May 23, 2021 UNIX Getting started
In a UNIX system, there are three types of accounts:
UNIX supports the concept of Group Account, which is logically a group of many accounts. E ach account may be part of any group account. UNIX groups play an important role in processing file permissions and process management.
The following are three main user management files:
Use the cat command to check all of the above files.
Most UNIX systems can create and manage accounts and groups using the following commands:
Command | Describe |
---|---|
useradd | Add an account to the system. |
usermod | Modify the account properties. |
userdel | Delete the account from the system. |
groupadd | Add groups to the system. |
groupmod | Modify the group properties. |
groupdel | Remove the group from the system. |
You can use Manpage help to see the full syntax of each command mentioned here.
You need to create a group before you can create any accounts, or you will have to use an existing group in the system.
You'll find a list of all the groups in the
/etc/groups
file.
All default groups are specific groups of system accounts and are not recommended for regular accounts. So here's the syntax for creating a new group account:
groupadd [-g gid [-o]] [-r] [-f] groupname
Detailed parameters are listed below:
Options | Describe |
---|---|
-g GID | The value of the group ID. |
-o | This option allows you to add a non-unique GID to the group. |
-r | This flag indicates that a system account is added to the group. |
-f | If the specified group already exists, this option results in a successful exit. When -g is included, select a different (unique) GID if the specified GID already exists. |
groupname | Create a real group name. |
If you do not specify any parameters, the system will use the default values.
The following example creates a developer group using the default values, which are accepted by most administrators.
$ groupadd developers
Modify a group to use the groupmod syntax:
$ groupmod -n new_modified_group_name old_group_name
Change the developers_2 of the group to developer, for example:
$ groupmod -n developer developer_2
The following describes how to change the GID of the developer to 545:
$ groupmod -g 545 developer
To delete an existing group, all you need is the groupdel command and group name. For example, to delete a developer group, the command is:
$ groupdel developer
This simply deletes the group and does not involve any group-related files. These files can still be accessed by their owners.
Let's see how to create a new account on a UNIX system. Here's the syntax used to create a user account:
useradd -d homedir -g groupname -m -s shell -u userid accountname
Detailed parameters are listed below:
Options | Describe |
---|---|
-d homedir | The home directory of the specified account. |
-g groupname | Specify the group account to which the account belongs. |
-m | If it does not exist, the home directory is created. |
-s shell | Specify the default shell for the account. |
-u userid | You can specify a user ID for your account. |
accountname | Create a real account name |
If you do not specify any parameters, the system will use the default values.
The userad command modifies
/etc/passwd
/etc/shadow
/etc/group
file, and creates a home directory.
The following example creates an account: mcmohd, the home
/home/mcmohd
and the group is developers.
Assign korn shells to this user.
$ useradd -d /home/mcmohd -g developers -s /bin/ksh mcmohd
Before the above command is executed, you must make sure that you have created the developers group using the groupad command.
After you create an account, you can use the passwd command to set its password, as follows:
$ passwd mcmohd20
Changing password for user mcmohd20.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
When you enter the passwd account name, it changes the password by assuming that you are a super user. Otherwise, you can only use this command to change your password, not the password for the specified account.
The usermod command
allows you to change an existing account from the command line.
It uses the same parameters as the useradd command, plus
-l
parameter, to allow the account name to be changed.
For example, changing the account name mcmohd to mcmohd20 and changing the home directory accordingly requires the following command:
$ usermod -d /home/mcmohd20 -m -l mcmohd mcmohd20
The userdel command can be used to delete existing users. This is a very dangerous command and must be used with care.
This command has only one parameter or option available:
.r
is used to delete the account's home directory and mail file.
For example, deleting an account mcmohd20 requires the following command:
$ userdel -r mcmohd20
If you want to keep its home directory for backup purposes, omit
-r
option.
You can delete the home directory at a later time as needed.