6.3.3. User Account and Group Applications

There are two basic types of applications that can be used when managing user accounts and groups on Red Hat Enterprise Linux systems:
  • The graphical User Management Tool application
  • A suite of command line tools
For detailed instructions on using User Management Tool, see the chapter titled User and Group Configuration in the System Administrators Guide.
While both the User Management Tool application and the command line utilities perform essentially the same task, the command line tools have the advantage of being script-able and are therefore more easily automated.
The following table describes some of the more common command line tools used to create and manage user accounts and groups:

Table 6.2. User Management Command Line Tools

Application Function
/usr/sbin/useradd Adds user accounts. This tool is also used to specify primary and secondary group membership.
/usr/sbin/userdel Deletes user accounts.
/usr/sbin/usermod Edits account attributes including some functions related to password aging. For more fine-grained control, use the passwd command. usermod is also used to specify primary and secondary group membership.
passwd Sets passwords. Although primarily used to change a user's password, it also controls all aspects of password aging.
/usr/sbin/chpasswd Reads in a file consisting of username and password pairs, and updates each users' password accordingly.
chage Changes the user's password aging policies. The passwd command can also be used for this purpose.
chfn Changes the user's GECOS information.
chsh Changes the user's default shell.
The following table describes some of the more common command line tools used to create and manage groups:

Table 6.3. Group Management Command Line Tools

Application Function
/usr/sbin/groupadd Adds groups, but does not assign users to those groups. The useradd and usermod programs should then be used to assign users to a given group.
/usr/sbin/groupdel Deletes groups.
/usr/sbin/groupmod Modifies group names or GIDs, but does not change group membership. The useradd and usermod programs should be used to assign users to a given group.
gpasswd Changes group membership and sets passwords to allow non-group members who know the group password to join the group. It is also used to specify group administrators.
/usr/sbin/grpck Checks the integrity of the /etc/group and /etc/gshadow files.
The tools listed thus far provide system administrators great flexibility in controlling all aspects of user accounts and group membership. To learn more about how they work, refer to the man page for each.
These applications do not, however, determine what resources these users and groups have control over. For this, the system administrator must use file permission applications.

6.3.3.1. File Permission Applications

File permissions are an integral part of managing resources within an organization. The following table describes some of the more common command line tools used for this purpose.

Table 6.4. Permission Management Command Line Tools

Application Function
chgrp Changes which group owns a given file.
chmod Changes access permissions for a given file. It is also capable of assigning special permissions.
chown Changes a file's ownership (and can also change group).
It is also possible to alter these attributes in the GNOME and KDE graphical environments. Right-click on the the file's icon (for example, while the icon is displayed in a graphical file manager or on the desktop), and select Properties.