[RHCSA] 08 – Manage users and groups

08.1 – Create, delete, and modify local user accounts

Overview

Managing user accounts is a fundamental task in system administration. This guide covers how to create, delete, and modify local user accounts using command-line tools such as useradd, usermod, and userdel.

Creating Local User Accounts

Using useradd

The useradd command is used to create new user accounts.

Syntax

sudo useradd [options] <username>

Examples

1. Create a User with Default Settings:

sudo useradd alice

1. Create a User with a Home Directory:

sudo useradd -m bob

1. Create a User with a Specific Home Directory:

sudo useradd -m -d /home/customdir charlie

1. Create a User with a Specific Shell:

sudo useradd -s /bin/bash dave

1. Create a User with a Specific User ID (UID):

sudo useradd -u 1001 eve

1. Create a User with a Specific Group ID (GID):

sudo useradd -g 1001 frank

Setting User Passwords

Use the passwd command to set or change a user’s password.

Syntax

sudo passwd <username>

Example

Set the password for user alice:

sudo passwd alice

Deleting Local User Accounts

Using userdel

The userdel command is used to delete user accounts.

Syntax

sudo userdel [options] <username>

Examples

1. Delete a User Account:

sudo userdel alice

1. Delete a User Account and Their Home Directory:

sudo userdel -r bob

Modifying Local User Accounts

Using usermod

The usermod command is used to modify existing user accounts.

Syntax

sudo usermod [options] <username>

Examples

1. Change a User’s Home Directory:

sudo usermod -d /new/home/dir -m charlie

1. Change a User’s Shell:

sudo usermod -s /bin/zsh dave

1. Change a User’s User ID (UID):

sudo usermod -u 2001 eve

1. Change a User’s Group ID (GID):

sudo usermod -g 2001 frank

1. Add a User to a Supplementary Group:

sudo usermod -aG wheel alice

1. Lock a User Account:

sudo usermod -L bob

1. Unlock a User Account:

sudo usermod -U bob

Practical Examples

Example 1: Create a User with a Home Directory and Specific Shell

1. Create the User:

sudo useradd -m -s /bin/bash alice

1. Set the User’s Password:

sudo passwd alice

Example 2: Delete a User and Their Home Directory

1. Delete the User:

sudo userdel -r bob

Example 3: Modify a User’s Home Directory and Shell

1. Change the User’s Home Directory:

sudo usermod -d /new/home/dir -m charlie

1. Change the User’s Shell:

sudo usermod -s /bin/zsh charlie

Example 4: Add a User to a Supplementary Group

1. Add the User to the wheel Group:

sudo usermod -aG wheel dave

Example 5: Lock and Unlock a User Account

1. Lock the User Account:

sudo usermod -L eve

1. Unlock the User Account:

sudo usermod -U eve

Additional Tips

• Check User Information:Use the id command to check user information.

id alice

• List All Users:Use the getent passwd command to list all users.

getent passwd

• Check User’s Home Directory:Use the ls command to check the contents of a user’s home directory.

ls -l /home/alice

• Check User’s Groups:Use the groups command to check the groups a user belongs to.

groups alice

• Create a User with an Expiry Date:Use the -e option with useradd to set an account expiry date.

sudo useradd -e 2023-12-31 alice

• Change a User’s Password Expiry Information:Use the chage command to change password expiry information.

sudo chage -l alice

Conclusion

Creating, deleting, and modifying local user accounts is essential for managing system access and security. Mastery of these tasks ensures that user accounts are managed efficiently and securely, which is crucial for the RHCSA exam.

These notes should help you understand how to create, delete, and modify local user accounts for the RHCSA exam.

08.2 – Change passwords and adjust password aging for local user accounts

Overview

Managing user passwords and configuring password aging policies are essential tasks for maintaining system security. This guide covers how to change user passwords and adjust password aging settings using commands like passwd and chage.

Changing User Passwords

Using passwd

The passwd command is used to change user passwords.

