1
00:00:00,000 --> 00:00:02,350
[No audio]

2
00:00:02,350 --> 00:00:03,942
Hello everyone and welcome to our

3
00:00:03,956 --> 00:00:06,510
new lesson user account management.

4
00:00:06,890 --> 00:00:09,474
In this lesson we will learn how can

5
00:00:09,512 --> 00:00:14,540
we manage user account in Linux file system.

6
00:00:14,930 --> 00:00:17,490
There are a few commands that

7
00:00:17,540 --> 00:00:20,070
we use to manage user account.

8
00:00:20,180 --> 00:00:23,058
The first one is useradd, it is to create a new

9
00:00:23,084 --> 00:00:29,242
user, groupadd to create a new group, userdel delete

10
00:00:29,266 --> 00:00:33,113
a user that is already created, groupdel to delete a

11
00:00:33,152 --> 00:00:37,290
group, and usermod which is to modify a user.

12
00:00:37,850 --> 00:00:40,950
Now whenever we create a new

13
00:00:41,000 --> 00:00:45,142
user, those user management are created,

14
00:00:45,226 --> 00:00:49,530
their record is maintained in three different files.

15
00:00:50,150 --> 00:00:52,590
The first one is /etc/passwd,

16
00:00:53,390 --> 00:00:56,418
second one is /etc/group, and

17
00:00:56,444 --> 00:00:59,646
the third one is /etc/shadow. Now remember.

18
00:00:59,708 --> 00:01:03,190
/etc/passwd is not a complete word password,

19
00:01:03,250 --> 00:01:10,870
it's just passwd. Example to run a user command which includes

20
00:01:10,930 --> 00:01:17,290
all the parameters that you have to define is as follows.

21
00:01:17,350 --> 00:01:21,534
It goes with, useradd -g, with option to add

22
00:01:21,572 --> 00:01:27,262
a group, -s option to give a shell environment,

23
00:01:27,346 --> 00:01:29,970
-c to define the user description,

24
00:01:30,290 --> 00:01:33,234
-m -d to define the user home

25
00:01:33,272 --> 00:01:36,294
directory, and the user itself, and the user home

26
00:01:36,332 --> 00:01:38,782
directory itself, and the name of the user.

27
00:01:38,926 --> 00:01:41,446
Now let's look at our Linux machine

28
00:01:41,518 --> 00:01:44,298
and we will practice these commands and

29
00:01:44,324 --> 00:01:46,602
learn these commands more into detail.

30
00:01:46,796 --> 00:01:54,030
I will log into my Linux virtual console.

31
00:01:54,030 --> 00:02:09,449
[Author typing]

32
00:02:09,449 --> 00:02:12,478
Let's move this a little to the side so we could

33
00:02:12,503 --> 00:02:15,660
see what are the command that we will be using.

34
00:02:17,130 --> 00:02:21,682
Okay, always first thing first, you need

35
00:02:21,696 --> 00:02:25,620
to find out who you are, you are yourself.

36
00:02:26,190 --> 00:02:27,310
Where are you?

37
00:02:27,360 --> 00:02:29,350
You are in your home directory. Perfect.

38
00:02:29,460 --> 00:02:31,618
And what's inside of your home directory just

39
00:02:31,644 --> 00:02:34,210
to confirm you are in the right place. Yes you are.

40
00:02:34,320 --> 00:02:38,100
When you have confirmed this, just do clear screen.

41
00:02:39,210 --> 00:02:45,314
Now we gonna create a user called, let's say spiderman.

42
00:02:45,482 --> 00:02:48,154
Before I create a user, I wanted to add that

43
00:02:48,192 --> 00:02:55,778
user to a group that is, let's call it superheroes.

44
00:02:55,934 --> 00:02:58,714
So in order to use these commands you

45
00:02:58,752 --> 00:03:01,655
have to be root, so become root.

46
00:03:01,655 --> 00:03:04,190
su -

47
00:03:04,190 --> 00:03:13,030
[No audio]

48
00:03:13,030 --> 00:03:14,582
Ok, the first command that we

49
00:03:14,596 --> 00:03:21,344
will run is useradd spiderman.

50
00:03:22,150 --> 00:03:25,634
You hit enter, it gives you the prompt back

51
00:03:25,732 --> 00:03:31,638
which means it did create your user spiderman.

52
00:03:31,794 --> 00:03:35,862
How do we verify if the user is created?

