Understanding Linux File Permissions Removing User
If you want to remove a user from the system, the userdel command is what you need. By default, the userdel command removes only the user information from the /etc/passwd file. It doesn’t remove any files the account owns on the system.
If you use the -r parameter, userdel removes the user’s HOME directory, along with the user’s mail directory. However, other files owned by the deleted user account may still be on the system. This can be a problem in some environments.
Here’s an example of using the userdel command to remove an existing user account:
# /usr/sbin/userdel -r test
# ls -al /home/test
ls: cannot access /home/test: No such file or directory
#
After using the -r parameter, the user’s old /home/test directory no longer exists.
Each of these utilities provides a specific function for changing information about user accounts. The following sections describe each of these utilities.
The -L parameter is especially handy. Use this to lock an account so a user can’t log in without having to remove the account and the user’s data. To return the account to normal, just use the -U parameter.
# passwd test
Changing password for user test.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
#
If you just use the passwd command by itself, it changes your own password. Any user in the system can change his or her own password, but only the root user can change someone else’s password.
The -e option is a handy way to force a user to change the password on the next log in. This allows you to set the user’s password to a simple value and forces them to change it to something harder that they can remember.
If you ever need to do a mass password change for lots of users on the system, the chpasswd command can be a lifesaver. The chpasswd command reads a list of login name and password pairs (separated by a colon) from the standard input, automatically encrypts the password, and sets it for the user account. You can also use the redirection command to redirect a file of userid:password pairs into the command:
# chpasswd < users.txt
#
# chsh -s /bin/csh test
Changing shell for test.
Shell changed.
#
The chfn command provides a standard method for storing information in the comments field in the /etc/passwd file. Instead of just inserting random text, such as names or nicknames, or even just leaving the comment field blank, the chfn command uses specific information used in the Unix finger command to store information in the comment field. The finger command allows you to easily find information about people on your Linux system:
# finger rich
Login: rich Name: Rich Blum
Directory: /home/rich Shell: /bin/bash
On since Thu Sep 20 18:03 (EDT) on pts/0 from 192.168.1.2
No mail.
No Plan.
#
If you use the chfn command with no parameters, it queries you for the appropriate values to enter in to the comment field:
# chfn test
Changing finger information for test.
Name []: Ima Test
Office []: Director of Technology
Office Phone []: (123)555-1234
Home Phone []: (123)555-9876
Finger information changed.
# finger test
Login: test Name: Ima Test
Directory: /home/test Shell: /bin/csh
Office: Director of Technology Office Phone: (123)555-1234
Home Phone: (123)555-9876
Never logged in.
No mail.
No Plan.
#
If you now look at the entry in the /etc/passwd file, it looks like this:
# grep test /etc/passwd
test:x:504:504:Ima Test,Director of Technology,(123)555-
1234,(123)555-9876:/home/test:/bin/csh
#
All the finger information is neatly stored away in the /etc/passwd file entry. Finally, the chage command helps you manage the password aging process for user accounts. You need to set several parameters to individual values, shown in Table.
The chage date values can be expressed using one of two methods:
One neat feature of the chage command is that it allows you to set an expiration date for an account. Using this feature, you can create temporary user accounts that automatically expire on a set date, without your having to remember to delete them! Expired accounts are similar to locked accounts. The account still exists, but the user can’t log in with it.
Understanding Linux File Permissions Removing User |
If you use the -r parameter, userdel removes the user’s HOME directory, along with the user’s mail directory. However, other files owned by the deleted user account may still be on the system. This can be a problem in some environments.
Here’s an example of using the userdel command to remove an existing user account:
# /usr/sbin/userdel -r test
# ls -al /home/test
ls: cannot access /home/test: No such file or directory
#
After using the -r parameter, the user’s old /home/test directory no longer exists.
Caution
Be careful when using the -r parameter in an environment with lots of users. You never know if a user had important files stored in his or her HOME directory that are used by someone else or another program. Always check before removing a user’s HOME directory!