Syntax

sudo passwd <username>

Examples

1. Change Your Own Password:

passwd

1. Change Another User’s Password:

sudo passwd alice

1. Force a User to Change Password at Next Login:

sudo passwd -e alice

Example: Change a User’s Password

1. Change the Password for User alice:

sudo passwd alice

1. Force User alice to Change Password at Next Login:

sudo passwd -e alice

Adjusting Password Aging

Using chage

The chage command is used to adjust password aging policies for user accounts.

Syntax

sudo chage [options] <username>

Options

• -l: List password aging information.
• -m: Set the minimum number of days between password changes.
• -M: Set the maximum number of days a password is valid.
• -W: Set the number of days of warning before a password expires.
• -I: Set the number of days after password expiration until the account is locked.
• -E: Set the account expiration date.

Examples

1. List Password Aging Information:

sudo chage -l alice

1. Set Minimum Days Between Password Changes:

sudo chage -m 7 alice

1. Set Maximum Days a Password is Valid:

sudo chage -M 90 alice

1. Set Days of Warning Before Password Expires:

sudo chage -W 7 alice

1. Set Days After Password Expiration Until Account is Locked:

sudo chage -I 30 alice

1. Set Account Expiration Date:

sudo chage -E 2023-12-31 alice

Example: Adjust Password Aging for a User

1. List Password Aging Information for User alice:

sudo chage -l alice

1. Set Minimum Days Between Password Changes to 7:

sudo chage -m 7 alice

1. Set Maximum Days a Password is Valid to 90:

sudo chage -M 90 alice

1. Set Days of Warning Before Password Expires to 7:

sudo chage -W 7 alice

1. Set Days After Password Expiration Until Account is Locked to 30:

sudo chage -I 30 alice

1. Set Account Expiration Date to December 31, 2023:

sudo chage -E 2023-12-31 alice

Practical Examples

Example 1: Change a User’s Password and Force Password Change at Next Login

1. Change the Password for User bob:

sudo passwd bob

1. Force User bob to Change Password at Next Login:

sudo passwd -e bob

Example 2: Adjust Password Aging for a User

1. List Password Aging Information for User charlie:

sudo chage -l charlie

1. Set Minimum Days Between Password Changes to 10:

sudo chage -m 10 charlie

1. Set Maximum Days a Password is Valid to 60:

sudo chage -M 60 charlie

1. Set Days of Warning Before Password Expires to 5:

sudo chage -W 5 charlie

1. Set Days After Password Expiration Until Account is Locked to 15:

sudo chage -I 15 charlie

1. Set Account Expiration Date to June 30, 2023:

sudo chage -E 2023-06-30 charlie

Additional Tips

• Check Current Password Policies:Use the chage -l command to check the current password policies for a user.

sudo chage -l alice

• Set Default Password Aging Policies:Edit the /etc/login.defs file to set default password aging policies for new users.

sudo nano /etc/login.defs

Example Entries:

PASS_MAX_DAYS   90PASS_MIN_DAYS   7PASS_WARN_AGE   7

• Lock and Unlock User Accounts:Use the passwd command to lock and unlock user accounts.Lock a User Account:

sudo passwd -l alice

Unlock a User Account:

sudo passwd -u alice

• Force All Users to Change Passwords at Next Login:Use a loop to force all users to change their passwords at the next login.

for user in $(cut -f1 -d: /etc/passwd); do sudo passwd -e $user; done

Conclusion

Changing passwords and adjusting password aging policies are essential for maintaining system security. Mastery of these tasks ensures that user accounts are managed securely and efficiently, which is crucial for the RHCSA exam.

These notes should help you understand how to change passwords and adjust password aging for local user accounts for the RHCSA exam.

08.3 – Create, delete, and modify local groups and group memberships

Overview

Managing groups and group memberships is essential for controlling access to resources and organizing users. This guide covers how to create, delete, and modify local groups and group memberships using commands like groupadd, groupdel, usermod, and gpasswd.

Creating Local Groups

Using groupadd

The groupadd command is used to create new groups.

