0% found this document useful (0 votes)
9 views2 pages

Peterceeau Linux Rhel User Management

This cheat sheet provides commands for user and group management in Linux (RHEL), including creating users, setting passwords, managing account aging, and disabling accounts. It also includes commands for listing logged-on users and non-standard aliases for user management. The document emphasizes the importance of using the chage command for account security and provides a function for retrieving user information.

Uploaded by

EiRsVi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
9 views2 pages

Peterceeau Linux Rhel User Management

This cheat sheet provides commands for user and group management in Linux (RHEL), including creating users, setting passwords, managing account aging, and disabling accounts. It also includes commands for listing logged-on users and non-standard aliases for user management. The document emphasizes the importance of using the chage command for account security and provides a function for retrieving user information.

Uploaded by

EiRsVi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Linux (RHEL) User Management Cheat Sheet

by PeterCeeAU via cheatography.com/58333/cs/15427/

Notice

This inform​ation specif​ically relates to place of employ​ment, but may be useful elsewhere.

User and Group Management

Action Command
List users configured on local host awk -F: '/\/home/ {printf "​%s:​%s​\n",$​3,$1}' /etc/p​asswd | sort -n

List groups configured on local host awk -F: -v id="​999​" '$3 > id' /etc/group

For Users, the assumption is that they are non-system users if they have a /home directory
For Groups, the assumption is that they are non-system groups if gid is greater the 999
Refer to /etc/l​ogi​n.defs

Create User

Create user useradd -c "​Fir​stname Lastna​me" -d /home/


firstn​ame.la​stn​ame.suffix
-u
<ui​d> -g <gi​d> -m -s /bin/bash firstn​ame.la​stn​ame.suffix

Create user (shorter) useradd -c "​Fir​stname Lastna​me" -u <ui​d> -g <gi​d>


firstn​ame.la​stn​‐
ame.suffix

Set password passwd firstn​ame.la​stn​ame.suffix

Set account aging policy chage -M 90 -W 7 -I 30 -d 0 firstn​ame.la​stn​ame.suffix

where -M maximum number of days between password changes, -W number of days warning before password expires, -I inactive days after
password expires that account is locked, -d days since password changed (setting to 0 zero forces password change on next logon)
Expire password chage -d 0 firstn​ame.la​stn​ame.suffix
(force password change)
Expire password and set account chage -d 0 -E YYYY-MM-DD firstn​ame.la​stn​ame.suffix
expiry​(fo​r co​ntr​actors)
List account aging inform​ation chage -l firstn​ame.la​stn​ame.suffix

User accounts are in: firstn​ame.la​stn​ame.ac​cou​nttype format. These 3 variables are used by the user management scripts. Admin User
Account are suffixed with .nalx.
Service Accounts are prefixed with svc .
uid and gid are maintained in a central location to ensure uniformity across server fleet.

Account Management

Disable account chage -E0 firstn​ame.la​stn​ame.suffix


(most effective method)
Re-enable account chage -E1 firstn​ame.la​stn​ame.suffix

Lock account usermod -L username

Check lock status grep username /etc/s​hadow


single exclam​ation mark before encrypted password means account locked
Lock password passwd -l username

Unlock password passwd -u username

By PeterCeeAU Published 6th September, 2021. Sponsored by CrosswordCheats.com


Last updated 6th September, 2021. Learn to solve cryptic crosswords!
Page 1 of 2. http://crosswordcheats.com

cheatography.com/peterceeau/
Linux (RHEL) User Management Cheat Sheet
by PeterCeeAU via cheatography.com/58333/cs/15427/

Account Management (cont)

Check password status grep username /etc/s​hadow


two exclam​ation marks before encrypted password means password locked
Check whether password ever set grep username /etc/s​hadow
two exclam​ation marks with no encrypted password means password has never been set
Extend account expiry chage -E YYYY-MM-DD firstn​ame.la​stn​ame.suffix
(for contra​ctors)

The recomm​ended method of securing an account is disabling by using the chage command. Locking of accounts by using usermod or
passwords by using passwd commands are not as effective. For example, an account which uses SSH does not use passwords.

List Logged On Users

Show who is logged on who

Show who is logged on and what they are doing w

Show list of last logged in users who are "​still logged in" last -F | grep 'still logged in'

Print name of users currently logged in to local host users

Non-st​andard aliases

Alias Command
lusers awk -F: '{ if ($3 > 999 && $3 < 60001) print $1 }' /etc/p​asswd | grep -v suffix | sort

ladmins awk -F: '{ if ($3 > 999 && $3 < 60001) print $1 }' /etc/p​asswd | grep suffix | sort

These are functions stored in /etc/p​rof​ile.d/​ali​ases.sh


. Again, refer to /etc/l​ogi​n.defs
for UID_MIN and UID_MAX and
GID_MIN and GID_MAX values

Get User Inform​ation Function

# get-us​era​ccounts [Account Type: ALL|no​rma​l|a​dmi​ns|​ser​vice] [Output Format​:na​me|​des​cri​pti​‐


on|​alm​ost​all​|cs​v|t​able] [Addit​ional Info: GROUP|​nog​rou​p|c​omp​lete]

Where group inform​ation is collected from corres​ponding user entry in /etc/group and where addition inform​ation is collated from chage
command
Argument order is important (does not use getopt or getopts). Account Type - ALL (is the default option). Output Format: no specific option
required. Additional Info - GROUP info (is the default option).
# get-us​era​ccounts

# get-us​era​ccounts service csv group

# get-us​era​ccounts admins tablefull complete

Based on function listusers / get-us​era​ccounts (expanded version of the above custom functions lusers and ladmins). The get-us​era​‐
ccounts alias is in PowerShell (verb-​noun) format so somewhat familiar for Windows Admini​str​ators.

https:​//g​ith​ub.c​om​/Pe​ter​Cee​AU/​lin​ux_​use​r_m​ana​gem​ent​/bl​ob/​b47​3c5​3e3​a9b​83d​ad4​246​e6d​24a​e01​09f​cca​776​8/l​ist​users

Could be saved as part of a function file or incorp​orated into the system alias file (/etc/p​rof​ile.d/​ali​ases.sh
).

By PeterCeeAU Published 6th September, 2021. Sponsored by CrosswordCheats.com


Last updated 6th September, 2021. Learn to solve cryptic crosswords!
Page 2 of 2. http://crosswordcheats.com

cheatography.com/peterceeau/

You might also like