UNIX Users & Groups

getent is the preferred way of retrieving this information (on Linux) as your system may be using additional (or alternative) NSS 'databases' (like LDAP)

User

cat /etc/passwd

getent passwd

getent is the preferred way of retrieving this information (on Linux) as your system may be using additional (or alternative) NSS 'databases' (like LDAP)

Information on a single user...

getent passwd username

id username

finger -l username

To install finger on Linux...sudo apt install finger

Create

Group

groupadd groupname

MySQL Example

groupadd -g 27 -o -r mysql

The -g (or --gid) option specifies the group id (GID)The -o (or --non-unique) option permits to add a group with a non-unique GIDThe -r (or --system) option creates a system groupIn this example "mysql" is the group name

User

Usernames & Passwords

useradd -G groupname -d /home/username -m -s /bin/bash username

Defaults

Defaults are controlled by entries in...

/etc/default/useradd

/etc/login.defs

MySQL Example

useradd -M -N -g mysql -o -r -d /mysql/data -s /bin/false -c "MySQL Server" -u 27 mysql

The -M (--no-create-home) prevents creation of a home directory for the user.The -N (--no-user-group) prevents creation of a group with the same name as the user. The -g (--gid) specifies the group name or number of the user''s initial login group (mysql).The -o (--non-unique) permits to add a user with a duplicate/non-unique UID (-u option must also be supplied).The -r (--system) creates a system account (note that this means the -M above is actually redundant).The -d (--home-dir) specifies the user's login directory (/mysql/data). The Directory does not need to exist, but will not be created if missing.The -s (--shell) specifies the user's login shell. A value of /bin/false effectively prevents the user from being able to login.The -c (--comment) allows you to provide a short description for the login.The -u (--uid) specifies the user id (UID).In this example "mysql" is the username.For other available options see the man page.

Add User to New Group

usermod -a -G groupname username

Passwords

Change

passwd username

Generate

Usernames & Passwords

There are several ways to generate a secure password from the UNIX command prompt. Alterntively use a password manager or website to generate a secure password and paste it in.

openssl rand -base64 32

dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev

tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1

date +%s | sha256sum | base64 | head -c 32 ; echo

date | md5sum

Delete

Group

groupdel groupname

User

At its simplest...

userdel username

Other scenarios...

userdel --remove --selinux-user username

Removes home directory and all files in it,and removes any SELinux mappings

SELinux

Bibliography

https://stackoverflow.com/questions/17321224/creating-another-user-account-having-power-of-roothttps://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/https://man7.org/linux/man-pages/man1/getent.1.html
Groupshttps://linuxize.com/post/how-to-list-groups-in-linux/https://www.howtogeek.com/50787/add-a-user-to-a-group-or-second-group-on-linux/
fingerhttps://www.tutorialspoint.com/unix_commands/finger.htm