Managing User

1) Each user in possession of a valid user account could log in to the computer (by supplying a username and a password) and hence work with the desired applications. 2) Users would access the system via a system console (which was normally reserved for administrative tasks such as backups) or from one of a number of serial terminals (these usually consisted of a keyboard and a monitor, or perhaps even a line printer)
3) Whether you share your machine with other users, or it's exclusively for your own

personal use, each action you request of it will be denied or allowed in accordance with specific policies.
4) For example, some user accounts will be allowed to install applications, execute certain programs, and access devices such as a CDROM drive, while other accounts will not. Understanding how to manage user accounts and control permissions is a definite advantage when learning Linux. For example, it will allow you to share your computer with other people without compromising privacy; it will help you to protect yourself from accidental damage (like accidental deletion of system files); it will help you to avoid virus problems;

The existence of different user accounts on a system has a number of important and useful consequences: Those only authorized users are able to access the system. This is because the operating system allows entry to those users who supply the correct credentials (a username and a matching password). Access to resources like files and devices will be granted accordingly. For example, any authorized user is able to read the "message of the day" contained in the /etc/motd file (try it!), but only some users are permitted to change the contents of that file. Each user is assigned a separate directory, called their home directory, for storing personal data.

Linux can be configured to execute user specific setup procedures at the time that user logs in. For example, it might run a program that notifies the user of the arrival of new mail.

Every program started by the user is associated to that user's account, and can be identified afterward. Moreover, each program will have access only to those resources that the owner can access.

Super users and Normal Users

Many large systems make a distinction between an administrator (or superuser) and a normal user. In particular, a user is prevented from performing special (often sensitive) tasks, such as the following, unless that user has administrator privileges: Global maintenance, personalization, and upgrade of the system Global installation of applications, devices, and their drivers Periodic backup of data User account management The administrator account in Red Hat Linux (as in almost every other operating system of Unix heritage) is called root.. While it's impossible for a normal user to delete system files, root is able to delete them all too easily. Linux allows you to run a root shell from within your normal account, so that you can do most of your work under the normal account and switch to the root shell for those sensitive administration level activities.

The Red Hat User Manager

I To try the Red Hat User Manager, we'll need to use the root account (and to be extra careful!) at each step. We'll assume that you're logged in with a nonroot account, which (as we've already mentioned) is the safest way to use your operating system. When you launch any of Red Hat Linux's graphical administration tools from a nonroot account, Linux will (if necessary) prompt you to enter the password to the root account. The figure below shows the window Youll see every time the root password is required by a graphical tool:

Creating a User Account

To create a user account we have to follow some steps. These steps are: 1. Launch the Red Hat User Manager (do this by selecting Main Menu | System Settings | User and Groups, or by typing redhatconfigusers at a command line). Enter root password if you are not logged in with root user. After this, you'll see the
Red Hat User Manager interface, which looks like this:

2. Click on Add User. This will open the Create New User window appears on your screen in which you have to fill name of user, full name, login and other details. Then click on ok button .it will create a new user. There are a few points to note as you fill in the fields here: Remember to choose a unique name for the new account. The Login Shell list is taken directly from the /etc/shells file. It is possible to type in the location of a shell that doesn't appear in this list. However, the values commonly used here are /bin/bash or /bin/tcsh. If you don't know the difference between the two, stick to /bin/bash it tends to be more popular. You should create a Home Directory, unless the account is for a program and not a person. It is a good idea to create a private group for the user at the same time, because this will help in setting up good protection schemes. This is the default for Red Hat Linux and shouldn't be changed without good reason. Finally, it is best not to specify a user ID manually, but to allow the tool to generate one. 3. Click on the new account, then on the Properties button to review the information just entered and check that it's correct. With the three tabs (Account Info, Password Info, and Groups) it is possible to enable account expiration date, lock the account temporarily,

enable password expiration, and assign the account to some of the existing groups. Click on OK when you're done reviewing or changing.
Creating a Group

Groups are useful when we need to treat a number of different users the same way. For example, if we want to grant a group of users access to a particular file or directory, we add the users to a group and grant the permission to the group (instead of to the individual user accounts). We'll see more of this later, but first we need to see how to create a group. 1. We can use the Red Hat User Manager GUI to manage our groups too. Once you've launched the GUI, press the Groups tab to see which groups are present 2. Click the Add Group button, to create a new group. In the resulting Create New Group dialog, type the name of the new group. If you know what you're doing, you can specify a certain group identification number; otherwise, you should let the system decide 3. Now you'll see that the authors group has been created, and is shown in the main User Manager screen. You can create more groups if you like, simply repeating above steps
Managing Group Members

We can add accounts to the group, and remove members from the group, at any time. In fact, there are two ways to manage group membership: We can modify a user's properties, by specifying which groups that user is a member of We can modify a group's properties, by specifying which users belong to that group First, we'll modify the membership properties of the A user account. In the Red Hat User Manager, Select the Users tab, and then select the A user. Then click the Properties button, and select the Groups tab in the newly created window. In the Groups tab, we can see which groups this user belongs to, just by looking at the checkboxes We can also add the user to (and remove them from) groups simply by clicking on the group names: we're managing the A user account's membership of the various system and custom groups that exist on the system. This user is already a member of the private group of the same name, and by clicking on the checkbox next to the authors group, we can add the user to that group too. Click the OK button to confirm
.

