6.3.3. User Account and Group Applications
There are two basic types of applications that can be used when managing user accounts and groups on Red Hat Enterprise Linux systems:
- The graphical User Management Tool application
- A suite of command line tools
For detailed instructions on using User Management Tool, see the chapter titled User and Group Configuration in the System Administrators Guide.
While both the User Management Tool application and the command line utilities perform essentially the same task, the command line tools have the advantage of being script-able and are therefore more easily automated.
The following table describes some of the more common command line tools used to create and manage user accounts and groups:
Application | Function |
---|---|
/usr/sbin/useradd | Adds user accounts. This tool is also used to specify primary and secondary group membership. |
/usr/sbin/userdel | Deletes user accounts. |
/usr/sbin/usermod | Edits account attributes including some functions related to password aging. For more fine-grained control, use the passwd command. usermod is also used to specify primary and secondary group membership. |
passwd | Sets passwords. Although primarily used to change a user's password, it also controls all aspects of password aging. |
/usr/sbin/chpasswd | Reads in a file consisting of username and password pairs, and updates each users' password accordingly. |
chage | Changes the user's password aging policies. The passwd command can also be used for this purpose. |
chfn | Changes the user's GECOS information. |
chsh | Changes the user's default shell. |
The following table describes some of the more common command line tools used to create and manage groups:
Application | Function |
---|---|
/usr/sbin/groupadd | Adds groups, but does not assign users to those groups. The useradd and usermod programs should then be used to assign users to a given group. |
/usr/sbin/groupdel | Deletes groups. |
/usr/sbin/groupmod | Modifies group names or GIDs, but does not change group membership. The useradd and usermod programs should be used to assign users to a given group. |
gpasswd | Changes group membership and sets passwords to allow non-group members who know the group password to join the group. It is also used to specify group administrators. |
/usr/sbin/grpck | Checks the integrity of the /etc/group and /etc/gshadow files. |
The tools listed thus far provide system administrators great flexibility in controlling all aspects of user accounts and group membership. To learn more about how they work, refer to the man page for each.
These applications do not, however, determine what resources these users and groups have control over. For this, the system administrator must use file permission applications.
6.3.3.1. File Permission Applications
File permissions are an integral part of managing resources within an organization. The following table describes some of the more common command line tools used for this purpose.
Application | Function |
---|---|
chgrp | Changes which group owns a given file. |
chmod | Changes access permissions for a given file. It is also capable of assigning special permissions. |
chown | Changes a file's ownership (and can also change group). |
It is also possible to alter these attributes in the GNOME and KDE graphical environments. Right-click on the the file's icon (for example, while the icon is displayed in a graphical file manager or on the desktop), and select
.