0% found this document useful (0 votes)

9 views2 pages

Peterceeau Linux Rhel User Management

This cheat sheet provides commands for user and group management in Linux (RHEL), including creating users, setting passwords, managing account aging, and disabling accounts. It also includes commands for listing logged-on users and non-standard aliases for user management. The document emphasizes the importance of using the chage command for account security and provides a function for retrieving user information.

Uploaded by

EiRsVi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

9 views2 pages

Peterceeau Linux Rhel User Management

Uploaded by

EiRsVi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

Linux (RHEL) User Management Cheat Sheet

by PeterCeeAU via cheatography.com/58333/cs/15427/

Notice

This information specifically relates to place of employment, but may be useful elsewhere.

User and Group Management

Action Command
List users configured on local host awk -F: '/\/home/ {printf "%s:%s\n",$3,$1}' /etc/passwd | sort -n

List groups configured on local host awk -F: -v id="999" '$3 > id' /etc/group

For Users, the assumption is that they are non-system users if they have a /home directory
For Groups, the assumption is that they are non-system groups if gid is greater the 999
Refer to /etc/login.defs

Create User

Create user useradd -c "Firstname Lastname" -d /home/

firstname.lastname.suffix
-u
<uid> -g <gid> -m -s /bin/bash firstname.lastname.suffix

Create user (shorter) useradd -c "Firstname Lastname" -u <uid> -g <gid>

firstname.lastn‐
ame.suffix

Set password passwd firstname.lastname.suffix

Set account aging policy chage -M 90 -W 7 -I 30 -d 0 firstname.lastname.suffix

where -M maximum number of days between password changes, -W number of days warning before password expires, -I inactive days after
password expires that account is locked, -d days since password changed (setting to 0 zero forces password change on next logon)
Expire password chage -d 0 firstname.lastname.suffix
(force password change)
Expire password and set account chage -d 0 -E YYYY-MM-DD firstname.lastname.suffix
expiry(for contractors)
List account aging information chage -l firstname.lastname.suffix

User accounts are in: firstname.lastname.accounttype format. These 3 variables are used by the user management scripts. Admin User
Account are suffixed with .nalx.
Service Accounts are prefixed with svc .
uid and gid are maintained in a central location to ensure uniformity across server fleet.

Account Management

Disable account chage -E0 firstname.lastname.suffix

(most effective method)
Re-enable account chage -E1 firstname.lastname.suffix

Lock account usermod -L username

Check lock status grep username /etc/shadow

single exclamation mark before encrypted password means account locked
Lock password passwd -l username

Unlock password passwd -u username

By PeterCeeAU Published 6th September, 2021. Sponsored by CrosswordCheats.com

Last updated 6th September, 2021. Learn to solve cryptic crosswords!
Page 1 of 2. http://crosswordcheats.com

cheatography.com/peterceeau/
Linux (RHEL) User Management Cheat Sheet
by PeterCeeAU via cheatography.com/58333/cs/15427/

Account Management (cont)

Check password status grep username /etc/shadow

two exclamation marks before encrypted password means password locked
Check whether password ever set grep username /etc/shadow
two exclamation marks with no encrypted password means password has never been set
Extend account expiry chage -E YYYY-MM-DD firstname.lastname.suffix
(for contractors)

The recommended method of securing an account is disabling by using the chage command. Locking of accounts by using usermod or
passwords by using passwd commands are not as effective. For example, an account which uses SSH does not use passwords.

List Logged On Users

Show who is logged on who

Show who is logged on and what they are doing w

Show list of last logged in users who are "still logged in" last -F | grep 'still logged in'

Print name of users currently logged in to local host users

Non-standard aliases

Alias Command
lusers awk -F: '{ if ($3 > 999 && $3 < 60001) print $1 }' /etc/passwd | grep -v suffix | sort

ladmins awk -F: '{ if ($3 > 999 && $3 < 60001) print $1 }' /etc/passwd | grep suffix | sort

These are functions stored in /etc/profile.d/aliases.sh

. Again, refer to /etc/login.defs
for UID_MIN and UID_MAX and
GID_MIN and GID_MAX values

Get User Information Function

# get-useraccounts [Account Type: ALL|normal|admins|service] [Output Format:name|descripti‐

Where group information is collected from corresponding user entry in /etc/group and where addition information is collated from chage
command
Argument order is important (does not use getopt or getopts). Account Type - ALL (is the default option). Output Format: no specific option
required. Additional Info - GROUP info (is the default option).
# get-useraccounts

# get-useraccounts service csv group

# get-useraccounts admins tablefull complete

Based on function listusers / get-useraccounts (expanded version of the above custom functions lusers and ladmins). The get-usera‐
ccounts alias is in PowerShell (verb-noun) format so somewhat familiar for Windows Administrators.

https://github.com/PeterCeeAU/linux_user_management/blob/b473c53e3a9b83dad4246e6d24ae0109fcca7768/listusers

Could be saved as part of a function file or incorporated into the system alias file (/etc/profile.d/aliases.sh
).