Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

06-users.md #1947

Merged
merged 1 commit into from
Mar 20, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 22 additions & 22 deletions docs/books/admin_guide/06-users.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ In this chapter you will learn how to manage users.

## General

Each user must have a group, which is called the user's **primary group**.
Each user must have a group called the user's **primary group**.

Several users can be part of the same group.

Expand All @@ -41,7 +41,7 @@ Groups and users are managed by their unique numerical identifiers `GID` and `UI
* `UID`: *User IDentifier*. Unique user ID.
* `GID`: *Group IDentifier*. Unique group identifier.

Both UID and GID are recognized by the kernel, which means that the Super Admin is not necessarily the **root** user, as long as the **uid=0** user is the Super Admin.
The kernel recognizes Both UID and GID, meaning that the Super Admin is not necessarily the **root** user, as long as the **uid=0** user is the Super Admin.

The files related to users/groups are:

Expand Down Expand Up @@ -129,7 +129,7 @@ sudo groupmod -n GroupC GroupB
|`-g GID` | New `GID` of the group to modify.
|`-n name` | New name.

It is possible to change the name of a group, its `GID` or both simultaneously.
It is possible to change the name of a group, its `GID`, or both simultaneously.

After modification, the files belonging to the group have an unknown `GID`. They must be reassigned to the new `GID`.

Expand Down Expand Up @@ -179,7 +179,7 @@ sudo groupdel GroupC

!!! Tip

Each group has a unique `GID`. A group can be used by multiple users as a supplementary group. By convention, The GID of super administrator is 0. The GIDS reserved for some services or processes are 201-999, called system groups or pseudo user groups. The GID for users is usually greater than or equal to 1000. These are related to <font color=red>/etc/login.defs</font>, which we will talk about later.
Each group has a unique `GID`. Multiple users can use a group as a supplementary group. By convention, The GID of the super administrator is 0. The GIDS reserved for some services or processes is 201-999, called system groups or pseudo-user groups. The GID for users is usually greater than or equal to 1000. These are related to <font color=red>/etc/login.defs</font>, which we will talk about later.

```bash
# Comment line ignored
Expand Down Expand Up @@ -244,7 +244,7 @@ GroupA:$6$2,9,v...SBn160:alain:rockstar

!!! Warning

The name of the group in **/etc/group** and **/etc/gshadow** must correspond one by one, that is, each line in the **/etc/group** file must have a corresponding line in the **/etc/gshadow** file.
The name of the group in **/etc/group** and **/etc/gshadow** must correspond one by one. That is, each line in the **/etc/group** file must have a corresponding line in the **/etc/gshadow** file.

An `!` in the password indicates it is locked.
Thus, no user can use the password to access the group (since group members do not need it).
Expand Down Expand Up @@ -296,13 +296,13 @@ sudo useradd -u 1000 -g 1013 -d /home/GroupC/carine carine
|`-d directory` | Creates the home directory. |
|`-s shell` | Specifies the user's shell. |
|`-c COMMENT` | Adds a comment. |
|`-U` | Adds the user to a group with the same name created simultaneously. If not specified, creation of a group with the same name occurs when creating the user. |
|`-U` | Adds the user to a group with the same name created simultaneously. If not specified, the creation of a group with the same name occurs when creating the user. |
|`-M` | Does not create the user's home directory. |
|`-r` | Creates a system account. |

At creation, the account has no password and is locked.

A password must be assigned to unlock the account.
The user must assign a password to unlock the account.

When invoking the `useradd` command without any options, the following default settings are set for the new user:

Expand Down Expand Up @@ -333,19 +333,19 @@ test1:!::

Account naming rules:

* Lowercase letters, numbers and underscores are allowed, and other special characters such as asterisks, percent signs, full-width symbols are not accepted.
* Lowercase letters, numbers, and underscores are allowed; other special characters such as asterisks, percent signs, and full-width symbols are not accepted.
* Although you can use an uppercase user name in RockyLinux, we do not recommend it;
* It is not recommended to start with numbers and underscores, although you may be allowed to do so;
* Different from the name of an existing group or system file;
* The user name can contain up to 32 characters.

!!! Warning

The home directory tree must be created except for the last directory.
The user must create the home directory, except for the last directory.

The last directory is created by the `useradd` command, which takes the opportunity to copy the files from `/etc/skel` into it.

**A user can belong to several groups in addition to their primary group.**
**A user can belong to several groups besides their primary group.**

Example:

Expand Down Expand Up @@ -425,7 +425,7 @@ Where `1000` is the old `UID` and `1044` is the new one. Examples are as follows
sudo find / -uid 1000 -exec chown 1044: {} \;
```

