1 00:00:06,870 --> 00:00:09,660 - All right, so we need four users, 2 00:00:09,660 --> 00:00:11,610 but we also need password settings, 3 00:00:11,610 --> 00:00:14,010 and we need these users to be a member of groups. 4 00:00:14,010 --> 00:00:15,390 So you know what I'm going to do? 5 00:00:15,390 --> 00:00:19,807 I'm going to start with /etc/login.defs 6 00:00:21,810 --> 00:00:25,470 because here it really makes sense if we take care 7 00:00:25,470 --> 00:00:29,010 of the defaults before we are getting started. 8 00:00:29,010 --> 00:00:32,340 And I am looking for PASS MAX DAYS. 9 00:00:32,340 --> 00:00:35,730 I'm going to set the PASS MAX DAYS to 60. 10 00:00:35,730 --> 00:00:37,740 There we go, 60 days. 11 00:00:37,740 --> 00:00:40,383 Is there anything else that we need to do here? 12 00:00:41,250 --> 00:00:45,873 Well, wasn't there anything about user home directories? 13 00:00:46,710 --> 00:00:48,810 Let's check it out. 14 00:00:48,810 --> 00:00:49,800 Not here, 15 00:00:49,800 --> 00:00:52,680 but there, CREATE HOME, yes. 16 00:00:52,680 --> 00:00:53,580 So that's good. 17 00:00:53,580 --> 00:00:55,530 We create user home directories. 18 00:00:55,530 --> 00:00:57,213 That means that we are done here. 19 00:00:58,110 --> 00:01:00,030 Now if I may give you an advice, 20 00:01:00,030 --> 00:01:01,410 if you need to create users, 21 00:01:01,410 --> 00:01:04,920 and these users need to be a member of secondary groups, 22 00:01:04,920 --> 00:01:08,820 then you better create the groups before the users. 23 00:01:08,820 --> 00:01:12,660 Because otherwise, you first create a user then the group, 24 00:01:12,660 --> 00:01:14,430 and then you need to modify the user 25 00:01:14,430 --> 00:01:17,580 to be a member of the group, sounds like too much work. 26 00:01:17,580 --> 00:01:19,330 So sudo groupadd 27 00:01:21,930 --> 00:01:24,270 sales to add a group with the name sales. 28 00:01:24,270 --> 00:01:25,737 Already exists, that's okay. 29 00:01:25,737 --> 00:01:28,260 And sudo groupadd account 30 00:01:28,260 --> 00:01:31,170 to create a group with the name account. 31 00:01:31,170 --> 00:01:33,060 I also need a group users. 32 00:01:33,060 --> 00:01:35,250 Don't we already have a group users? 33 00:01:35,250 --> 00:01:40,250 Let me use grep user on /etc/group. 34 00:01:40,320 --> 00:01:41,160 That'll tell us. 35 00:01:41,160 --> 00:01:42,870 Yeah, we have group users. 36 00:01:42,870 --> 00:01:44,820 So that is okay. 37 00:01:44,820 --> 00:01:48,331 And now I can use useradd, 38 00:01:48,331 --> 00:01:50,520 useradd linda. 39 00:01:50,520 --> 00:01:53,130 I already have linda, so let's skip linda for now, 40 00:01:53,130 --> 00:01:56,310 and let's do laura, minus uppercase G, 41 00:01:56,310 --> 00:02:01,310 and laura needs to be a member of the group sales 42 00:02:01,350 --> 00:02:03,480 as well as the group users. 43 00:02:03,480 --> 00:02:06,183 Everybody needs to be a member of the group users. 44 00:02:07,220 --> 00:02:10,170 And that should be doing it, 45 00:02:10,170 --> 00:02:11,640 if you use sudo, of course. 46 00:02:11,640 --> 00:02:12,473 There we go. 47 00:02:12,473 --> 00:02:14,343 Same command with sudo this time. 48 00:02:16,170 --> 00:02:18,360 Let's also create user anna. 49 00:02:18,360 --> 00:02:21,600 User anna needs to be a member of the group account. 