Managing Users in Unix

Introduction- the basics:

• Review Access Control
• Review File System

• Original Unix principles:
• Objects (files/processes) have owners.
• You own new objects you create
• A special user account called root can act as owner of any object.
  
• Only root can perform sensitive admin operations
• Every file has an owner and a group
• Kernel tracks access through user identification numbers (UIDs) and group identification numbers (GIDs)
• Access maintained through three files
  
• /etc/passwd   : 7 fields including user name, optional password, userid, group id,....
  
• /etc/shadow:  9 fields, includes user name, encrypted password (see man shadow)
  
• /etc/group:     :      group_name:passwd:GID:user_list
• jjm:x:1000    the x says no password
• sudo:x:27:jjm  this says  jjm is a member of group sudo

• Manual steps for adding users
  • edit passwd and group files
  • setting a password
  • create home direcotires and install startup files
  • Set home permissions
  • configure roles and admin privileges
• Automating adding users:
  • low leverl routines: useradd, userdel
  • scripts: adduser, deluser
  • note: i usually use useradd and then 'deluser -r xxx ' to remove a user completely from the system
• To lock out a user
  • sudo pw lock userid (or usermod -L userid)
  • sudo pw unlock userid (usermod -U userid)

Last update: 3/4/2018