Various commands for the LFCS User and Group Management domain, which at the time of this post can be found at https://training.linuxfoundation.org/images/pdfs/LFCS_Domains_Competencies_V2.16.pdf
ulimit
Provides control over the resources available to the shell and to processes started by it, on systems that allow such control
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
|
Config file in /etc/security/limits.conf
- list current limits
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
|
quotacheck
scan a filesystem for disk usage, create, check and repair quota files
quotaon, quotaoff
turn filesystem quotas on and off
repquota
summarize quotas for a filesystem
setquota
set disk quotas
edquota
edit user quotas
pwscore
simple configurable tool for checking quality of a password
password is read from stdin
It either reports an error if the password fails any of the checks, or it prints out the password quality score as an integer value between 0 and 100.
getent
get entries from Name Service Switch libraries
- enumerate networks
1 2 3 4 |
|
set
list shell attributes
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
|
-o
+o
Example: noclobber protects files from being accidentally overwritten with >. To set it at login, add it in .bashrc. You can still overwrite with: >|
who
show who is logged on
1 2 3 4 |
|
- b # time of last system boot
1 2 |
|
- q # all login names and number of users logged on
1 2 3 |
|
- r # print current runlevel
1 2 |
|
id
print real and effective user and group IDs
- print all group IDs
1 2 |
|
- print group names
1 2 |
|
useradd
create a new user or update default new user information
- -c # Any text string. It is generally a short description of the login, and is currently used as the field for the user’s full name.
- -e # expire date. The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.
If not specified, useradd will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default.
- -g # The group name or number of the user’s initial login group. The group name must exist. A group number must refer to an already existing group.
- -G # A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace
- -m # Create the user’s home directory if it does not exist
-s # The name of the user’s login shell
create user, specify primary and supplementary groups, create home directory, specify login shell
1 2 3 |
|
- list defaults
1 2 3 4 5 6 7 8 |
|
adduser
- symlink to useradd on CentOS, Perl script on Debian / Ubuntu
usermod
modify a user account
- -c # new comment
- -d # new home directory
- -l # new login name
- -s # new shell
chsh
change your login shell
-s # new shell
list shells
1 2 3 4 5 6 7 8 9 |
|
userdel
delete a user account and related files
chpasswd
update passwords in batch mode
The chpasswd command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. Each line is of the format:
user_name:password
This command is intended to be used in a large system environment where many accounts are created at a single time.
chage
change user password expiry information
- set password expiration date and list account aging information
1 2 3 4 5 6 7 8 9 |
|
pwconv
creates shadow from passwd and an optionally existing shadow.
pwunconv
creates passwd from passwd and shadow and then removes shadow.
grpconv
creates gshadow from group and an optionally existing gshadow.
grpunconv
creates group from group and gshadow and then removes gshadow.
newgrp
log in to a new group – change the current group ID during a login session
groupadd
create a new group
- -g # GID value
gpasswd
administer /etc/group and /etc/gshadow
- -a # add user to group
- -d # delete user from group
- -M # set list of group members
chgrp
change group ownership
chgrp [OPTION]… GROUP FILE
- -R # operate on files and directories recursively
1 2 3 4 5 6 7 8 9 |
|