53
00:03:36,006 --> 00:03:37,658
There is a command to check if

54
00:03:37,684 --> 00:03:42,174
users created it's called id spiderman..

55
00:03:42,272 --> 00:03:44,466
It will tell you that there is an id

56
00:03:44,528 --> 00:03:47,358
assigned to the user spiderman, and the group is

57
00:03:47,384 --> 00:03:52,160
created called spiderman and the group's ID so on.

58
00:03:52,730 --> 00:03:54,738
You could also verify by going to the

59
00:03:54,764 --> 00:04:01,798
home directory, the home if you notice that

60
00:04:01,824 --> 00:04:05,110
it created right here, the spiderman.

61
00:04:06,330 --> 00:04:10,846
The next command that we want to learn is groupadd.

62
00:04:11,028 --> 00:04:13,680
I want to create a group, a new group.

63
00:04:15,030 --> 00:04:17,726
The command to add a new group is groupadd,

64
00:04:17,726 --> 00:04:21,670
and I wanted to name it superheroes.

65
00:04:21,670 --> 00:04:26,649
[No audio]

66
00:04:26,649 --> 00:04:28,180
It adds the group.

67
00:04:29,350 --> 00:04:32,174
We could verify it by looking at the

68
00:04:32,554 --> 00:04:35,654
group file which will cover a little bit.

69
00:04:35,692 --> 00:04:37,022
But if you want to see it, you could

70
00:04:37,036 --> 00:04:39,104
just do cat /etc/groups,

71
00:04:39,104 --> 00:04:43,993
[Author typing]

72
00:04:43,993 --> 00:04:45,404
and at the

73
00:04:45,404 --> 00:04:47,573
bottom you'll see it created this

74
00:04:47,573 --> 00:04:50,726
[No audio]

75
00:04:50,726 --> 00:04:52,612
group named superheroes.

76
00:04:52,612 --> 00:04:55,150
[Author typing]

77
00:04:55,150 --> 00:05:00,150
Now I want to delete the user.

78
00:05:00,210 --> 00:05:01,914
I created spiderman.

79
00:05:02,082 --> 00:05:06,522
The command to delete is userdel.

80
00:05:06,666 --> 00:05:09,290
Now if you want to delete the home directory

81
00:05:09,910 --> 00:05:15,110
of spiderman, which is right here, you will run

82
00:05:15,160 --> 00:05:21,074
the command userdel with -r as well.

83
00:05:21,112 --> 00:05:24,580
So it will delete the directory as well.

84
00:05:24,580 --> 00:05:27,170
[Author typing]

85
00:05:27,170 --> 00:05:29,422
So it deleted the user and let's

86
00:05:29,446 --> 00:05:32,578
check if it deleted the home directory.

87
00:05:32,674 --> 00:05:35,214
Yes, it did delete the home directory as well.

88
00:05:35,252 --> 00:05:38,178
So delete that I created and I use it

89
00:05:38,204 --> 00:05:41,854
before just called spider, just for testing purposes.

90
00:05:41,902 --> 00:05:44,178
As you can see here, the next command we

91
00:05:44,204 --> 00:05:46,438
have to do is of course the groupdel.

92
00:05:46,474 --> 00:05:48,500
So let's try to delete the group.

93
00:05:49,610 --> 00:05:51,174
Let's not delete our group

94
00:05:51,272 --> 00:05:52,962
superheroes, we'll create a new group and

95
00:05:52,976 --> 00:05:54,922
we'll delete it just for training purposes.

96
00:05:54,946 --> 00:05:57,398
So let's create groupadd

97
00:05:57,398 --> 00:06:00,652
[Author typing]

98
00:06:00,652 --> 00:06:02,604
nonewgroup.

99
00:06:02,604 --> 00:06:06,890
Let's call this nonewgroup, groupadd, it's created.

100
00:06:06,950 --> 00:06:09,730
We can verify by going to the group file and

101
00:06:09,780 --> 00:06:11,686
see, at the bottom it says no new group.

102
00:06:11,808 --> 00:06:13,126
That's new group ID.

103
00:06:13,188 --> 00:06:15,360
We could delete the new group.

104
00:06:16,230 --> 00:06:20,654
Delete no new group and it's deleted.

105
00:06:20,702 --> 00:06:22,762
We could verify again at the bottom.

106
00:06:22,836 --> 00:06:24,226
See, it's gone.

107
00:06:24,408 --> 00:06:29,254
The next command that we have to learn is usermod.

108
00:06:29,352 --> 00:06:33,206
This command is used to modify the users.

109
00:06:33,338 --> 00:06:38,290
You can run command on usermod to see what it does.

110
00:06:38,340 --> 00:06:40,354
It modifies a user account.

111
00:06:40,512 --> 00:06:43,318
If you notice a appends, it adds a

112
00:06:43,344 --> 00:06:46,402
user to supplementary group. c, the new value

113
00:06:46,476 --> 00:06:49,262
user password, d change the home directory.

114
00:06:49,346 --> 00:06:50,794
So these are the things that you wanted

115
00:06:50,832 --> 00:06:54,014
to do after you create a user.

116
00:06:54,122 --> 00:06:59,611
So we will use this command to add

117
00:07:00,611 --> 00:07:04,498
our user, spiderman.

118
00:07:04,498 --> 00:07:06,370
[Author typing]

119
00:07:06,370 --> 00:07:08,286
Let's see if we have spiderman.

120
00:07:08,418 --> 00:07:10,578
First we delete spiderman.

121
00:07:10,614 --> 00:07:12,230
So let's create spiderman again.

122
00:07:12,340 --> 00:07:15,710
useradd spiderman.

123
00:07:15,710 --> 00:07:17,710
[Author typing]

124
00:07:17,710 --> 00:07:21,758
As soon as you add the useradd

125
00:07:21,784 --> 00:07:26,740
spiderman, it automatically creates its group as well.

126
00:07:27,070 --> 00:07:30,242
If you don't specify, it creates a group

127
00:07:30,316 --> 00:07:31,958
with the same name as user ID.

128
00:07:32,044 --> 00:07:38,738
Now, I wanted to add spiderman to a

129
00:07:38,764 --> 00:07:41,202
different group as well, which is superheroes.

130
00:07:41,226 --> 00:07:42,170
So how do we do that?

131
00:07:42,220 --> 00:07:47,414
usermod -G, what's the name of the group,

132
00:07:47,572 --> 00:07:49,910
superheroes.

133
00:07:50,650 --> 00:07:53,282
And the name of the user that

134
00:07:53,296 --> 00:07:55,566
I wanted to add is spiderman.

135
00:07:55,758 --> 00:07:58,902
Hit enter and it is added.

136
00:07:58,986 --> 00:08:00,398
How do we verify it?

137
00:08:00,484 --> 00:08:03,878
You do cat /etc/,, but instead of doing

138
00:08:03,904 --> 00:08:05,858
the cat and viewing the whole file, how about

139
00:08:05,884 --> 00:08:11,102
we use group command and just type spiderman from

140
00:08:11,236 --> 00:08:14,174
/etc/group file and there you go.

141
00:08:14,212 --> 00:08:16,850
You will see this is the super user group

142
00:08:17,020 --> 00:08:20,966
and spiderman is also part of that group.

143
00:08:21,148 --> 00:08:23,750
This is the spiderman's own group

144
00:08:23,800 --> 00:08:25,946
name and own group ID.

145
00:08:26,068 --> 00:08:30,062
So spiderman has his own group and it also

146
00:08:30,136 --> 00:08:33,460
belongs to a group called superheroes as well.

147
00:08:33,850 --> 00:08:37,554
If you notice one here, when you do ls -ltr,

148
00:08:37,722 --> 00:08:41,030
the group of spiderman right here is still spiderman.

149
00:08:41,530 --> 00:08:44,284
Why didn't change to superheroes?

150
00:08:44,418 --> 00:08:47,510
Because it's actual group is

151
00:08:47,559 --> 00:08:50,166
spiderman will always remain spiderman.

152
00:08:50,357 --> 00:08:52,214
It is part of the other

153
00:08:52,251 --> 00:08:54,450
group as well, which is superheroes.

154
00:08:54,630 --> 00:08:58,442
If you want this to change, then you have

155
00:08:58,456 --> 00:09:03,494
to run the command change group and then you

156
00:09:03,532 --> 00:09:11,500
specify superheroes and then you specify buyer man.

157
00:09:12,010 --> 00:09:14,774
And remember, we have to use our

158
00:09:14,812 --> 00:09:18,578
option to cascade this permission of the

159
00:09:18,604 --> 00:09:21,894
group to every folder of the spiderman.

160
00:09:21,942 --> 00:09:24,230
So let's run this command and now see

161
00:09:24,280 --> 00:09:26,754
if it changes from spiderman to superheroes.

162
00:09:26,862 --> 00:09:28,562
Yes, see now the user is

163
00:09:28,576 --> 00:09:30,474
spiderman, the group is superhero.

164
00:09:30,582 --> 00:09:32,330
So that's how you use these five

165
00:09:32,380 --> 00:09:36,506
different commands useradd, user group ad,

166
00:09:36,568 --> 00:09:39,950
userdel, groupdel and user modification

167
00:09:40,390 --> 00:09:44,020
and the files that it creates information.

168
00:09:44,530 --> 00:09:46,686
The first one is /etc/passwd.

169
00:09:46,818 --> 00:09:51,470
Let's look at the /etc/passwd cat /etc/passwd

170
00:09:52,750 --> 00:09:56,066
and you'll see at the bottom as you add

171
00:09:56,128 --> 00:10:00,186
a new user to the Linux system, it adds

172
00:10:00,378 --> 00:10:03,580
the information of the user at the bottom.

173
00:10:03,910 --> 00:10:07,202
At the bottom spiderman and the spider, the

174
00:10:07,216 --> 00:10:09,760
one I created earlier, both are in there.

175
00:10:10,270 --> 00:10:13,202
The first column tells you the name, the second

176
00:10:13,276 --> 00:10:16,170
one tells you the password which is encrypted.

177
00:10:16,230 --> 00:10:17,702
It just gives you the x.

178
00:10:17,836 --> 00:10:22,082
Second one tells you the user ID and then the group ID.

179
00:10:22,276 --> 00:10:25,062
And right here in between these two columns,

180
00:10:25,086 --> 00:10:28,242
we didn't specify the description so it's empty.

181
00:10:28,386 --> 00:10:31,914
And then here it's a home directory of the spiderman.

182
00:10:32,022 --> 00:10:33,678
And then at the end it's

183
00:10:33,714 --> 00:10:35,906
the shell the spiderman is using.

184
00:10:36,028 --> 00:10:38,910
So that's the description of the /etc/passwd.

185
00:10:39,030 --> 00:10:42,940
Let's look at the description of /etc/group.

186
00:10:44,170 --> 00:10:48,470
In /etc/group you have the first is group name

187
00:10:48,580 --> 00:10:51,666
and then the group password which is the same password

188
00:10:51,738 --> 00:10:55,022
that is used for anyone within that group.

189
00:10:55,156 --> 00:10:56,942
And then the group ID.

190
00:10:57,136 --> 00:10:59,618
The last column that you see here with

191
00:10:59,644 --> 00:11:01,214
a few of them, that means that these

192
00:11:01,252 --> 00:11:04,420
other users are also part of this group.

193
00:11:05,170 --> 00:11:08,970
Then the last file we'll look at is this /etc/shadow.

194
00:11:09,150 --> 00:11:12,146
/etc/shadow file is strictly for

195
00:11:12,208 --> 00:11:14,582
passwords of users that we create.

196
00:11:14,776 --> 00:11:17,366
This does not mean the password right

197
00:11:17,428 --> 00:11:20,154
here, right here is the actual password.

198
00:11:20,322 --> 00:11:23,246
It's just encrypted so we don't see it.

199
00:11:23,368 --> 00:11:26,498
However, it does have some other parameters like the

200
00:11:26,524 --> 00:11:29,882
password does not expire and these many days there

201
00:11:29,896 --> 00:11:32,834
are password length restrictions and so on.

202
00:11:32,932 --> 00:11:36,978
You could view that and man command of creating users.

203
00:11:37,014 --> 00:11:40,010
You'll get more information about /etc/shadow file.

204
00:11:40,010 --> 00:11:50,630
[No audio]

205
00:11:50,630 --> 00:11:53,362
Again, if you are specific about one user.

206
00:11:53,386 --> 00:11:54,678
Let's say you just wanted to know

207
00:11:54,704 --> 00:11:58,150
the information about spiderman in /etc/passwd,

208
00:11:58,270 --> 00:12:05,082
you do grep spiderman /etc/passwd, and

209
00:12:05,096 --> 00:12:08,070
you will only get the information about your

210
00:12:08,120 --> 00:12:11,670
matching criteria which is spiderman line.

211
00:12:11,840 --> 00:12:15,510
Now we will look at the last example, which

212
00:12:15,560 --> 00:12:18,498
is the example that is mostly used in the

213
00:12:18,524 --> 00:12:22,474
corporate environment that they will run one big command

214
00:12:22,582 --> 00:12:24,994
that will take care of all the parameters.

215
00:12:25,162 --> 00:12:34,670
So let's create a new useradd -g to specify

216
00:12:34,730 --> 00:12:39,790
the group, which is we already have a group superheroes.

217
00:12:39,790 --> 00:12:43,030
[No audio]

218
00:12:43,030 --> 00:12:46,802
And let's look at, let's minimize this so

219
00:12:46,816 --> 00:12:49,550
we can move up and view our command.

220
00:12:49,550 --> 00:12:51,730
[No audio]

221
00:12:51,730 --> 00:12:53,081
Okay.

222
00:12:53,081 --> 00:12:57,230
[No audio]

223
00:12:57,230 --> 00:13:01,462
Okay, superheroes -s means the shell

224
00:13:01,546 --> 00:13:02,970
that you want to give.

225
00:13:03,140 --> 00:13:04,294
They're different shells.

226
00:13:04,342 --> 00:13:06,346
There are bin, bash, KornShells,

227
00:13:06,358 --> 00:13:07,650
we will cover that later,

228
00:13:07,820 --> 00:13:09,754
-c is the description,

229
00:13:09,802 --> 00:13:11,758
you have to specify the description.

230
00:13:11,914 --> 00:13:16,252
superheroes, you wnated to create Ironman so,

231
00:13:16,252 --> 00:13:20,156
Ironman,

232
00:13:20,156 --> 00:13:22,525
[No audio]

233
00:13:22,606 --> 00:13:24,486
Character

234
00:13:24,486 --> 00:13:27,241
just a description, nothing more than that,

235
00:13:27,390 --> 00:13:32,390
then -m -d, specify the

236
00:13:32,440 --> 00:13:39,581
home directory which is home/ironman ironman.

237
00:13:39,581 --> 00:13:41,751
[No audio]

238
00:13:41,751 --> 00:13:43,990
This will create a user ironman

239
00:13:44,050 --> 00:13:46,170
with all the parameters we have specified.

240
00:13:46,670 --> 00:13:47,926
And how do we verify?

241
00:13:47,998 --> 00:13:51,834
You just do id ironman, and you'll see that

242
00:13:51,872 --> 00:13:55,570
ironman is there as part of the group superheroes.

243
00:13:55,750 --> 00:13:59,970
And you could also view it in /etc/passwd file.

244
00:14:00,470 --> 00:14:02,670
And you see at the bottom it's there.

245
00:14:02,840 --> 00:14:04,878
Now, one thing that we do have to

246
00:14:04,904 --> 00:14:06,678
cover, every time you have to create a

247
00:14:06,704 --> 00:14:09,454
user, make sure you create its password.

248
00:14:09,622 --> 00:14:12,258
So the command to create a

249
00:14:12,284 --> 00:14:14,370
password is just simple passwd

250
00:14:14,750 --> 00:14:17,382
ironman enter.

251
00:14:17,456 --> 00:14:21,318
Specify the password. And the

252
00:14:21,344 --> 00:14:22,830
password that I've specified, since

253
00:14:23,270 --> 00:14:25,806
password fails dictionary check.

254
00:14:25,868 --> 00:14:27,630
It is based on a dictionary.

255
00:14:28,670 --> 00:14:30,294
You could ignore that as long

256
00:14:30,332 --> 00:14:32,338
as you're running as root.

257
00:14:32,494 --> 00:14:35,310
But if you're not root, then it's going to force you

258
00:14:35,420 --> 00:14:38,970
to change the password that is not based on dictionary.

259
00:14:40,310 --> 00:14:42,560
But again, you are root. You could do anything.

260
00:14:43,070 --> 00:14:45,646
So this concludes our lesson

261
00:14:45,778 --> 00:14:48,090
for user account management.

262
00:14:49,687 --> 00:14:53,566
The basic commands are these five commands

263
00:14:53,638 --> 00:14:55,158
and the files that are used to

264
00:14:55,184 --> 00:14:57,430
manage is etc, passwd, group, and shadow.

265
00:14:57,430 --> 00:15:01,419
[No audio]