Contents:

Introduction
Create, delete, and modify local groups and group memberships
Create, delete, and modify local user accounts (and groups)
Configure user resource limits
Manage: system-wide environment profiles, template user environment and user privileges



Introduction


In this article, I will walk you through the User and Group Management competences of the LFCS certification programme. The competences are as follows:

  • User and Group Management - 10%

    • Create, delete, and modify local user accounts
    • Create, delete, and modify local groups and group memberships
    • Manage system-wide environment profiles
    • Manage template user environment
    • Configure user resource limits
    • Manage user privileges
    • Configure PAM

Now, let us get on to it, as there is a lot interesting stuff to learn in this chapter.

 

Top



Create, delete, and modify local groups and group memberships


Exercise 1: create two new groups to work with


For starters, I will create two new groups to work with, called students and trainers.

sudo groupadd students
sudo groupadd trainers

Now, to check if they have been created, you can review the contents of the /etc/group file with the command:

cat /etc/group

#and the contents are:
...
...
alexandru:x:1000:alexandru
students:x:1001:
trainers:x:1002:

You can also see only the last lines of the file with the command:

tail -3 /etc/group

#and the output is only the last three lines:
alexandru:x:1000:alexandru
students:x:1001:
trainers:x:1002:

As you can see, the GID is set automatically and incremented by one from the previous created group, which in my case is the one created by default when my user was created at install.

NOTE

The alexandru group is called a User Private Group (UPG) and is the one created at user creation using the UID=GID. It is suppose to be private, but an administrator can easily add users to any UPG group if necessary.


Exercise 2: create a third group and delete one of the others


Now, I will create a third group named professors and I will delete the trainers group:

sudo groupadd professors
tail -4 /etc/group

#the output is:
alexandru:x:1000:alexandru
students:x:1001:
trainers:x:1002:
professors:x:1003:

Now, to delete the trainers group use the command:

sudo groupdel trainers
tail -3 /etc/group

#the output of the /etc/group file is:
alexandru:x:1000:alexandru
students:x:1001:
professors:x:1003:

As you can see, the entry for the group trainers was deleted, thus the group does not exist anymore. As it had no users, there is no problem for the moment.

Now, in order to modify groups and work with them, we will need to create some users. This will be done in the next chapter and I will continue working with group there.

 

Top



Create, delete, and modify local user accounts (and groups)


Exercise 1: create four user accounts


First let us create user accounts to work with. But they must have the following options set up: a comment that states there full name, set the default group to students or professors, the home directory, a default shell and perhaps some secondary groups that first would need to be created.

Create secondary groups administrative for the professors that are part of the administrative body in the school and studentleaders for the students that are part of the leaders body in their classroom:

sudo groupadd administrative
sudo groupadd studentleaders
tail -5 /etc/group

#the output is:
alexandru:x:1000:alexandru
students:x:1001:
professors:x:1003:
administrative:x:1004:
studentleaders:x:1005:

Create four user accounts:

sudo useradd -c "Student One" -g students -G studentleaders -m -d /home/stud1 -s /bin/bash stud1
tail -2 /etc/passwd

#last two lines of the file:
alexandru:x:1000:1000:alexandru:/home/alexandru:/bin/bash
stud1:x:1001:1001:Student One:/home/stud1:/bin/bash

To see the groups that stud1 is part of:

groups stud1

#the output is:
stud1 : students studentleaders

Let us analyze the entry for “Student One”:

  • the name is “Student One”
  • the home directory is set to /home/stud1
  • default shell is set to /bin/bash
  • it is a pure coincidence that GID=UID=1001, because the students group has GID 1001 being created after the UPG group alexandru - this will not be the same for the other users though

To see the contents of his home directory, use the commands:

sudo ls -la /home
total 0
drwxr-xr-x.  4 root      root       36 Mar 31 12:53 .
dr-xr-xr-x. 17 root      root      224 Mar 30 15:56 ..
drwx------.  2 alexandru alexandru  83 Mar 30 17:09 alexandru
drwx------.  2 stud1     students   62 Mar 31 12:53 stud1

sudo ls -la /home/stud1
total 12
drwx------. 2 stud1 students  62 Mar 31 12:53 .
drwxr-xr-x. 4 root  root      36 Mar 31 12:53 ..
-rw-r--r--. 1 stud1 students  18 Sep  6  2017 .bash_logout
-rw-r--r--. 1 stud1 students 193 Sep  6  2017 .bash_profile
-rw-r--r--. 1 stud1 students 231 Sep  6  2017 .bashrc

