on the last full backup.
The tar Utility
• When backing up data that is no longer being used or data that is not frequently
changed, consider creating a compressed archive file using the tar archive utility
in combination with one of the compression tools such as gzip or bzip2.

• Compressed archive file results in one file that must be decompressed and
unarchived before files can be restored from it.

• The compression of the files saves room on the backup media.

• To use tar, the tar RPM package must be installed.

• It should be installed on your system unless you chose to only install a specific set
of packages.
Recovery and Repair
• To analyze or repair a system failure, you might need to boot into the system.
• But, what if the boot loader is corrupt or what if the filesystem can’t be mounted
anymore? Red Hat Enterprise Linux includes alternative boot methods for system
repair:
o Rescue mode,
o Single user mode, and
o Emergency mode.
• Rescue Mode
• Rescue mode allows the administrator to bypass the boot loader by instead
booting off an installation media.
• Possible reasons to use rescue mode include .
Corrupt boot loader that needs repair .
Corrupt filesystem that can not be mounted and needs repair
 Cont…
• After booting into rescue mode, select the language and keyboard layout to use
during rescue mode.
• If you need to copy data to another system to save it before reinstalling or copying
files to the system to repair it, you will need to start the network.
Single-User Mode
• Rescue mode requires a boot media, but single-user mode is specified as a kernel
option using the installed boot loader and does not require additional boot media.
• However, it does require that the boot loader is working properly and that the
filesystem be mounted.
• It does not provide the ability to start a network connection.
• Possible reasons to use single-user mode include .
 Forgot root password
Repair runlevel file system
Cont….
• To boot into single-user mode, boot the system with the single kernel parameter.
Press any key at the Booting Red Hat Enterprise Linux, GRUB menu will be
view.
 Press the E key to edit the currently selected boot line.
Append the line with the word single, and press B to boot the system.
Emergency Mode
• Emergency mode is similar to single-user mode except the root filesystem is
mounted.
• Boot into emergency mode using the same method as single-user mode except
replace the word single with emergency in the boot method.
• Because the filesystem is mounted read-only, files can not be changed or repaired,
but files can be retrieved off the system.
Filesystem Repair
• If one or more filesystems are corrupt, boot into rescue mode and do not mount
the filesystem.
• The e2fsck utility can be used to check and repair an ext2 or ext3 (default for Red
HatEnterprise Linux) filesystem.
• It must be run as root, and the filesystem being checked should not be
mounted.
• The basic syntax is as follows:
e2fsck <device>
• where <device> is the device filename for the filesystem such as /dev/hda1 for the
first partition on the first IDE drive.
• As the utility finds errors, it remind the administrator to confirm the fix.
Boot Loader Repair
• If GRUB won’t boot into Red Hat Enterprise Linux properly.
• Try booting into rescue mode and reinstalling GRUB with the following
command:
grub-install --root-directory=/boot ‘<device-name>’
• The --root-directory=/boot option specifies that the GRUB images should be
installed in the /boot directory.
• Replace <device-name> with the device name on which to install the GRUB
images.
• The device name can be either the GRUB device name such as hd0 or sd0 or the
system device name such as /dev/hda or /dev/sda.
• For example, for the GRUB device named sd0, the command would be grub-
install --root-directory=/boot ‘(sd0)’