Lab 5 - Creating Users and Groups
Lab 5 - Creating Users and Groups
5.1 Introduction
This is Lab 5: Creating Users and Groups. By performing this lab, students will learn how to create a
new user account, establish the initial password for this account, and make other modifications such
as making the new user a member of a secondary group.
In this lab, you will perform the following tasks:
Previous
Next
Previous
Next
5.2.1 Step 1
In order to administer the user and group accounts, you will want to switch users to the root account
with the following command. Provide the root password netlab123 when prompted.
su -
sysadmin@localhost:~$ su -
Password:
root@localhost:~#
Previous
Next
5.2.2 Step 2
Use the groupadd command to create groups called research and sales:
groupadd -r research
root@localhost:~# groupadd -r research
root@localhost:~# groupadd -r sales
root@localhost:~#
The research and sales groups that were just added were added in the reserved range (between
1-999) because the -r option was used. With this option, Group Identifiers (GIDs) are automatically
assigned with a value of less than the lowest normal user UID. The groupadd command modifies
the /etc/group file where group account information is stored.
The groupmod command can be used with a -n option to change the name of either of these groups
or with the -g option in order to change the GID for either of the groups. The groupdel command
can be used to delete either of the groups, as long as neither of them have been made the primary
group for a user.
Previous
Next
5.2.3 Step 3
Use the getent command to retrieve information about the new research group:
Your output should appear similar to the example above although the GID that was assigned may be
different. Now that the research group has been created, existing or new users can be made
members of the group.
Previous
Next
5.2.4 Step 4
Use the grep command to retrieve information about the new sales group:
Your output should appear similar to the example above although the GID that was assigned may be
different. Now that the sales group has been created, existing or new users can be made members
of this group.
Previous
Next
5.2.5 Step 5
Use the groupmod command with the -n option to change the name of the sales group.
Now use the groupmod command with the -g option to change the GID for the group.
Important
Note that any files that had been in the sales group will now have no group name and will now
be orphaned files.
Previous
Next
5.2.6 Step 6
Delete the clerks group using the groupdel command along with the name of the group:
groupdel clerks
root@localhost:~# groupdel clerks
Use the grep command to verify that the clerks group has been removed:
Important
If you decide to delete a group with the groupdel command, be aware that any files that are owned
by that group will also become orphaned.
Previous
Next
Previous
Next
5.3.1 Step 1
View the default values used by the useradd command using the -D option:
useradd -D
root@localhost:~# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no
The SKEL value provides administrators with an easy way to populate a new user account with key
configuration files. It determines which skeleton directory will have its contents copied into the new
user’s home directory. The -k option on the useradd command allows a different SKEL directory
than the default to be used when creating a new user account. This is useful because most systems
have users that need access to different resources as appropriate to their job functions.
Previous
Next
5.3.2 Step 2
Set the INACTIVE parameter to allow users with expired passwords to log in for up to thirty days
before their accounts are disabled, then view the new default values. The -D option to
the useradd command will allow you to view or change some of the default values used by
the useradd command.
In the example below, the -D option specifies changes to the default values used when creating a
new user. The -f 30 option specifies that users who have expired passwords can still log in for up to
thirty days before their accounts are inactivated. Using the -D option by itself displays the current
defaults, which have been changed by the previous command.
useradd -D -f 30
useradd -D
root@localhost:~# useradd -D -f 30
root@localhost:~# useradd -D
GROUP=100
HOME=/home
INACTIVE=30
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no
root@localhost:~#
Previous
Next
5.3.3 Step 3
Modify the CREATE_MAIL_SPOOL value in the /etc/default/useradd file using the nano text
editor:
nano /etc/default/useradd
root@localhost:~# nano /etc/default/useradd
Previous
Next
5.3.4 Step 4
Press the down arrow key to scroll to the bottom of the file:
Previous
Next
5.3.5 Step 5
On the CREATE_MAIL_SPOOL=no line, backspace over the no and type yes:
Press Ctl + X to exit and type Y. Press Enter to save your changes then type useradd -D at the
prompt to confirm the new setting:
useradd -D
root@localhost:~# useradd -D
GROUP=100
HOME=/home
INACTIVE=30
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
Previous
Next
5.3.6 Step 6
Create a new user named student who is a secondary member of the research group and a
primary member of their own private group. Use a comment of Linux Student that will appear as
the full name of the user when they do a graphical login. Make sure that their home directory will be
created by specifying the -m option. Then use grep to verify the new user and their group
memberships:
The user's account information is stored in the /etc/passwd and /etc/shadow files. The user's
group information can be found in the /etc/passwd and /etc/group files.
Previous
Next
5.3.7 Step 7
Use the usermod command to add the research group as a secondary group for
the sysadmin user:
Users who are actively logged into the system will not be able to use any new group memberships
until the next time they log into the system.
Previous
Next
5.3.8 Step 8
Using the getent command, view the research group members again:
Next, use getent to show the passwd and shadow databases for the student user:
The output should now show that both sysadmin and student are secondary members of
the research group.
The GID of the student group matches the fourth field of the passwd information for
the student user. This is what makes the student a primary member of the student group.
Finally, the ! appearing in the second password field of the shadow file, shows that the password for
the student has not been set.
Previous
Next
5.3.9 Step 9
Use the passwd command to set the password, netlab123, for the student user. Enter the
password twice then view the shadow file entry for the student user again:
passwd student
root@localhost:~# passwd student
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Note
No characters will appear when typing the password.
The output from the /etc/shadow file now shows an encrypted password in the second field:
Previous
Next
5.3.10 Step 10
Just because a user has a password doesn't mean that they have ever logged into the system. Use
the last command to see if the student user has ever logged in:
last
last student
root@localhost:~# last
sysadmin console Thu Jan 3 21:44 still logged in
wtmp begins Thu Jan 3 21:44:06 2019
root@localhost:~# last student
wtmp begins Thu Jan 3 21:44:06 2019
root@localhost:~#
The output of the last command should show that the sysadmin user has logged in before, but not
the student user. There is also a lastb command, which works similar to the last command
except that it shows "bad" or failed login attempts.
If you no longer wanted the student user to have access to the system, then the usermod -L
student command could be used to "lock" the account. The account could be unlocked with
the usermod -U student command.
Previous
Next
5.3.11 Step 11
A more permanent solution to preventing access to the student account would be to delete the
account with either the userdel student or userdel -r student commands. Using the -r option
with the userdel command removes the user's home directory and mail, in addition to deleting the
user's account.
Delete the student account and remove the user's home directory:
userdel -r student
root@localhost:~# userdel -r student
Use grep to verify the student user has been removed.
root@localhost:~# grep student /etc/group
root@localhost:~#
Previous
Next