Linux User Management Deep Dive
Linux Training Architect II
Welcome to the Linux Academy Linux User Management Deep Dive course. In this course, students will learn to manage accounts and passwords for Linux users and groups. We’ll review user and group IDs, user shells, working with home directories, and user management files such as `/etc/passwd`, `/etc/group`, `/etc/shadow`, and `/etc/gshadow`.Then we’ll discuss creating users and groups, modifying user and group settings, and removing users and groups from the system.Next we’ll dive into password management and talk about how passwords are encrypted. We’ll also discuss password aging features and demonstrate the differences between password and account locking, inactivity periods, and expiration.Lastly, we’ll dig into user and group security troubleshooting where we’ll introduce `sudo`, managing file permissions, access control lists, configuring user and group disk quotas, and troubleshooting login issues.I hope that you enjoy this deep dive course from Linux Academy, and take advantage of the many hands-on labs aimed at Linux user management.So let's get started!
About the Training Architect
Hi, my name is Cara. I will be your Training Architect for the Linux User Management Deep Dive course you are about to take. Here is a little bit about me...
Introduction to Users and Groups
User and Group IDs
Users and groups are critical components of a Linux system, as group and user permissions manage all activity on the system. In this video lesson we will review what users and groups are, as well as user and group IDs. We'll talk about the id and groups commands and get a first look at the `/etc/password` and `/etc/shadow` files.
The shell provides an interface between the user and the operating system kernel. It translates commands into data that the kernel can process. In this video lesson, we'll talk about the user shell, types of shells, how to invoke a shell, and shell capabilities.
Working with Home Directories
Each user on a Linux system is created with a user home directory. In this lesson, we will discuss what the user home directory is used for, and how to set up the user environment. Students will learn to add custom home directories as well as how to use the files that are created by default with a user home directory.
User Management Files: /etc/passwd, /etc/shadow, /etc/group
Managing users and groups requires the administration and tracking of many accounts. User management files make this task a bit easier by tracking a user or a group and their attributes within user management files. In this video, students will become familiar with common user mangement files.
Create, Modify, or Remove Users and Groups
Linux user management is a critical part of systems administration, since all system processes are controlled by users. In this lesson, students will learn the configurable properties of user accounts and how to create users on the system.
Modifying User Settings
Knowing how to modify Linux user settings is an essential skill for Linux administrators. In this lesson, students will learn to modify user settings and check to ensure setting changes were completed successfully.
Removing User Accounts
Removing Linux user accounts is a necessary maintenance task for systems administrators. In this lesson, we'll discuss the steps and options to successfully remove a Linux user, as well as all files owned by the user on the system.
Creating Groups and Secondary Groups
Systems administrators use groups and secondary groups to configure permissions for various files, directories, and processes. In this lesson students will create two groups, then create a user with one group configured as primary and the other configured as secondary.
Modifying Group Settings
Since groups control permissions for files, directories, and processes, learning to modify group settings is an essential skill for Linux systems administrators. In this lesson, students will modify the group name and the group ID for an existing group on the system.
Removing groups is a common task for systems administrators when updating users and permissions. In this lesson, students will learn how to remove user groups, as well as what happens when an admin tries to remove a group that is set as a primary or secondary group for a current user.
User Management Tools - Part 1
There are a handful of other commands that are useful for user management. In this lesson, students will learn to use the command line utilities for administering the `/etc/passwd` and `/etc/group` files, how to verify the `/etc/passwd`, `/etc/group`, and `/etc/shadow` files, and how to convert passwords to shadow passwords and back to standard passwords.
User Management Tools - Part 2
There are a handful of other commands that are useful for user management. In this lesson, students will learn how to convert passwords to shadow passwords and back to standard passwords.
User Password Management
User Passwords: Hashed and Salted
Salts and encryption are added to Linux user passwords to make them more secure. In this video, we'll discuss what salts are, and the methods and algorithms for hashing user passwords. We'll also review the contents of the `/etc/shadow` file.
Managing User Passwords
In order to sufficiently manage user accounts, systems administrators must also manage user passwords. In this lesson, we'll discuss setting user paswords, and locking and unlocking passwords. We'll also look at setting password attributes such as the mimimum and maximum amount of days a password is active, and setting a warning for a specified number of days before their password will expire.
Linux systems administators are often responsible for setting password and account aging requirements for Linux users. In this lesson, we'll talk more about password aging and the `chage` command. Students will learn to set aging restrictions for Linux passwords and user accounts.
Suspending User Accounts
Systems administrators implement password and account expiration rules in order to keep systems secure. In this lesson we will review and combine some of the content from the prior videos in this section by discussing the different commands and options for expiring and locking passwords and user accounts. Because there are a handful of commands that perform the same tasks, I felt it was important to do a lesson on these commands and the differences between them, but it is up to the systems administrator to decide which command they prefer to use to perform these actions. Students who feel that they have a good understand of expiring and locking user accounts may skip this lesson and proceed to the next video section.
User Security and Troubleshooting
Configuring Sudo - Part 1
`sudo` allows regular users to run commands with elevated access, or as another user. In this lesson, we'll discuss the files associated with `sudo`, specifically the `sudo.conf` file. We will also review how to merge configuration files when there is a `sudoers.rmpnew` file created by an update to the **sudo** package. We will review the `/etc/sudoers` file and `/etc/sudoers.d` in the Configuring Sudo - Part 2 lesson.
Configuring Sudo - Part 2
`sudo` allows regular users to run commands with elevated access or as another user. In our last video lesson, Configuring Sudo - Part 1, we looked at the `sudo.conf` file and walked through how to merge configuration files when there is a `sudoers.rmpnew` file created by an update to the **sudo** package. In this lesson, we'll discuss more files associated with `sudo`, specifically the `/etc/sudoers` file and the `/etc/sudoers.d` directory.
Managing User Files and Processes
In this lesson, we'll discuss how to find and manage user files and running processes for users who will be removed from the system. We'll demonstrate best practices by removing user files and killing processes before a user account is removed, but we will also discuss how to find and remove user files from the system after a user has been removed.
Managing File Permissions
File and directory permissions control access to users and groups. In this lesson, we'll learn how to set standard file permissions as well as the setuid, setgid, and the sticky bit.
Intro to Access Control Lists (ACLs)
Access control lists provide tighter access to files and directories than standard Linux file permissions. In this lesson, Introduction to ACLs, we'll talk about file ACL masks as well as how to view, set, and remove access control lists on a file or a directory.
Enabling User and Group Disk Quotas
Disk quotas are used to limit the amount of space a user or group can consume on a file system. In this lesson, we'll create a new disk partition and file system. Then we'll configure `/etc/fstab` with the new file system information. We'll install the `quota` package with `yum`, then set user and group disk quotas for the new file system.
User Authentication and Logging
System logging tracks user authentication issues and can assist in troubleshooting login problems as well as hacking attempts. In this lesson, we'll do a short review of the various system logs on the system and discuss how user authentication events are logged.
Let's talk about what's next for you at Linux Academy! Please watch this video to see my recommendations for the next steps in your eductional journey.
Take this course and learn a new skill today.
Transform your learning with our all access plan.Start 7-Day Free Trial