Novell Home

Managing Users and Groups From The Command Line

Novell Cool Solutions: Feature
By Scott M. Morris

Digg This - Slashdot This

Posted: 6 Oct 2005
 

Applies to:

  • SUSE Linux
  • Novell Linux Desktop
  • SUSE Linux Enterprise Server

Over the past few weeks, we've looked at ways to manage users and groups through gui-based applications. What happens when you need to manage users and groups from a command-line? This week, we are going to look at some ways we can do this. Note that to use these commands, you will have to be logged in as root.

The first command to look at is useradd. Let's take a look at the command-line parameters we can pass to the command:

work:/home/scott # useradd --help
Usage: useradd ...
useradd - create a new user

  -c comment     Set the GECOS field for the new account
 --show-defaults Print default values
 --save-defaults Save modified default values
  -D binddn      Use dn "binddn" to bind to the LDAP directory
  -d homedir     Home directory for the new user
  -e expire      Date on which the new account will be disabled
  -f inactive    Days after a password expires until account is disabled
  -G group,...   List of supplementary groups
  -g gid         Name/number of the users primary group
  -k skeldir     Specify an alternative skel directory
  -m             Create home directory for the new user
  -o             Allow duplicate (non-unique) UID
  -P path        Search passwd, shadow and group file in "path"
  -p password    Encrypted password as returned by crypt(3)
  -u uid         Force the new userid to be the given number
  -r, --system   Create a system account
  -s shell       Name of the user's login shell
 --service srv   Add account to nameservice 'srv'
      --help     Give this help list
      --usage    Give a short usage message
  -v, --version  Print program version
Valid services for --service are: files, ldap
work:/home/scott #

There is a bunch of parameters you can pass to this command. However, to keep things simple, I usually just make sure that I tell it to create a home directory for the new user (with -m), which groups the new user should belong to (with -G), and the shell that the user will use (with -s). All of this is followed by the new user's name:

work:/home/scott # useradd -m -G users,video -s /bin/bash jsmith
work:/home/scott #

After creating a new user, you will then generally set a password for that user with the passwd command.

So, we know how to create system users. How do we add groups? This is possible with the groupadd command. Again, let's take a look at the parameters that we can pass to this command:

work:/home/scott # groupadd --help
Usage: groupadd [-D binddn] [-g gid [-o]] [-r] [-P path] [-p password] group
groupadd - create a new group

  -D binddn      Use dn "binddn" to bind to the LDAP directory
  -g gid         Force the new groupid to be the given number
  -o             Allow duplicate (non-unique) UID
  -P path        Search passwd, shadow and group file in "path"
  -p password    Encrypted password as returned by crypt(3)
  -r, --system   Create a system account
 --service srv   Add account to nameservice 'srv'
      --help     Give this help list
      --usage    Give a short usage message
  -v, --version  Print program version
Valid services for --service are: files, ldap
work:/home/scott #

Most of the time, I just pass the new group name that I want to create:

work:/home/scott # groupadd groupwise
work:/home/scott #

We've now added a user and a group. What if we want to change them after we've added them? The commands usermod and groupmod can be used for this purpose.

Let's see how we can use usermod:

work:/home/scott # usermod --help
Usage: usermod ...
usermod - modify a user account

  -c comment     Set the GECOS field for the new account
  -D binddn      Use dn "binddn" to bind to the LDAP directory
  -d homedir     Home directory for the new user
  -e expire      Date on which the new account will be disabled
  -f inactive    Days after a password expires until account is disabled
  -G group,...   List of supplementary groups
  -g gid         Name/number of the users primary group
  -k skeldir     Specify an alternative skel directory
  -l login       Change login name.
  -m             Move home directory to the new path
  -o             Allow duplicate (non-unique) UID
  -A group,...   List of groups the user should be added to
  -R group,...   List of groups the user should be removed from
  -P path        Search passwd, shadow and group file in "path"
  -p password    Encrypted password as returned by crypt(3)
  -s shell       Name of the user's login shell
  -u uid         Change the userid to the given number
  -r service     Use nameservice 'service'
  -L             Locks the password entry for "user"
  -U             Try to unlock the password entry for "user"
      --help     Give this help list
      --usage    Give a short usage message
  -v, --version  Print program version
Valid services for -r are: files, ldap
work:/home/scott #

Let's add the user we just created to the group that we just created. One thing that we need to remember is that we need to specify all of the supplementary groups that the user should belong to, even if they already do. That's just how this command works. It resets the user to only belong to the groups you specify here, except for the users group. A user will belong to that group by default:

work:/home/scott # usermod -G video,groupwise jsmith
work:/home/scott # groups jsmith
jsmith : users video groupwise
work:/home/scott #

Now, let's look at the groupmod command:

work:/home/scott # groupmod --help
Usage: groupmod [-g gid [-o]] [-n new_name] group
groupmod - modify a group entry

  -D binddn      Use dn "binddn" to bind to the LDAP directory
  -g gid         Change the groupid to the given number
  -k skeldir     Specify an alternative skel directory
  -n name        Change group name.
  -o             Allow duplicate (non-unique) UID
  -P path        Search passwd, shadow and group file in "path"
  -p password    Encrypted password as returned by crypt(3)
  -A user        Add the user to the group entry
  -R user        Remove the user from the group entry
  -r service     Use nameservice 'service'
      --help     Give this help list
      --usage    Give a short usage message
  -v, --version  Print program version
Valid services for -r are: files, ldap
work:/home/scott # 

Let's just change the name of the group:

work:/home/scott # groupmod -n suseuser groupwise
work:/home/scott # groups jsmith
jsmith : users video suseuser
work:/home/scott #

Now, let's say we want to delete the user. We can use the userdel command for this. Let's look at our options:

work:/home/scott # userdel --help
Usage: userdel [-D binddn] [-P path] [-r [-f]] user
userdel - delete a user and related files

  -r             Remove home directory and mail spool
  -f             Force removel of files, even if not owned by user
  -D binddn      Use dn "binddn" to bind to the LDAP directory
  -P path        Search passwd, shadow and group file in "path"
 --service srv   Add account to nameservice 'srv'
      --help     Give this help list
  -u, --usage    Give a short usage message
  -v, --version  Print program version
Valid services for --service are: files, ldap
work:/home/scott #

To use this command, just tell it what user you want to delete:

work:/home/scott # userdel jsmith
no crontab for jsmith
work:/home/scott # 

That is pretty simple. Now, we can use groupdel to delete the group we just renamed. Let's display the options, just to see what they are:

work:/home/scott # groupdel --help
Usage: groupdel [-D binddn] [-P path] group
groupdel - delete a group

  -D binddn      Use dn "binddn" to bind to the LDAP directory
  -P path        Search passwd, shadow and group file in "path"
 --service srv   Add account to nameservice 'srv'
      --help     Give this help list
  -u, --usage    Give a short usage message
  -v, --version  Print program version
Valid services for --service are: files, ldap
work:/home/scott #

Finally, let's delete the group:

work:/home/scott # groupdel suseuser
work:/home/scott # 

There is quite an amount of advanced stuff that can be done with these commands. However, for simple user and group management on a system, the examples above should suffice. For user and group management over an SSH connection, these commands come in quite handy.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell