If you need to create some new user or system groups. Any server programs that you install should have their own users and group, use groupadd.

This command creates a new group, using the system values configured in /etc/default/useradd and /etc/skel/:

# groupadd newgroup

You can create a system group with -r flag:

# groupadd -r newgroup

The -r flag is a Red Hat-specific option. If your version of groupadd does not have it, you’ll have to specify the next available system group number:

# groupadd -g 127 newgroup

Look in /etc/group to see the next available group number.

It’s a good idea to stick to a consistent group numbering scheme. Linux doesn’t care, for the most part, but for your own sanity it’s essential. Red Hat system groups are 0-499; Debian’s are 100-999.

If you need to delete a user, but userdel reports that some of the user’s processes are running. You sure would like single command to find and stop all of the user’s processes, use the slay program:

# slay foober
slay: -KILL is kicking foober’s butt!
slay: Whoa, I have the power supreme.

slay finds and kills all the user’s processes at once, saving you the trouble of hunting them down and killing them yourself. slay has four modes: nice, normal, mean, and butthead. Mean mode kills any nonprivileged user who attempts to slay another user. Set your desired mode in /etc/slay_mode.

The traditional method of finding processes belonging to a user is to use ps, as in:

$ ps U 1007

or:

$ ps U foober
3936 ? S 0:00 xchat
3987 ? S 0:00 /usr/lib/galeon-bin
4209 ? S 0:00 kdeinit: kio_file file /tmp/ksocket-carla/klauncherkF21rc.slave-

You can then kill one by one:

# kill 3936
# kill 3987
# kill 4209

If you need to make changes to an existing user account, such as changing the login or UID, updating the GECOS data, or home directory, use usermod and chfn.

(more…)

Resetting a password is the solution to the perennial “I forgot my password” problem; many Linux administrators think it’s a good idea to “expire” passwords, forcing users to change them periodically.
To reset or change a password use:

# passwd aborg

Users can also change their own passwords:

aborg@server04:~$ passwd

This command sets aborg’s password to expire after six months, with five days’ warning:

# passwd -x 180 -w 5 -i 1 aborg

To view a user’s password settings, use:

# passwd -S option

aborg P 02/18/2004 0 10 5 1

Passwords can consist of numbers, letters, and punctuation marks, and they are case-sensitive. Don’t use spaces or function keys. Strong passwords work best—this means no names, no dictionary words, no birthdays or addresses. The best way to keep track of passwords is write them down and keep them in a safe place. Most people, if they can’t remember all of their passwords, end up choosing weak, easily guessable passwords, or leaving them in obvious, insecure places (such as on a note stuck to the monitor).

Linux passwords are not designed to be recoverable. If a password is lost, the user must depend on the benevolence of the superuser to create a new one.

To temporarily deactivate an account, disable the user’s password with the -l (lock) flag:

# passwd -l aborg

Password changed.

To re-enable, or unlock, a user’s password use:

# passwd -u aborg

Password changed.

Another way to disable an account is to insert an exclamation point at the beginning of the password field in /etc/shadow:

foobar:!$1$wiDlQr34$mitGZA76MSYCY04AHIY1:12466:0:99999:7:::

Yet another way is replace the x in the password field in /etc/passwd with an asterisk (*):

foober:*:1025:1025:Foober Smith,,,:/home/foober:/bin/bash

You can also take away the user’s login shell:

# usermod -s /bin/false foober

But it’s best to stick with passwd -l and -u.