Syntax

sudo groupadd [options] <groupname>

Examples

1. Create a Group with Default Settings:

sudo groupadd developers

1. Create a Group with a Specific Group ID (GID):

sudo groupadd -g 1001 admins

Example: Create a Group

1. Create the developers Group:

sudo groupadd developers

1. Create the admins Group with GID 1001:

sudo groupadd -g 1001 admins

Deleting Local Groups

Using groupdel

The groupdel command is used to delete groups.

Syntax

sudo groupdel <groupname>

Examples

1. Delete a Group:

sudo groupdel developers

Example: Delete a Group

1. Delete the developers Group:

sudo groupdel developers

Modifying Local Groups and Group Memberships

Using usermod

The usermod command is used to modify user accounts, including group memberships.

Syntax

sudo usermod [options] <username>

Examples

1. Add a User to a Group:sudo usermod -aG <groupname> <username>Example:sudo usermod -aG developers alice
2. Remove a User from a Group:To remove a user from a group, you can use the gpasswd command or manually edit the /etc/group file.

Using gpasswd

The gpasswd command is used to administer /etc/group and /etc/gshadow.

Syntax

sudo gpasswd [options] <groupname>

Examples

1. Add a User to a Group:

sudo gpasswd -a <username> <groupname>

Example:

sudo gpasswd -a alice developers

1. Remove a User from a Group:

sudo gpasswd -d <username> <groupname>

Example:

sudo gpasswd -d alice developers

Example: Modify Group Memberships

1. Add User alice to the developers Group:

sudo usermod -aG developers alice

1. Remove User alice from the developers Group:

sudo gpasswd -d alice developers

Practical Examples

Example 1: Create and Delete Groups

1. Create the developers Group:

sudo groupadd developers

1. Create the admins Group with GID 1001:

sudo groupadd -g 1001 admins

1. Delete the developers Group:

sudo groupdel developers

Example 2: Add and Remove Users from Groups

1. Add User bob to the admins Group:

sudo usermod -aG admins bob

1. Add User charlie to the developers Group:

sudo gpasswd -a charlie developers

1. Remove User charlie from the developers Group:

sudo gpasswd -d charlie developers

Example 3: Create a Group and Add Multiple Users

1. Create the project Group:

sudo groupadd project

1. Add Multiple Users to the project Group:

sudo usermod -aG project alice
sudo usermod -aG project bob
sudo usermod -aG project charlie

Additional Tips

• Check Group Information:Use the getent group command to check group information.

getent group developers

• List All Groups:Use the getent group command to list all groups.

getent group

• Check User’s Groups:Use the groups command to check the groups a user belongs to.

groups alice

• Manually Edit Group Memberships:You can manually edit the /etc/group file to modify group memberships.

sudo nano /etc/group

• Create a Group with a Password:Use the gpasswd command to set a password for a group.

sudo gpasswd <groupname>

• Change a User’s Primary Group:Use the usermod -g command to change a user’s primary group.

sudo usermod -g <groupname> <username>

Example:

sudo usermod -g developers alice

Conclusion

Creating, deleting, and modifying local groups and group memberships are essential tasks for managing system access and organizing users. Mastery of these tasks ensures that user accounts and groups are managed efficiently and securely, which is crucial for the RHCSA exam.

These notes should help you understand how to create, delete, and modify local groups and group memberships for the RHCSA exam.

08.4 – Configure superuser access

Overview

Superuser access, typically granted to the root user, allows full control over the system. For security and administrative purposes, it is often necessary to grant superuser privileges to other users. This guide covers how to configure superuser access using the sudo command and the /etc/sudoers file.

Using sudo for Superuser Access

Installing sudo

Ensure the sudo package is installed on your system.

sudo yum install sudo

Granting Superuser Access

Step 1: Edit the /etc/sudoers File

The /etc/sudoers file is used to configure sudo access. Use the visudo command to safely edit this file, as it performs syntax checking to prevent errors.

sudo visudo

Step 2: Add User or Group to /etc/sudoers

Add entries to grant superuser access to specific users or groups.

