Create Users In Linux, Password & Manage User Expiration

This tutorial will guide you on how to

. Create users in Linux,

. Password users or change users’ password

. Force users to change their password

. Set users’ password expiration

UNDERSTANDING THE SUBJECT MATTER

Users’ account on Linux goes a long way. It’s more than users just logging in and out of the system. Just as we mentioned in one of the lessons, there are basically three categories of users

1. Super user or root user : This user is the most powerful user on the system, hence a super user

2. Regular or ordinary users: These users are used by other regular users, real people on the system. e.g (tekneed user)

3. system users : These users are used by services or processes running on the system. They are not used by real people. e.g (httpd)

Every service or process running on the Linux machine runs as a particular user and a user can be assigned non-interactive, interactive, no-login and login shell.

The system users most times are assigned non-interactive shell while the users created by the administrator most times are assigned login and interactive shell, though can be assigned non-interactive shell too.

Linux users are stored in the /etc/passwd file.

Let’s take a look at it

[root@rhel8 ~]# cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
polkitd:x:998:996:User for polkitd:/:/sbin/nologin
geoclue:x:997:995:User for geoclue:/var/lib/geoclue:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
pulse:x:171:171:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
unbound:x:996:991:Unbound DNS resolver:/etc/unbound:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
gluster:x:995:990:GlusterFS daemons:/run/gluster:/sbin/nologin
chrony:x:994:989::/var/lib/chrony:/sbin/nologin
libstoragemgmt:x:993:987:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
setroubleshoot:x:992:986::/var/lib/setroubleshoot:/sbin/nologin
pipewire:x:991:985:PipeWire System Daemon:/var/run/pipewire:/sbin/nologin
saslauth:x:990:76:Saslauthd user:/run/saslauthd:/sbin/nologin
dnsmasq:x:984:984:Dnsmasq DHCP and DNS server:/var/lib/dnsmasq:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
clevis:x:983:982:Clevis Decryption Framework unprivileged user:/var/cache/clevis:/sbin/nologin
cockpit-ws:x:982:980:User for cockpit-ws:/nonexisting:/sbin/nologin
sssd:x:981:979:User for sssd:/:/sbin/nologin
colord:x:980:978:User for colord:/var/lib/colord:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
gnome-initial-setup:x:979:977::/run/gnome-initial-setup/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
tomisinuno:x:1000:1000:tomisinuno:/home/tomisinuno:/bin/bash
lisa:x:1001:1001::/home/lisa:/bin/bash
harry:x:1002:1322::/home/harry:/bin/bash
jane:x:1004:1004::/home/jane:/bin/bash
Paul:x:4543:4543:programmer:/home/Paul:/bin/tcsh
teju:x:4544:4544::/home/teju:/bin/bash
kevin:x:4545:4547::/home/kevin:/bin/bash
Jose:x:4546:4548::/home/Jose:/bin/bash
Tyler:x:4547:4549::/home/Tyler:/bin/bash
audrey:x:4548:4551::/home/audrey:/bin/bash
olley:x:4549:4552::/home/olley:/bin/bash
micheal:x:4550:4553::/home/micheal:/bin/bash
iar:x:3400:3400::/home/iar:/bin/bash
sean:x:4551:4554:accountant:/home/sean:/bin/bash
[root@rhel8 ~]#
Linux Users Properties

You can see the last user at the end of the file, sean. This user is a user created by the administrator and has 6 fields

1 . The first field is the username, sean

2. The second field is the value x, which represents the password. The password in the old Linux system was once stored in here but not any longer, and Of course, the password can’t be displayed. moreover, there is a password file that is in another location, (/etc/shadow) but encrypted.