How Linux Stores User Account Information Linux stores its local user account information in the following text configuration files: Etc:- Contains configuration files which are local to the machine. Programs store configuration files in this directory and these files are referenced when programs are run.

Configuration /etc/passwd /etc/shadow /etc/group

File Purpose Contains a list of local users and their data Contains encrypted passwords, and bookkeeping information such as account expiry Defines groups and associated accounts

User Accounts and their Properties (the /etc/passwd File)

Each line of the /etc/passwd file is a single record in the user database, and represents a single user. The administrator (root) account is usually the first user account defined in the file; it's followed by a number of system accounts, and finally the ordinary user accounts (like the Eziodm, Kapils, and Deepak accounts here). As you can see, each record is composed of a number of fields, which describe the properties of the user account. In this file, adjacent fields are separated by a colon (:) character. To get a better understanding of the purpose of each field, let's look, for example, at the third record:

User Account Passwords (the /etc/shadow File) Red Hat Linux 9 stores encrypted passwords is a different file /etc/shadow. This file is accessible to root only. While normal users can still read from /etc/passwd, they do not have permission to read from /etc/shadow, and thus do not have access to encrypted passwords. Let's see what an encrypted password looks like. If you use root privileges to examine the contents of the /etc/shadow file, you'd see each encrypted password stored as an incomprehensible string of characters like this:
$1$mWzQxFuT$EWnSiX5hmxiERbUpfwR5V0

Red Hat Linux never stores passwords in the clear text form in which the user enters them. Rather, it always encrypts them before storing them or working with them, in such a way that it is not easily possible (or even feasible) to decipher the encrypted version and find out the original.

Once again, your /etc/shadow will probably differ from this, although its structure will be similar: root:$1$ekA$Kv55YOaIHDcPlIlq6igoQO:11961:0:99999:7::: halt:*:11961:0:99999:7::: eziodm:$1$W/RgbXrI$OP9t9IyVmQyvPfxNLUFwQl:12100:0:99999:7::: kapils:!!$!$68Q7Ci4g$CqbN8rdCBw4GmxDlouQ2q/:12100:0:99999:7::: deepakt:$1$sUejrHGF$I3cSo2TRmKIbN55wfLgfBl:12100:0:99999:7::: Just like /etc/passwd, each line (or record) represents a user, and adjacent fields are separated by ":". Again, to understand the purpose of the fields in this file, let's look at the third line:

Groups (the /etc/group File)

A user can belong to many groups, but as we've seen, /etc/passwd allows only membership of one group (the primary group). Membership of additional groups must be specified in the /etc/groups file. Unsurprisingly, this file is very similar in structure to the two we've already seen. The following example shows the groups we created earlier in this chapter:
root:x:0:root bin:x:1:root,bin,daemon

daemon:x:2:root,bin,daemon eziodm:x:500: kapils:x:501: deepakt:x:502: authors:x:503:eziodm,kapils,deepakt

The structure is quite simple. Let's study the second line of this file to understand the fields:

Some commands are used to manage user: To add new user useradd username To delete a user userdel username Switch to another user su To change the password of any user passwd username To modify any user by root user usermod [option] [username] options are l change login name -d change home directory -m move contents from old file to new file To create a group groupadd groupname To add a member to a group gpasswd a username groupname

To grant administration rights for the authors group

gpasswd A username groupname To delete a group groupdel groupname

File permissions: When we use ls l command to see the contents of directory then it displays all the information related to all contents means type of file, permissions, owner, last modified time and so all. It looks like: Ls l drwxrxrx 4 eziodm eziodm 4096 Feb 12 17.40 backup_images rwrr 4 eziodm eziodm 1037238 Feb 12 17.25 picture1.bmp rwrr 4 eziodm eziodm 262314 Feb 12 17.29 picture2.bmp rwrr 4 eziodm eziodm 58398 Feb 12 17.37 picture3.bmp In the above record first field displays the permissions to each directory and file. A file can have following permissions; Read r Write w Execute x We can also use umask to see the permissions given to each file or directory. We'll have six use cases regarding file protection and file sharing. You can regard them as suggestions on how to set up several protection schemes that suit normal files, directories, or executable programs: You can apply these techniques to files, to control which documents can be accessed by which accounts and groups. You can apply the techniques to directories, to control which accounts can access that directory, add files to it, or list its contents. You can apply the techniques to executable programs, to control which accounts have the rights to execute certain pieces of software on your computer. Six type of permission scenarios are : 1. Private files 2. Public read-only files 3. Restricted read-only 4. Restricted write 5. Restricted write public read 6. Restricted read restricted write

Review question Q1: create a new user and change its membership. Q2: create a new group and member to that group. Q3 create and file and set permissions of files for that user as restricted write. Q4: change the login name of user and its home directory using CLI commands.