Wednesday, October 28, 2015

Adding a user centos


Centos  is an operating system that we use in servers. The default admin user account name is root and to add additional users we need to use the useradd command

To get more details about the usage of useradd command you can use the man page by typing the following command

[root@server105 ~]# man useradd

So here we are going to add a user in our server.

[root@server105 ~]# useradd joji

Now we have added the user joji to our machine. A user does need a password for security and for that purpose we need to use the command passwd To get more details about the command please visit the man page

[root@server105 ~]# man passwd


Now I have changed the password using passwd

[root@server105 ~]# passwd joji
Changing password for user joji.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.


Now we have set the username and password. But is there any files or folders that is created while adding a user. We are now going to have a look at it.

All the details about the new user has been stored at the file /etc/passwd. If you need to check it you can open it with a text editor

[root@server105 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
saslauth:x:498:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
pulse:x:497:496:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
steves:x:500:500::/home/steves:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:496:492:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
exim:x:93:93::/var/spool/exim:/sbin/nologin
joji:x:501:501::/home/joji:/bin/bash

The first field denotes the username of that particular user.

We have set a password for the user but the permission of /etc/passwd file is 644

[root@server105 ~]# ll /etc/passwd
-rw-r--r-- 1 root root 2029 Oct 28 10:11 /etc/passwd

Now due to this it is not secure to store the encrypted password here. Hence we need to find another file. And the file in which the encrypted passwd is stored is /etc/shadow

[root@server105 ~]# cat /etc/shadow
root:$6$d2t1drv.$6IJQq3E.dQb2jYCXc6fYPFgua2c2d/M.TxFZ8aV9ZGaKjIyEUp.dHo.3y6SUq/.gOe4UdpM.xbLQENzpsyrEf/:16678:0:99999:7:::
bin:*:15980:0:99999:7:::
daemon:*:15980:0:99999:7:::
adm:*:15980:0:99999:7:::
lp:*:15980:0:99999:7:::
sync:*:15980:0:99999:7:::
shutdown:*:15980:0:99999:7:::
halt:*:15980:0:99999:7:::
mail:*:15980:0:99999:7:::
uucp:*:15980:0:99999:7:::
operator:*:15980:0:99999:7:::
games:*:15980:0:99999:7:::
gopher:*:15980:0:99999:7:::
ftp:*:15980:0:99999:7:::
nobody:*:15980:0:99999:7:::
dbus:!!:16673::::::
vcsa:!!:16673::::::
rpc:!!:16673:0:99999:7:::
rtkit:!!:16673::::::
avahi-autoipd:!!:16673::::::
abrt:!!:16673::::::
rpcuser:!!:16673::::::
nfsnobody:!!:16673::::::
haldaemon:!!:16673::::::
gdm:!!:16673::::::
ntp:!!:16673::::::
saslauth:!!:16673::::::
postfix:!!:16673::::::
pulse:!!:16673::::::
sshd:!!:16673::::::
tcpdump:!!:16673::::::
hsqldb:!!:16678::::::
apache:!!:16678::::::
qemu:!!:16682::::::
radvd:!!:16682::::::
named:!!:16682::::::
steves:$6$y0Mc412C$euiwxwL7CphRfWKt9re7y/Kn/EZCR3hJQQJkAPYOG.YAVpHUGp6FzqTBgeIvUnUfAeWJGaAe73MrrQ/DZzi4.1:16683:0:99999:7:::
mysql:!!:16710::::::
dovecot:!!:16713::::::
dovenull:!!:16713::::::
exim:!!:16716::::::
joji:$6$s47BjUJ5$q9GMRei.WZr8cac4nUY07rVO1i//mk0WnR67GMSB6ks5hnwBHy2/5nxGgvSGKmEl0In77j/8HLv2IP6V0PWmT0:16736:0:99999:7:::


The permission of shadow file is 000 and due to that no one will be able to access the shadow file

[root@server105 ~]# ll /etc/shadow
---------- 1 root root 1297 Oct 28 10:14 /etc/shadow

The second field in /etc/passwd file is just a call to the /etc/shadow file


The third field denotes the user id for the user. The system accounts has user ids ranging from 0 to 499. The admin (root) accounts have the user id “0” Normal accounts has userids from 500 onwards

The fourth field is primary group id information

The fifth field is the home directory of the user and it will be create as /home/username. In my case it is /home/joji

The sixth field denotes the shell that is assigned to a particular user


While creating a user account some contents will be created in the users home directory too, actually this contents are copied from the folder

/etc/skel

I have already put a file call joji in the skel directory and now my home folder have a file named joji in it

pwd print name of current/working directory is the command that is used to print the current working directory. You can find more information about it from the man page of the command

[root@server105 joji]# man pwd

[root@server105 skel]# pwd
/etc/skel


[root@server105 skel]# ll
total 0
-rw-r--r-- 1 root root 0 Oct 28 10:34 joji


[root@server105 joji]# pwd
/home/joji
ls is a command to list directory contents and you can find more information from the man page

[root@server105 joji]# man ls

ll is an alias that is set to the command ls -l

[root@server105 joji]# ll
total 0
-rw-r--r-- 1 joji joji 0 Oct 28 10:34 joji



Now these are the basic things that is happening while adding a new user.

No comments:

Post a Comment