[root@rhel8 ~]# cat /etc/shadow

root:$6$yT9Kg3plyzYWMnyV$ExBE8al0Ao6tldPzyoXi.hNZ36Ah/xeK5xLpYsd2tGdw6NYQccsaOz5avw6wVbYgmA7UdSr9Nl/YvzK4oG7t.1::0:99999:7:::
bin:*:17988:0:99999:7:::
daemon:*:17988:0:99999:7:::
adm:*:17988:0:99999:7:::
lp:*:17988:0:99999:7:::
sync:*:17988:0:99999:7:::
shutdown:*:17988:0:99999:7:::
halt:*:17988:0:99999:7:::
mail:*:17988:0:99999:7:::
operator:*:17988:0:99999:7:::
games:*:17988:0:99999:7:::
ftp:*:17988:0:99999:7:::
nobody:*:17988:0:99999:7:::
dbus:!!:18247::::::
systemd-coredump:!!:18247::::::
systemd-resolve:!!:18247::::::
tss:!!:18247::::::
polkitd:!!:18247::::::
geoclue:!!:18247::::::
rtkit:!!:18247::::::
pulse:!!:18247::::::
qemu:!!:18247::::::
usbmuxd:!!:18247::::::
unbound:!!:18247::::::
rpc:!!:18247:0:99999:7:::
gluster:!!:18247::::::
chrony:!!:18247::::::
libstoragemgmt:!!:18247::::::
setroubleshoot:!!:18247::::::
pipewire:!!:18247::::::
saslauth:!!:18247::::::
dnsmasq:!!:18247::::::
radvd:!!:18247::::::
clevis:!!:18247::::::
cockpit-ws:!!:18247::::::
sssd:!!:18247::::::
colord:!!:18247::::::
gdm:!!:18247::::::
rpcuser:!!:18247::::::
gnome-initial-setup:!!:18247::::::
sshd:!!:18247::::::
avahi:!!:18247::::::
tcpdump:!!:18247::::::
tomisinuno:$6$QUGF/4MgtZ2VoU6I$rolx.AM187MjEHXT::
lisa:!!:18255:0:99999:7:::
harry:!!:18255:0:99999:7:::
jane:$6$D3dJpYKZ4IMjZCE6$/YBvtMUNDr97fywh5MitAZ::
Paul:$6$.Wh5UFN0Fz6dJkpA$PSuJjaVB6LtoUD.M6z0Q6u:::
teju:!!:18257:0:99999:7:::
kevin:!!:18258:0:99999:7:::
Jose:!!:18258:0:99999:7:::
Tyler:!!:18258:0:99999:7:::
audrey:$6$0SKA8P2MH.rqPGh.$vLU1IR6ojid3qJLVngujML::
olley:$6$YXJWoAiOuptYBmre$GseKNaW2BXJ4lGgV613V:::
micheal:$6$plhn/pkkLsNgiHgm$cA0zlTPKdlYmRrThhfdgf:::
iar:$6$8m5Vl1pe5yDqvYd4$5PMN04suxAjrbixdqxwkQv3i::
sean:$6$xoEHVAfQDAtq1ueu$AdyVUJhG7Sv6Gox3RBCg:::
[root@rhel8 ~]#
Password Properties In Linux
Password Properties In Linux

3. The third field is the user ID (UID). Every user has a unique ID. The UID for sean in this scenario is 4554.

4. The fourth field is the primary group ID (GID). In RHEL/CENTOS., when a user is created, a primary group for that user is also automatically created which has its ID too. The primary group name is the name of the user. The GID, in this case, is also 4554.

5. The fifth field is the comment or GECOS field, to write one or two comments about the user. In this case, the comment here is “accountant” clarifying the fact that sean is an accountant in the organization.

6. The sixth field is the home directory of the user which is “/home/sean”. The home directory in Linux is explained in one of the subject matter

7. The seventh field is the user’s shell. In this case, a bash shell


Command Used To Create Users In Linux

The command used in creating a user in Linux is “useradd” or “adduser”. Whichever will create a user. The adduser is just a symlink to useradd.


Password user /change user passwords in Linux

The command used in pass-wording or changing a user’s password in Linux is “passwd”. For example, to change the password for a user tekneed, you simply use the command below

<passwd tekneed>

Other examples are stated in the “ACTION TIME” section


Force A User To Change Password In Linux

As an administrator, whenever you want to force a user to change a password, you can use the command “passwd” or “chage”

For example, if you want the user sarah to forcefully change her password, you will need to expire her password by using the option e with the “passwd” command.

<passwd -e sarah>

Manage User Password Expiration In Linux

You can also set user’s account expiration date by using the “chage” command. See example in the “ACTION TIME” section

Switching Between Users In Linux

Now that we understand the users’ properties, let’s create users in Linux.