50 00:02:21,600 --> 00:02:25,650 And there we go, user anna. 51 00:02:25,650 --> 00:02:29,550 And user anouk, also same groups as user anna. 52 00:02:29,550 --> 00:02:31,860 So that's a simple modification. 53 00:02:31,860 --> 00:02:33,990 For user linda, who already existed, 54 00:02:33,990 --> 00:02:38,520 I need to use usermod, usermod -aG 55 00:02:38,520 --> 00:02:40,800 sales on linda. 56 00:02:40,800 --> 00:02:42,379 What is that? 57 00:02:42,379 --> 00:02:44,820 Well, usermod is modifying users. 58 00:02:44,820 --> 00:02:47,190 Uppercase G is for secondary groups. 59 00:02:47,190 --> 00:02:49,530 But if you just use uppercase G, 60 00:02:49,530 --> 00:02:54,530 then you are going to create a new list of secondary groups. 61 00:02:55,290 --> 00:02:58,350 That would overwrite the current secondary group assignment. 62 00:02:58,350 --> 00:02:59,580 That's not what we need. 63 00:02:59,580 --> 00:03:03,300 And that is why we are using usermod -aG, 64 00:03:03,300 --> 00:03:06,720 which is using uppercase G in append mode. 65 00:03:06,720 --> 00:03:09,450 And obviously we need to do sudo again. 66 00:03:09,450 --> 00:03:11,010 There we go. 67 00:03:11,010 --> 00:03:12,390 Now we are almost there. 68 00:03:12,390 --> 00:03:15,060 Didn't we need to do anything to ensure all users 69 00:03:15,060 --> 00:03:17,400 get a home directly in /home? 70 00:03:17,400 --> 00:03:18,870 Well, not on Red Hat. 71 00:03:18,870 --> 00:03:19,703 On Ubuntu, 72 00:03:19,703 --> 00:03:24,630 you need useradd -m, -m to create the home directory, 73 00:03:24,630 --> 00:03:26,760 but here if I use ls on /home, 74 00:03:26,760 --> 00:03:30,300 I can see home directories for all of these. 75 00:03:30,300 --> 00:03:32,100 Can't we do that in a smarter way? 76 00:03:32,100 --> 00:03:33,210 Of course we can. 77 00:03:33,210 --> 00:03:36,480 We need a small shell scripting style iteration, 78 00:03:36,480 --> 00:03:40,620 for i in linda, laura, 79 00:03:40,620 --> 00:03:42,303 anna, and anouk, 80 00:03:43,500 --> 00:03:45,993 do echo password, 81 00:03:46,890 --> 00:03:50,610 pipe, sudo passwd, 82 00:03:50,610 --> 00:03:54,323 minus minus standard in, $i, done. 83 00:03:57,237 --> 00:03:58,740 And there we go. 84 00:03:58,740 --> 00:04:03,150 This is easily looping over the different user name. 85 00:04:03,150 --> 00:04:05,550 And for each element in the user name, 86 00:04:05,550 --> 00:04:08,130 it's temporarily putting this element in a variable 87 00:04:08,130 --> 00:04:10,590 with the name i, and then it's doing the do thing. 88 00:04:10,590 --> 00:04:13,140 And in the do thing, this is what is done. 89 00:04:13,140 --> 00:04:16,590 Echo password, pipe, sudo passwd, 90 00:04:16,590 --> 00:04:18,003 dash dash standard in, $i. 91 00:04:18,877 --> 00:04:21,450 $i refers to the user name that's currently treated. 92 00:04:21,450 --> 00:04:23,190 And as you can see right here, 93 00:04:23,190 --> 00:04:26,850 it is walking over all these user names one by one 94 00:04:26,850 --> 00:04:29,430 to update the passwords automatically. 95 00:04:29,430 --> 00:04:30,693 This is how you do it.