Modifying a user
Linux provides a few different utilities for modifying the information for existing user accounts. The Table shows these utilities.User Account Modification Utilities |
Each of these utilities provides a specific function for changing information about user accounts. The following sections describe each of these utilities.
usermod
The usermod command is the most robust of the user account modification utilities. It provides options for changing most of the fields in the /etc/passwd file. To do that, you just need to use the command line parameter that corresponds to the value you want to change. The parameters are mostly the same as the useradd parameters (such as -c to change the comment field, -e to change the expiration date, and -g to change the default login group). However, a couple of additional parameters might come in handy:- -l changes the login name of the user account.
- -L locks the account so the user can’t log in.
- -p changes the password for the account.
- -U unlocks the account so the user can log in.
The -L parameter is especially handy. Use this to lock an account so a user can’t log in without having to remove the account and the user’s data. To return the account to normal, just use the -U parameter.
passwd and chpasswd
A quick way to change just the password for a user is the passwd command:# passwd test
Changing password for user test.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
#
If you just use the passwd command by itself, it changes your own password. Any user in the system can change his or her own password, but only the root user can change someone else’s password.
The -e option is a handy way to force a user to change the password on the next log in. This allows you to set the user’s password to a simple value and forces them to change it to something harder that they can remember.
If you ever need to do a mass password change for lots of users on the system, the chpasswd command can be a lifesaver. The chpasswd command reads a list of login name and password pairs (separated by a colon) from the standard input, automatically encrypts the password, and sets it for the user account. You can also use the redirection command to redirect a file of userid:password pairs into the command:
# chpasswd < users.txt
#
chsh, chfn, and chage
The chsh, chfn, and chage utilities are specialized for specific account modification functions. The chsh command allows you to quickly change the default login shell for a user. You must use the full pathname for the shell, and not just the shell name:# chsh -s /bin/csh test
Changing shell for test.
Shell changed.
#
The chfn command provides a standard method for storing information in the comments field in the /etc/passwd file. Instead of just inserting random text, such as names or nicknames, or even just leaving the comment field blank, the chfn command uses specific information used in the Unix finger command to store information in the comment field. The finger command allows you to easily find information about people on your Linux system:
# finger rich
Login: rich Name: Rich Blum
Directory: /home/rich Shell: /bin/bash
On since Thu Sep 20 18:03 (EDT) on pts/0 from 192.168.1.2
No mail.
No Plan.
#
Note
Because of security concerns, many Linux system administrators disable the finger command on their systems, and many Linux distributions don’t even install it by default.
If you use the chfn command with no parameters, it queries you for the appropriate values to enter in to the comment field:
# chfn test
Changing finger information for test.
Name []: Ima Test
Office []: Director of Technology
Office Phone []: (123)555-1234
Home Phone []: (123)555-9876
Finger information changed.
# finger test
Login: test Name: Ima Test
Directory: /home/test Shell: /bin/csh
Office: Director of Technology Office Phone: (123)555-1234
Home Phone: (123)555-9876
Never logged in.
No mail.
No Plan.
#
If you now look at the entry in the /etc/passwd file, it looks like this:
# grep test /etc/passwd
test:x:504:504:Ima Test,Director of Technology,(123)555-
1234,(123)555-9876:/home/test:/bin/csh
#
All the finger information is neatly stored away in the /etc/passwd file entry. Finally, the chage command helps you manage the password aging process for user accounts. You need to set several parameters to individual values, shown in Table.
The chage Command Parameters |
The chage date values can be expressed using one of two methods:
- A date in YYYY-MM-DD format
- A numerical value representing the number of days since January 1, 1970
One neat feature of the chage command is that it allows you to set an expiration date for an account. Using this feature, you can create temporary user accounts that automatically expire on a set date, without your having to remember to delete them! Expired accounts are similar to locked accounts. The account still exists, but the user can’t log in with it.
0 Response to "Understanding Linux File Permissions Removing User"
Post a Comment