ACTION TIME

Examples

1 Create a user Jane and use the password, redhat

Creating the user,

[root@rhel8 ~]# useradd tekneed
[root@rhel8 ~]#
create users in linux

Passwording the user,

[root@rhel8 ~]# passwd tekneed

Changing password for user tekneed.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@rhel8 ~]# ^C

Confirming the user has been created,

[root@rhel8 ~]# cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
polkitd:x:998:996:User for polkitd:/:/sbin/nologin
geoclue:x:997:995:User for geoclue:/var/lib/geoclue:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
pulse:x:171:171:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
unbound:x:996:991:Unbound DNS resolver:/etc/unbound:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
gluster:x:995:990:GlusterFS daemons:/run/gluster:/sbin/nologin
chrony:x:994:989::/var/lib/chrony:/sbin/nologin
libstoragemgmt:x:993:987:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
setroubleshoot:x:992:986::/var/lib/setroubleshoot:/sbin/nologin
pipewire:x:991:985:PipeWire System Daemon:/var/run/pipewire:/sbin/nologin
saslauth:x:990:76:Saslauthd user:/run/saslauthd:/sbin/nologin
dnsmasq:x:984:984:Dnsmasq DHCP and DNS server:/var/lib/dnsmasq:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
clevis:x:983:982:Clevis Decryption Framework unprivileged user:/var/cache/clevis:/sbin/nologin
cockpit-ws:x:982:980:User for cockpit-ws:/nonexisting:/sbin/nologin
sssd:x:981:979:User for sssd:/:/sbin/nologin
colord:x:980:978:User for colord:/var/lib/colord:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
gnome-initial-setup:x:979:977::/run/gnome-initial-setup/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
tomisinuno:x:1000:1000:tomisinuno:/home/tomisinuno:/bin/bash
lisa:x:1001:1001::/home/lisa:/bin/bash
harry:x:1002:1322::/home/harry:/bin/bash
Paul:x:4543:4543:programmer:/home/Paul:/bin/tcsh
teju:x:4544:4544::/home/teju:/bin/bash
kevin:x:4545:4547::/home/kevin:/bin/bash
Jose:x:4546:4548::/home/Jose:/bin/bash
Tyler:x:4547:4549::/home/Tyler:/bin/bash
audrey:x:4548:4551::/home/audrey:/bin/bash
olley:x:4549:4552::/home/olley:/bin/bash
micheal:x:4550:4553::/home/micheal:/bin/bash
iar:x:3400:3400::/home/iar:/bin/bash
sean:x:4551:4554:accountant:/home/sean:/bin/bash
daniel:x:4552:4555::/home/daniel:/bin/bash
jane:x:4553:4556::/home/jane:/bin/bash
JAne:x:4554:4557::/home/JAne:/bin/bash
Jane:x:4555:4558::/home/Jane:/bin/bash
tekneed:x:4556:4559::/home/tekneed:/bin/bash
[root@rhel8 ~]#

2. Create a user sarah. sarah is a full stack developer in the organization and the GECOS “programmer” will be used. sarah will have the tcsh shell and UID 2020. The password for this user account will be Password123

Creating the user,

[root@rhel8 ~]# useradd -c programmer -s /bin/tcsh -u 2020 sarah

[root@rhel8 ~]#

Flags meaning

-c = GECOS

-s = shell

-u= UID

Passwording the user,

[root@rhel8 ~]# passwd sarah

Changing password for user sarah.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@rhel8 ~]#

Confirming the user ,

[root@rhel8 ~]# cat /etc/passwd |grep sarah

sarah:x:2020:2020:programmer:/home/sarah:/bin/tcsh
[root@rhel8 ~]#

3. The user, Daniel with a username daniel will be resigning from the organization on 4th of January, 2020, disable the user’s authentication by expiring his password for that date.

[root@rhel8 ~]# chage -E 2020-01-04 daniel
[root@rhel8 ~]#

4. Force the user, sarah to changer her password

[root@rhel8 ~]# passwd -e sarah

Expiring password for user sarah.
passwd: Success
[root@rhel8 ~]#

Cheers!!!

Your feedback is welcomed. If you love others, you will share with others

Be the first to comment

Leave a Reply

Your email address will not be published.


*