Welcome back to managing Linux systems. This is the second course in the Linux Foundation Specialization. In this module, we want to think about administering users and groups. How do we add new users, how do we modify, how do we delete, how do we give them permissions. By the time we're done with this module, I want you to be able to do several things. This includes add new Linux users, manage Linux user groups, set up the Linux environment for users, and lastly, interrogate current user information to find out what settings a user has. In this first lesson, let's look at Linux users. There are several files and directories involved in user creation. These include the /etc/login.defs file, the /etc/default/useradd file, the /etc/skel/ directory, the /etc/password file, and the /etc/shadow file. The /etc/login.defs file provides default configuration information for several user account parameters. The useradd, usermod, userdelete, and groupadd commands all will update this file. Each line in the file consists of a directive name and associated value, so key-value pair. For example, I've got some of those in front of you. So PASS_MAX_DAYS, and I've got it set to 999999. This is the maximum number of days that a password may be used. That's way too much. You've all worked in or used an organization where you've logged in and maybe you get three months or one month and you have to change your password. You've got minimum days, minimum length, warning age, the IDs for users, mask for permissions. We'll talk all about permissions a little bit later on, what encryption method is used on passwords. The /etc/default/useradd file holds several configuration defaults for new users. This includes the default group, so all users will be added to the group that's in here by default, the home directory, whether the account is active or not, if it's going to expire, and the default shell, again, we'll talk about all these options as we move forward, and the skeleton location. The skeleton location, again, we'll drill into, but it holds the skeleton of the files to copy to this user as we add it. We just said this, the /etc/skeleton directory contains files and directories that are automatically copied over every time you add a new user, and they're copied to that new user's home directory. For example, if we add a user with the useradd program, it will go look in the /etc/skeleton, find all those files, and copy them over. A home directory is the directory on Linux that serves as the repository for all the users' personal files and directories and programs. This includes configuration files. It is the directory that a user is first in when they log into a shell. An /etc/skel allows a system administrator to create a default home directory for all new users on a computer and network and make certain that all of those users begin with the same settings or environment. There are several user configuration files placed in /etc/skel by default when the operating system is installed. These include.bash_profile,.bashrc,.bash_logout, dircolors, and.inputrc, and.vimrc. We'll talk about several of these as we move forward. The /etc/password file stores user account information. I'm going to use this file several times and examples of commands later on. We're going to see it a lot. But the file is stored in plain text with a row per user and the fields are delimited with a semicolon. What I mean by that is each row is a specific user who can log in to the system and the different fields have a colon between them. There are lots of columns that are stored for each account. I've got them listed in front of you. We start out, the first column is the username and then the password. Now, most of the time nowadays, the password has an x character to indicate that the password is encrypted and stored the /etc/shadow file. But the early days of Linux, we would just store the password in clear text here. Now you all can guess what's wrong with that. If I can get to that file, I can see all my users' passwords. The user ID, which we're going to call UID, then the group ID, we're going to call GID, user ID info, which is a comment field, it allows you to add extra information about the users, such as their full name, their phone number. The home directory, which is the absolute path to the directory the user will be in when they log in. If that directory does not exist, then a user's directory becomes the backslash, which is probably not a good idea, and then the command shell, and this is the absolute path of the command shell. For example, /bin/bash. If the shell is set to /sbin/nologin and the user tries to login to the Linux system directly, the /sbin/nologin shell closes the connection, and we're going to see that a lot. Lastly, the /etc/shadow file is going to securely store the user account information. Again, there's one row per user, and the fields are separated with a colon, and there are several fields. We have the username, that's a login name, and then the password, and this is encrypted. The password should be a minimum of 8-12 characters long, including special characters, digits, lowercase, alphabetic, and more. Usually, the password format is set to $id$salt$hashed. The id is the algorithm used and ON GNU/Linux. There are several different algorithms. $1$ is MD5. $2a$ is blowfish. $2y$ is blowfish. $5$ is SHA-256, and $6$ is SHA-512. We also can have the last password change. This is the number of days since January 1st, 1970, which is typically how we store dates in Linux, that password was last changed. Then the minimum and maximum number of days left before the user is allowed to change his or her password, and the maximum is the number of days till it's valid. Then a warning as the number of days before a password is to expire that the user is warned that his or her password must be changed. You've all experienced that also, like your password is going to expire in five days. Inactive tells the number of days after the password expires that the account is disabled. Expire, the last one is an absolute date specifying when the login may no longer be used. The useradd command, is going to create and populate a home directory for the new user and set the permissions and ownership to the home directory. This is going to edit the /etc/password, the /etc/shadow, the /etc/group, the /etc/gshadow files for the newly created user account. An example usage here is useradd aspeno. That's going to create a user called aspeno and update all of those files. There are some options here. I just gave you a couple of them. The dash d is used to set a different home directory, then the defaults that we've seen, and dash s can be used to change the shell from the default. The password command allows the user to change their password. This administrator can change the password or the user can change their own password. The root user reserves the privilege to change the password for any user on the system, while a normal user can only change the account password for his or her own account. An example usage here is password aspeno. That's going to change the aspeno log and we just create his password. There are several options that we can pass in here so dash d is to delete the password, dash e to set the password expiration date, dash l to lock the password. A little review here. The useradd command reads and updates several files. The password command can set a user's password, and the user can run password on their own account at any time to change the password. I'll see you in the next lesson.
