User Account and Group Applications
There are two basic types of applications one can use when managing
user accounts and groups on Red Hat Linux systems:
For detailed instructions on using
User Manager, see the chapter titled
User and Group Configuration in the
Official Red Hat Linux Customization Guide.
While both the User Manager application
and the command line utilities perform essentially the same task, the
command line tools have the advantage of being scriptable and therefore,
more easily automated.
The following table describes some of the more common command line
tools used to create and manage users:
Table 6-1. User Management Command Line Tools
| Application | Function |
|---|
| /usr/sbin/useradd | Adds user accounts. This tool is also used to specify
primary and secondary group membership. |
| /usr/sbin/userdel | Deletes user accounts. |
| /usr/sbin/usermod | Edits account attributes including some functions related
to password aging. For more fine-grained control, use the
passwd command. usermod is
also used to specify primary and secondary group
membership. |
| passwd | Sets passwords. Although primarily used to change a user's
password, it also controls all aspects of password
aging. |
| /usr/sbin/chpasswd | Reads in a file consisting of username and password pairs,
and updates each users' password accordingly. |
| chage | Changes the user's password aging policies. The
passwd command can also be used for this
purpose. |
| chfn | Changes the user's GECOS information. |
| chsh | Changes the user's default shell. |
The following table describes some of the more common command line
tools used to create and manage groups:
Table 6-2. Group Management Command Line Tools
| Application | Function |
|---|
| /usr/sbin/groupadd | Adds groups, but does not assign users to those groups. The
useradd and usermod
programs should then be used to assign users to a given
group. |
| /usr/sbin/groupdel | Deletes groups. |
| /usr/sbin/groupmod | Modifies group names or GIDs, but does not change group
membership. The useradd and
usermod programs should be used to assign
users to a given group. |
| gpasswd | Changes group membership and sets passwords to allow
non-group members who know the group password to join the group.
It is also used to specify group administrators. |
| /usr/sbin/grpck | Checks the integrity of the /etc/group
and /etc/gshadow files. |
The tools listed thus far provide system administrators great
flexibility in controlling all aspects of user accounts and group
membership. To learn more about how they work, refer to the man page for
each. These applications do not, however, determine what resources
these users and groups have control over. For this, the system
administrator must use file permission applications.
File Permission Applications
Permissions for files, directories, and applications are an
integral part of managing resources within an organization. The
following table describes some of the more common command line tools
used for this purpose.
Table 6-3. Permission Management Command Line Tools
| Application | Function |
|---|
| chgrp | Changes which group owns a given file. |
| chmod | Changes access permissions for a given file. It is also
capable of assigning special permissions. |
| chown | Changes a file's ownership (and can also change
group). |
It is also possible to alter these attributes in GNOME and KDE
graphical environments by right-clicking on the desired object and
selecting . The next section
will review what happens when an application is used to create user
accounts and groups.