Granting Superuser Access to a User

To grant superuser access to a user, add the following line:

<username> ALL=(ALL) ALL

Example:

alice ALL=(ALL) ALL

Granting Superuser Access to a Group

To grant superuser access to all members of a group, add the following line:

%<groupname> ALL=(ALL) ALL

Example:

%wheel ALL=(ALL) ALL

Example: Grant Superuser Access to a User

1. Edit the /etc/sudoers File:

sudo visudo

1. Add the Following Line to Grant Superuser Access to User alice:

alice ALL=(ALL) ALL

1. Save and Exit.

Example: Grant Superuser Access to a Group

1. Edit the /etc/sudoers File:

sudo visudo

1. Add the Following Line to Grant Superuser Access to the wheel Group:

%wheel ALL=(ALL) ALL

1. Save and Exit.

Using sudo to Execute Commands

Users with sudo privileges can execute commands with superuser access by prefixing the command with sudo.

Syntax

sudo <command>

Examples

1. Execute a Command as Superuser:

sudo yum update

1. Edit a System Configuration File:

sudo nano /etc/hosts

1. Restart a Service:

sudo systemctl restart httpd

Using sudo with a Password

By default, sudo prompts for the user’s password before executing a command. This behavior can be modified in the /etc/sudoers file.

Example: Disable Password Prompt for a User

1. Edit the /etc/sudoers File:

sudo visudo

1. Add the Following Line to Disable the Password Prompt for User alice:

alice ALL=(ALL) NOPASSWD: ALL

1. Save and Exit.

Using sudo with Command Restrictions

You can restrict the commands that a user or group can execute with sudo.

Example: Allow a User to Execute Specific Commands

1. Edit the /etc/sudoers File:

sudo visudo

1. Add the Following Line to Allow User bob to Execute Only systemctl and journalctl Commands:

bob ALL=(ALL) NOPASSWD: /bin/systemctl, /bin/journalctl

1. Save and Exit.

Practical Examples

Example 1: Grant Superuser Access to a User

1. Edit the /etc/sudoers File:

sudo visudo

1. Add the Following Line to Grant Superuser Access to User charlie:

charlie ALL=(ALL) ALL

1. Save and Exit.

Example 2: Grant Superuser Access to a Group

1. Edit the /etc/sudoers File:

sudo visudo

1. Add the Following Line to Grant Superuser Access to the admin Group:

%admin ALL=(ALL) ALL

1. Save and Exit.

Example 3: Disable Password Prompt for a User

1. Edit the /etc/sudoers File:

sudo visudo

1. Add the Following Line to Disable the Password Prompt for User dave:

dave ALL=(ALL) NOPASSWD: ALL

1. Save and Exit.

Example 4: Restrict a User to Specific Commands

1. Edit the /etc/sudoers File:

sudo visudo

1. Add the Following Line to Allow User eve to Execute Only systemctl and journalctl Commands:

eve ALL=(ALL) NOPASSWD: /bin/systemctl, /bin/journalctl

1. Save and Exit.

Additional Tips

• Check Sudo Access:Use the sudo -l command to list the commands that a user is allowed to run with sudo.

sudo -l

• Add Users to the wheel Group:The wheel group is often used to grant sudo access. Add users to this group to grant them sudo privileges.

sudo usermod -aG wheel <username>

Example:

sudo usermod -aG wheel alice

• Test Sudo Configuration:Always use the visudo command to edit the /etc/sudoers file, as it checks for syntax errors.
• Use Aliases for Commands:You can define command aliases in the /etc/sudoers file to simplify complex command restrictions.

Example:

Cmnd_Alias WEBADMIN = /bin/systemctl restart httpd, /bin/systemctl restart nginx
alice ALL=(ALL) NOPASSWD: WEBADMIN

• Include Additional Sudoers Files:You can include additional configuration files in the /etc/sudoers file using the #includedir directive.

Example:

#includedir /etc/sudoers.d

Conclusion

Configuring superuser access using sudo ensures that administrative tasks can be performed securely and efficiently. Mastery of these tasks is crucial for managing system access and security, which is essential for the RHCSA exam.

These notes should help you understand how to configure superuser access for the RHCSA exam.