lk/basics/users.md

---
title: "users"
tags: [ "Documentation", "Basics" ]
---
# Basic Information

Let's get some entries with 'getent', e.g. passwd or group.

```bash
getent passwd
```

```bash
getent group
```

Obviously:

```bash
getent shadow
```

## Examples

```bash
sudo adduser maestro 
```

add user 'maestro'

This depends upon the settings in the /etc/default/useradd file and /etc/login.defs

```bash
sudo useradd -m pinkie 
```

add user 'pinkie' with a home directory

```bash
sudo adduser -m -e 2017-04-25 temp 
```

add expiry date to user

```bash
userdel maestro 
```

delete maestro

```bash
userdel -r maestro 
```

delete maestro and hir homefolder

```bash
groups 
```

find which group you are in


```bash
id 
```

same

```bash
id -Gn maestro 
```

Find which groups maestro is in


```bash
deluser --remove-home maestro 
```

delete user maestro


```bash
usermod -aG sudo maestro 
```

Add user maestro to group sudo:


```bash
cat /etc/passwd 
```

list users' passwords (and therefore users)

```bash
groupadd awesome 
```

create the group 'awesome'

Passwords are stored in /etc/shadow.

There are user accounts for processes such as 'bin' and 'nobody' which are locked, so they're unusable.

```bash
passwd -l bin 
```

Lock the user 'bin'.

```bash
more /etc/passwd | grep games 
```

we find the name, password and user id of the user 'games'. I.e. the password is 'x', and the user id is '5'.  The password is an impossible hash, so no input password could match.

```bash
groupdel learners | delete the group 'learners'
```

```bash
gpasswd -d pi games | remove user 'pi' from the group 'games'
```

```bash
id games 
```

find the id number of group 'games' (60)

```bash
usermod -aG sudo maestro 
```

add user to group 'maestro'

user info is stored in /etc's passwd, shadow, group and gshadow

# Defaults

The default new user profiles are under /etc/skel.

# Shells

A list of shells is in /etc/shells.

Only root can run shells not listed in /etc/shells

To change a user's shell:

usermod --shell /bin/bash user1

Alternatively, change the shell in /etc/passwd.

Usermod also lets you change a user's username:

```bash
usermod -l henry mark
```

However, this will not change the home directory.

Lock a user out of an account:

usermod -L henry

# More Arguments

-G or -groups adds the user to other groups:

```bash
usermod -G sudo henry
```

-s adds the user to a shell.

-u let's you manually specifiy a UID.

# Groups

In /etc/group, a group file may look like this:

`sudo:x:27:mike,steve`

We can use groupmod, like like usermod, e.g. to change a name:

```bash
groupmod -n frontoffice backoffice
```

Delte a group:

```bash
groupdel frontoffice
```

# Logins

See list of logged on users.

```bash
w
```

See last logons:

```bash
last
```

or all logon attempts, including bad attempts:

```bash
lastb
```

List recently accessed files:

```bash
last -d
```

See files opened by steve

```bash
lsof -t -u steve
```

See files opened by anyone but steve

```bash
lsof -u ^steve
```

# Looking for Dodgy Files

Some files can be executed by people as if they had super user permissions, and that's okay... sometimes.

Let's start with files executable by user:

```bash
sudo find / -type f -perm -g=s -ls
```

And then those executable by the group:

```bash
find / -type f -perm -g=s -ls
```

And finally, worrying files, executable by anyone as if sie were the owner:

```bash
find / -xdev \( -o -nogroup \) -print
```

Then have a look at resource usage per user.

# SGID

```bash
sudo chmod u+s process.sh
```

This will modify process.sh to that instead of being simply executable, anyone executing it will have the permissions as if owner while executing it.