Peterceeau Linux Rhel User Management
Peterceeau Linux Rhel User Management
Notice
This information specifically relates to place of employment, but may be useful elsewhere.
Action Command
List users configured on local host awk -F: '/\/home/ {printf "%s:%s\n",$3,$1}' /etc/passwd | sort -n
List groups configured on local host awk -F: -v id="999" '$3 > id' /etc/group
For Users, the assumption is that they are non-system users if they have a /home directory
For Groups, the assumption is that they are non-system groups if gid is greater the 999
Refer to /etc/login.defs
Create User
where -M maximum number of days between password changes, -W number of days warning before password expires, -I inactive days after
password expires that account is locked, -d days since password changed (setting to 0 zero forces password change on next logon)
Expire password chage -d 0 firstname.lastname.suffix
(force password change)
Expire password and set account chage -d 0 -E YYYY-MM-DD firstname.lastname.suffix
expiry(for contractors)
List account aging information chage -l firstname.lastname.suffix
User accounts are in: firstname.lastname.accounttype format. These 3 variables are used by the user management scripts. Admin User
Account are suffixed with .nalx.
Service Accounts are prefixed with svc .
uid and gid are maintained in a central location to ensure uniformity across server fleet.
Account Management
cheatography.com/peterceeau/
Linux (RHEL) User Management Cheat Sheet
by PeterCeeAU via cheatography.com/58333/cs/15427/
The recommended method of securing an account is disabling by using the chage command. Locking of accounts by using usermod or
passwords by using passwd commands are not as effective. For example, an account which uses SSH does not use passwords.
Show list of last logged in users who are "still logged in" last -F | grep 'still logged in'
Non-standard aliases
Alias Command
lusers awk -F: '{ if ($3 > 999 && $3 < 60001) print $1 }' /etc/passwd | grep -v suffix | sort
ladmins awk -F: '{ if ($3 > 999 && $3 < 60001) print $1 }' /etc/passwd | grep suffix | sort
Where group information is collected from corresponding user entry in /etc/group and where addition information is collated from chage
command
Argument order is important (does not use getopt or getopts). Account Type - ALL (is the default option). Output Format: no specific option
required. Additional Info - GROUP info (is the default option).
# get-useraccounts
Based on function listusers / get-useraccounts (expanded version of the above custom functions lusers and ladmins). The get-usera‐
ccounts alias is in PowerShell (verb-noun) format so somewhat familiar for Windows Administrators.
https://github.com/PeterCeeAU/linux_user_management/blob/b473c53e3a9b83dad4246e6d24ae0109fcca7768/listusers
Could be saved as part of a function file or incorporated into the system alias file (/etc/profile.d/aliases.sh
).
cheatography.com/peterceeau/