Wednesday, December 16, 2009

User and Group Administration

Few Points:
# Starting from HP-UX 11i v3, user and group names can be 255 chars long

Related Files:

/etc/passwd - Contains the basic user configuration information
/etc/shadow - Password shadow file. Contains the encrypted password
/etc/ptmp     - Lock file when updating the password file
/etc/group    - Contains the group configuration information
/etc/default/security - Security defaults configuration
/etc/security.dsc -  Security attributes description file
/var/adm/btmp   - Keeps track of failed logins
/var/adm/wtmp  - Keeps track of successful logins
/etc/utmp           - Keeps track of currently logged in users

Related Directories:

/etc/skel - Skeleton directory where the templates of profiles are kept

Password Related Attributes for /etc/default/security :

INACTIVITY_MAXDAYS - No. of days before expiring an account for inactivity

PASSWORD_MINDAYS   - Minimum no. of days before a password can be changed

PASSWORD_MAXDAYS  - Maximum no. of days that passwords are valid

PASSWORD_WARNDAYS - No. of days before warning users of password expiration

Commands:

1. To create an user with default settings :

# useradd user1

2. To create an user with the specific uid, primary group, secondary groups, home directory, shell, comment and also creates the home directory if it doesn’t exist, also allows the uid to be non-unique :

# useradd –u uid –o –g group_name –G group1,group2 –d home_dir –s shell –c comment –m user_name

3. To list the defaults for primary group, base directory, inactivity timeout and skeleton directory :

# useradd –D

4. To change the default primary group to dba :

# useradd –D –g dba

5. To change the primary group to dba for the user jack :

# usermod –g dba jack

6. To delete an user but not his/her home directory :

# userdel user1

7. To delete an user along with the home directory :

# userdel –r user1

8. To reset the password for an user :

# passwd user1

9. To force a password change at next login :

# passwd –f user1

10. To view password aging status for an user :

# passwd –s user1

11. To lock or disable a user :

# passwd –l user1

12. To create a group called dba and add the respective entries to /etc/group :

# groupadd dba

13. To create a group called dba with gid as 231 :

# groupadd –g 231 dba

14. To modify the gid for an existing group :

# groupmod –g 214 dba

15. To delete the group dba :

# groupdel dba

16. To delete the group only if its not the primary group for any user :

# groupdel –s dba

17. To list the failed logins ( to display the contents of /var/adm/btmp ) :

# lastb

18. To list the successful logins ( to display the contents of /var/adm/wtmp )

# last

19. To list the currently logged in users ( to display the contents of /etc/utmp )

# who –u

20. To create the password shadow file and to move the encrypted password from /etc/passwd to /etc/shadow :

# pwconv

21. To check the /etc/passwd and /etc/shadow files for consistencies :

# pwck

22. To copy the encrypted passwd and aging information from /etc/shadow to /etc/passwd and then delete the /etc/shadow file :

# pwunconv

23. To display all the attributes for the user jack :

# userdbget –u jack

2 comments:

  1. Thanks for the posts... I get ready for an interview, and your blog is very helpful man...

    Keep it up the good work.

    ReplyDelete
  2. You need some doc on using userdbset to clear the auth_failures attribute to allow a person to login after too many invalid logins.

    ReplyDelete