Archive:Docs/Drafts/AdministrationGuide/UserAccounts/AccountManagementTui

= Account Management - Command Line Interface =

This section explains how to add new accounts and change account parameters using command line utilities.

Adding Accounts
To add a new user account from the command line run:

su -c "/usr/sbin/useradd luke"

Enter the root password when prompted.

The above command creates a new user account with the username luke, whose primary group is luke. The directory  is created as the user's home directory and the user's shell environment is set to. (These are Fedora defaults for user accounts.)

Upon creation, the user account is locked. To unlock the account, run:

su -c "passwd luke"

To set user's password, enter the root password at the first password prompt. You are then be presented with the following:

Changing password for user luke. New UNIX password:

Type in what you want the user's password to be (remember passwords are case sensitive) and press [Enter] . Prompt changes to:

Retype new UNIX password:

Type the same password again and press [Enter] . Prompt returns:

passwd: all authentication tokens updated successfully.

User  is now able to logon and use the system.

User account defaults are controlled through the  configuration file. Administrators can manually change values in this file and create a different set of account defaults. Settings from  file can be overridden by supplying options to the   command. For example:

su -c "useradd -c "Luke McAlister" -g primary -G additional,another -d /home/second -s /bin/tcsh luke2"

creates a new user account for the user  with the following characteristics:


 * user's full name is
 * user's primary group is
 * user  is also a member of   and   groups
 * is created as the home directory for
 * is set as the shell environment for

Adding Group Accounts
To add a new group account, from the command line run:

su -c "groupadd black"

and enter the root password when prompted.

The above command creates a new group account with the group name black.

Modifying Account Parameters
To edit user account parameters, use the  command. Depending on what account parameters need modification,  command may need to be supplied with an option specific to that parameter. For example, to change the comment field for the account, run:

su -c "usermod -c "Luke McAlister" luke"

Enter the root password at the password prompt.

This alters the account information in  file, placing the user's full name in the fifth field. The line changes from:

luke:x:503:503::/home/luke:/bin/bash

to

luke:x:503:503:Luke McAlister:/home/luke:/bin/bash

You can also edit a user's group membership using the  command. When a user is created, a new group with the same name as the username is created. This group is the user's Primary Group. Files or directories created by said user inherit said users Primary Group. Use the  command to view Primary and Secondary Group memberships:

id uid=500(user1) gid=500(user1) groups=10(wheel),500(user1) context=user_u:system_r:unconfined_t

The above example shows that the Primary Group for the user user1, is gid 500 (user1). The user1 user is also a member of the wheel Secondary Group. Primary Groups are defined in :

user1:x:500:500:UserOne:/home/user1:/bin/bash

The fourth field shows the Primary Group ID (500) for the user. The  file uses the following syntax: account:password:UID:GID:GECOS:directory:shell

The Primary Group can be temporarily changed using the  command. However, the user must already be a member of the group specified: newgrp testing

The results can be seen using the  and   commands:

id uid=500(user1) gid=502(testing) groups=10(wheel),500(user1),502(testing) context=user_u:system_r:unconfined_t

Note, the Primary Group is now gid 502 (testing).

touch file1 ls -l file1 -rw-r--r-- 1 user1 testing 0 2007-10-13 20:31 file1

The  file belongs to the testing group instead of the user1 group. Type  to return to your original Primary Group; the output of the   command is  :

exit exit id uid=500(user1) gid=500(user1) groups=10(wheel),500(user1) context=user_u:system_r:unconfined_t

The Primary Group is now back to user1. Also note the  command has not displayed the testing group. Changes to group membership require you to log out and then log in, before the changes are displayed using the  and   commands. Users can also be members of Secondary Groups. Secondary groups are defined in. Use the  and   commands to view group membership:

groups user1 wheel testing

id uid=500(user1) gid=500(user1) groups=10(wheel),500(user1),502(testing) context=user_u:system_r:unconfined_t

To add a user to a Secondary Group, use the following command:

su -c "/usr/sbin/usermod -a -G "

Enter the root password when prompted.

This adds the user specified with to the Secondary Group specified in. To add a user to multiple Secondary Groups list the group names in comma-separated form:

su -c "/usr/sbin/usermod -a -G, , "

Enter the root password when prompted.

Removing a user from a group is a little different. Use the  command without the   append switch to specify the group memberships you want to keep. For example, if said user is a member of group1, group2, group3, and group4, but you want to remove the user from group4, run the following command:

su -c "/usr/sbin/usermod -G group1,group2,group3 "

This command keeps the user's group memberships of group1, group2, and group3, while removing them from the group4 group.

For the full list of available command options, refer to the  manual page.

Modifying Group Accounts
To modify group account parameters, use the  command. This command can change two group account parameters, the group ID (GID) and group name. To change the group ID (GID) of the group black, run:

su -c "groupmod -g 600 black"

Enter root password at the prompt. This command would change the GID of the group  to 600. If you do not use  option, the GID numerical value supplied to the command must be unique.

To assign a new name to the group account, run:

su -c "groupmod -n blue black"

Enter the root password at the prompt. This changes the group's name from black to blue.

Changing Password Expiration Information
To change the user's password expiration information use the  command. This command changes the number of days between password changes and the date of the last password change and is used by the system to determine when the user is forced to change the password. For example, to set the number of days the password of the user dan to be valid for 90 days (three months), run:

su -c "chage -M 90 dan"

Enter the root password at the prompt. The above option is usually used in conjunction with  option, which sets the number of days before expiration the user is warned about the pending expiration:

su -c "chage -W 10 -M 90 dan"

Enter the root password when prompted. The above command forces the user dan to change the password after 90 days. User dan is warned about this every day, starting 10 days before the password expiration.

The next section explains how to manage accounts using a graphical interface.