Details about the home directory creation

The reason you don’t see the usual contents of a Desktop Workstation of the home directory of user “stud1” is that I am using a minimal installation of CentOS 7. To see how the defaults are set for new users, you should review the /etc/skel directory on a minimal (server) installation of CentOS. In my case, this is showing like:

ls -la /etc/skel/
total 24
drwxr-xr-x.  2 root root   62 Mar 30 15:59 .
drwxr-xr-x. 74 root root 8192 Mar 31 12:53 ..
-rw-r--r--.  1 root root   18 Sep  6  2017 .bash_logout
-rw-r--r--.  1 root root  193 Sep  6  2017 .bash_profile
-rw-r--r--.  1 root root  231 Sep  6  2017 .bashrc

The configuration file that sets the defaults of user creation is /etc/default/useradd. You can do a cat on it. In my case, the output is this:

# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

Now, you may ask yourself how come the directory structure on a Desktop Workstation contains several directories that the minimal install of CentOS don’t have? Well, the answer is in the X Window manager config files, specifically the /etc/xdg/user-dirs.defaults file. Now, let us do a comparison between the minimal install of CentOS and the Desktop Workstation contents of the file named above.

First of all, on the Minimal Install CentOS there is no user-dirs.defaults file inside the xdg directory. Do an ls to see for yourself:

cd /etc/xdg/
ls -la
total 12
drwxr-xr-x.  4 root root   38 Mar 30 15:52 .
drwxr-xr-x. 74 root root 8192 Mar 31 12:53 ..
drwxr-xr-x.  2 root root    6 Nov  5  2016 autostart
drwxr-xr-x.  2 root root   18 Mar 30 15:59 systemd

Now, on the CentOS workstation install, the contents of the file are as follow:

cat /etc/xdg/user-dirs.defaults 
# Default settings for user directories
#
# The values are relative pathnames from the home directory and
# will be translated on a per-path-element basis into the users locale
DESKTOP=Desktop
DOWNLOAD=Downloads
TEMPLATES=Templates
PUBLICSHARE=Public
DOCUMENTS=Documents
MUSIC=Music
PICTURES=Pictures
VIDEOS=Videos
# Another alternative is:
#MUSIC=Documents/Music
#PICTURES=Documents/Pictures
#VIDEOS=Documents/Videos

Well, now you know why there are certain directories inside the /home directories or why some are missing on a minimal server install! Let us proceed now and create the other three user accounts.

Create the remaining three user accounts:

sudo useradd -c "Student Two" -g students -m -d /home/stud2 -s /bin/bash stud2
sudo useradd -c "Student Three" -g students -m -d /home/stud3 -s /bin/bash stud3
sudo useradd -c "Professor One" -g professors -G administrative -m -d /home/prof1 -s /bin/bash prof1
tail -5 /etc/passwd
#output:
alexandru:x:1000:1000:alexandru:/home/alexandru:/bin/bash
stud1:x:1001:1001:Student One:/home/stud1:/bin/bash
stud2:x:1002:1001:Student Two:/home/stud2:/bin/bash
stud3:x:1003:1001:Student Three:/home/stud3:/bin/bash
prof1:x:1004:1003:Professor One:/home/prof1:/bin/bash

#to see the groups that the users are part of, use the groups command:
groups prof1
prof1 : professors administrative
groups stud2
stud2 : students
groups stud3
stud3 : students
groups stud1
stud1 : students studentleaders

Now, a good thing would be to activate the accounts, because they are not activated as they don’t have a password set on them. For this, issue the command:

sudo passwd stud1
sudo passwd stud2
sudo passwd stud3
sudo passwd prof1

 

Top



Configure user resource limits


 

Top



Manage: system-wide environment profiles, template user environment and user privileges


 

Top