Managing Users and Groups From The Command Line
Novell Cool Solutions: Feature
By Scott M. Morris
Reader Rating 
from 2 ratings
|
Digg This -
Slashdot This
Posted: 6 Oct 2005 |
Applies to:
- SUSE Linux
- Novell Linux Desktop
- SUSE Linux Enterprise Server
Over the past few weeks, we've looked at ways to manage users and groups through gui-based applications. What happens when you need to manage users and groups from a command-line? This week, we are going to look at some ways we can do this. Note that to use these commands, you will have to be logged in as root.
The first command to look at is useradd. Let's take a look at the command-line parameters we can pass to the command:
work:/home/scott # useradd --help
Usage: useradd ...
useradd - create a new user
-c comment Set the GECOS field for the new account
--show-defaults Print default values
--save-defaults Save modified default values
-D binddn Use dn "binddn" to bind to the LDAP directory
-d homedir Home directory for the new user
-e expire Date on which the new account will be disabled
-f inactive Days after a password expires until account is disabled
-G group,... List of supplementary groups
-g gid Name/number of the users primary group
-k skeldir Specify an alternative skel directory
-m Create home directory for the new user
-o Allow duplicate (non-unique) UID
-P path Search passwd, shadow and group file in "path"
-p password Encrypted password as returned by crypt(3)
-u uid Force the new userid to be the given number
-r, --system Create a system account
-s shell Name of the user's login shell
--service srv Add account to nameservice 'srv'
--help Give this help list
--usage Give a short usage message
-v, --version Print program version
Valid services for --service are: files, ldap
work:/home/scott # |
There is a bunch of parameters you can pass to this command. However, to keep things simple, I usually just make sure that I tell it to create a home directory for the new user (with -m), which groups the new user should belong to (with -G), and the shell that the user will use (with -s). All of this is followed by the new user's name:
work:/home/scott # useradd -m -G users,video -s /bin/bash jsmith work:/home/scott # |
After creating a new user, you will then generally set a password for that user with the passwd command.
So, we know how to create system users. How do we add groups? This is possible with the groupadd command. Again, let's take a look at the parameters that we can pass to this command:
work:/home/scott # groupadd --help
Usage: groupadd [-D binddn] [-g gid [-o]] [-r] [-P path] [-p password] group
groupadd - create a new group
-D binddn Use dn "binddn" to bind to the LDAP directory
-g gid Force the new groupid to be the given number
-o Allow duplicate (non-unique) UID
-P path Search passwd, shadow and group file in "path"
-p password Encrypted password as returned by crypt(3)
-r, --system Create a system account
--service srv Add account to nameservice 'srv'
--help Give this help list
--usage Give a short usage message
-v, --version Print program version
Valid services for --service are: files, ldap
work:/home/scott #
|
Most of the time, I just pass the new group name that I want to create:
work:/home/scott # groupadd groupwise work:/home/scott # |
We've now added a user and a group. What if we want to change them after we've added them? The commands usermod and groupmod can be used for this purpose.
Let's see how we can use usermod:
work:/home/scott # usermod --help
Usage: usermod ...
usermod - modify a user account
-c comment Set the GECOS field for the new account
-D binddn Use dn "binddn" to bind to the LDAP directory
-d homedir Home directory for the new user
-e expire Date on which the new account will be disabled
-f inactive Days after a password expires until account is disabled
-G group,... List of supplementary groups
-g gid Name/number of the users primary group
-k skeldir Specify an alternative skel directory
-l login Change login name.
-m Move home directory to the new path
-o Allow duplicate (non-unique) UID
-A group,... List of groups the user should be added to
-R group,... List of groups the user should be removed from
-P path Search passwd, shadow and group file in "path"
-p password Encrypted password as returned by crypt(3)
-s shell Name of the user's login shell
-u uid Change the userid to the given number
-r service Use nameservice 'service'
-L Locks the password entry for "user"
-U Try to unlock the password entry for "user"
--help Give this help list
--usage Give a short usage message
-v, --version Print program version
Valid services for -r are: files, ldap
work:/home/scott # |
Let's add the user we just created to the group that we just created. One thing that we need to remember is that we need to specify all of the supplementary groups that the user should belong to, even if they already do. That's just how this command works. It resets the user to only belong to the groups you specify here, except for the users group. A user will belong to that group by default:
work:/home/scott # usermod -G video,groupwise jsmith work:/home/scott # groups jsmith jsmith : users video groupwise work:/home/scott # |
Now, let's look at the groupmod command:
work:/home/scott # groupmod --help
Usage: groupmod [-g gid [-o]] [-n new_name] group
groupmod - modify a group entry
-D binddn Use dn "binddn" to bind to the LDAP directory
-g gid Change the groupid to the given number
-k skeldir Specify an alternative skel directory
-n name Change group name.
-o Allow duplicate (non-unique) UID
-P path Search passwd, shadow and group file in "path"
-p password Encrypted password as returned by crypt(3)
-A user Add the user to the group entry
-R user Remove the user from the group entry
-r service Use nameservice 'service'
--help Give this help list
--usage Give a short usage message
-v, --version Print program version
Valid services for -r are: files, ldap
work:/home/scott # |
Let's just change the name of the group:
work:/home/scott # groupmod -n suseuser groupwise work:/home/scott # groups jsmith jsmith : users video suseuser work:/home/scott # |
Now, let's say we want to delete the user. We can use the userdel command for this. Let's look at our options:
work:/home/scott # userdel --help
Usage: userdel [-D binddn] [-P path] [-r [-f]] user
userdel - delete a user and related files
-r Remove home directory and mail spool
-f Force removel of files, even if not owned by user
-D binddn Use dn "binddn" to bind to the LDAP directory
-P path Search passwd, shadow and group file in "path"
--service srv Add account to nameservice 'srv'
--help Give this help list
-u, --usage Give a short usage message
-v, --version Print program version
Valid services for --service are: files, ldap
work:/home/scott # |
To use this command, just tell it what user you want to delete:
work:/home/scott # userdel jsmith no crontab for jsmith work:/home/scott # |
That is pretty simple. Now, we can use groupdel to delete the group we just renamed. Let's display the options, just to see what they are:
work:/home/scott # groupdel --help
Usage: groupdel [-D binddn] [-P path] group
groupdel - delete a group
-D binddn Use dn "binddn" to bind to the LDAP directory
-P path Search passwd, shadow and group file in "path"
--service srv Add account to nameservice 'srv'
--help Give this help list
-u, --usage Give a short usage message
-v, --version Print program version
Valid services for --service are: files, ldap
work:/home/scott #
|
Finally, let's delete the group:
work:/home/scott # groupdel suseuser work:/home/scott # |
There is quite an amount of advanced stuff that can be done with these commands. However, for simple user and group management on a system, the examples above should suffice. For user and group management over an SSH connection, these commands come in quite handy.
Reader Comments
- Excellent Thanks
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com