Locking and unlocking of user account, Examples are as follows:
Locking and unlocking of user accounts. Examples are as follows:

```bash
$ usermod -L test1
Expand Down Expand Up @@ -459,7 +459,7 @@ uid=1000(test1) gid=1000(test1) groups=1000(test1),1003(groupB),1004(groupC),100

### `userdel` command

The `userdel` command allows you to delete a user's account.
The <0>userdel</0> command lets you delete a user's account.

```bash
sudo userdel -r carine
Expand Down Expand Up @@ -533,7 +533,7 @@ $ echo $(($(date --date="2018-07-06" +%s)/86400+1))

All files necessarily belong to one user and one group.

The primary group of the user creating the file is, by default, the group that owns the file.
By default, the primary group of the user creating the file is the group that owns the file.

### Modification commands

Expand Down Expand Up @@ -722,7 +722,7 @@ root

### `passwd` command

The `passwd` command is used to manage a password.
The <0>passwd</0> command manages a password.

```bash
passwd [-d] [-l] [-S] [-u] [login]
Expand Down Expand Up @@ -766,11 +766,11 @@ sudo passwd alain

!!! Note

The `passwd` command is available to users to change their password (the old password is requested). The administrator can change the passwords of all users without restriction.
Users can use the `passwd` command to change their passwords (the old password is requested). The administrator can change the passwords of all users without restriction.

They will have to comply with the security restrictions.

When managing user accounts by shell script, it may be useful to set a default password after creating the user.
When managing user accounts by shell script, setting a default password after creating the user may be useful.

This can be done by passing the password to the `passwd` command.

Expand All @@ -782,11 +782,11 @@ sudo echo "azerty,1" | passwd --stdin philippe

!!! Warning

The password is entered in clear text, `passwd` takes care of encrypting it.
The password is entered in clear text, `passwd` encrypts it.

### `chage` command

The `chage` command is change user password expiry information.
The `chage` command is to change user password expiry information.

```bash
chage [-d date] [-E date] [-I days] [-l] [-m days] [-M days] [-W days] [login]
Expand Down Expand Up @@ -814,7 +814,7 @@ Examples:
# The `chage` command also offers an interactive mode.
$ sudo chage philippe

# The `-d` option forces the password to be changed at login.
# The `-d` option changes the password when logging in.
$ sudo chage -d 0 philippe
```

Expand All @@ -840,7 +840,7 @@ This file contains the default data settings.

!!! Tip

When creating a user, if the options are not specified, the system uses the default values defined in `/etc/default/useradd`.
If the options are not specified when creating a user, the system uses the default values defined in `/etc/default/useradd`.

This file is modified by the command `useradd -D` (`useradd -D` entered without any other option displays the contents of the `/etc/default/useradd` file).

Expand Down Expand Up @@ -898,7 +898,7 @@ USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512
```

`UMASK 022`: This means that the permission to create a file is 755 (rwxr-xr-x). However, for the sake of security, GNU/Linux does not have **x** permission for newly created files. This restriction applies to root(uid=0) and ordinary users(uid>=1000). For example:
`UMASK 022`: This means that the permission to create a file is 755 (rwxr-xr-x). However, for security, GNU/Linux does not have **x** permission for newly created files. This restriction applies to root(uid=0) and ordinary users(uid>=1000). For example:

```bash
Shell > touch a.txt
Expand Down Expand Up @@ -928,7 +928,7 @@ These files are automatically copied from the `/etc/skel` directory.
* `.bash_profile`
* `.bashrc`

All files and directories placed in this directory will be copied to the user tree when they are created.
All files and directories placed in this directory will be copied to the user tree when created.

## Identity change

Expand Down
Loading