When several people have access to a system, the administrator must manage the users. To do so, he must know the common commands and files to be configured.
The important files are:
The /etc/passwd file contains all the information relating to the user (login, passwords, etc.). Only the superuser (root) must be able to change it. It is therefore necessary to change the rights of this file so that it can only be read by other users.
This file has a special format making it possible to locate each user, each of its lines has the following format:
account_name : password : user_number : group_number : comment : directory : start_programSeven fields are specified separated by the character ":":
Here is an example of a passwd file:
| root:x:0:0:root:/root:/bin/bash |
| bin:x:1:1:bin:/bin:/bin/bash |
| daemon:x:2:2:daemon:/sbin:/bin/bash |
| news:x:9:13:News system:/etc/news:/bin/bash |
| uucp:x:10:14::/var/lib/uucp/taylor_config:/bin/bash |
| cquoi:x:500:100:Cool......:/home/cquoi:/bin/bash |
It is important to know that the passwords located in this file are encrypted. It is therefore useless to edit and replace the password field by directly typing the password, which would only cause the account to be blocked.
When a user connects, the login program compares the password typed in by the user (after encrypting it) with the password stored in the passwd file. If they do not match, the connection can not be established.
To prohibit use, simply replace the encrypted password by a star: "*".
Access to an account may potentially be left open by leaving the password field empty.
Anybody wishing to connect with this account can then do so.
To be able to change an account password using the passwd command, you must
either be a system administrator or the account owner (the system will then ask the user
to enter the old password before asking him to enter the new password twice).
UID: (unique) identifier for each user account. Numbers beween 0 and 99 are frequently reserved for the machine's own accounts. Numbers higher than 100 are reserved for user accounts.
GID: group identifier. The default group (called group) has the number 50. This identifier is used in connection with access rights to the files. This issue will only concern you if your system has more than one user group. (In which case, you must pay attention to the /etc/group file.
From the shell, it is possible to change the command interpreter. To do so, use the chsh or passwd -s command.
Linux will then look for the program you have specified in the /etc/shells file. Only commands that are present in this file will be accepted
and will replace the current value of the start_program field. These restrictions do not apply to the superuser account.
Make sure that the access rights for the /etc/shells file are the same as for the /etc/passwd file
The superuser may not necessarily be called root. To change this, simply replace the root account name with the desired name.
A privileged account is an account whose identifier (UID, User ID) is zero.
The /etc/group file contains a list of users belonging to the different groups. In fact, when a large number of users have access to the system, they are frequently placed in different groups, each of which has it own access rights to the files and directories.
It has different fields that are separated by ":":
groupe_name : special_field : group_number : member1, member2
Here is an example of a /etc/group file:
| root:x:0:root |
| bin:x:1:root,bin,daemon |
| daemon:x:2: |
| tty:x:5: |
| disk:x:6: |
| lp:x:7: |
| wwwadmin:x:8: |
| kmem:x:9: |
| wheel:x:10: |
| mail:x:12:cyrus |
| news:x:13:news |
admin : : 56 : CCM
Use the /etc/profile file to configure the shell. This relates to all users.
Firstly, find the Shell variables such as OPENWINHOME, PATH, etc.
Then, the type of terminal and the TERM variable are defined.
One part is reserved for the shell prompt, finally a last one
makes it possible to define the colors for the ls command.
When Linux starts up, it is advisable to have the numeric keypad turned on,
which does not happen by default.
There are then only several lines to be added to the /etc/profile file, which are:
| INITTY=/dev/tty[1-7] |
| for tty in $INITTY; |
| do setleds -D +num < $tty |
| done |
When connecting to the shell, the first thing that appears is the prompt,
which can be configured how as user wants.
If the administrator wants a prompt which reads: "Hello#", just edit
the /etc/profile file. This file contains a variable called PS1.
All lines relating to this variable must then be preceded by a
hash: #. So the line PS1='Hello#' must be added.
All that remains is to save and log on again. You will then notice several changes.
Tip: leave a blank space after the prompt to improve readability.
It is also possible to use variables in the prompt (for example, to display the time or
name of the machine, etc.):
| \d | to add the date (English format) |
| \t | to add the time(HH:MM:SS) |
| \u | to add the user name |
| \r | to return to the line |
| \w | to add the full path of the current directory |
| \W | to add the current directory |
| \h | to add the name of the machine |
The color can also be changed.
To do so, use the variable PS1 as follows:
The color number is shown in the list below:
| Black | 0;30 |
| Red | 0;31 |
| Green | 0;32 |
| Brown | 0;33 |
| Blue | 0;34 |
| Violet | 0;35 |
| Cyan | 0;36 |
| Light Gray | 0;37 |
| Gray | 1;30 |
| Pink | 1;31 |
| Light Green | 1;32 |
| Light Brown | 1;33 |
| Light Blue | 1;34 |
| Light Violet | 1;35 |
| Light Cyan | 1;36 |
| White | 1;37 |
Here is an example which shows the time followed by the user name in red:
Results for Linux User management
Results for Linux User management
Results for Linux User management
Results for Linux User management
Results for Linux User management