RHCSA 7 Exam Notes #6: Manage users and groups
Word version available here:
https://drive.google.com/file/d/0B9WPh0iDN4KwNkRBYUg3ZDh3NWM/edit?usp=sharing
Create,
delete, and modify local user accounts
/etc/passwd (Primary
file with user login data)/etc/shadow (Stores user passwords separately)
/etc/group (Primary file with group data)
/etc/gshadow (Stores group passwords separately)
pwck grpck (Check consistency of files)
yum -y install system-config-users (Installs GUI to manage Users & Groups)
system-config-users (Open
User Manager GUI)useradd,usermod,userdel (Command line equivalents)
chage (set
password aging on account)
vi /etc/sudoers (Set
sudo for user)
bob ALL=(ALL) ALL
terry ALL=(ALL) NOPASSWD: ALL
Change
passwords and adjust password aging for local user accounts
passwd <username> (Changes usernames password)
passwd -n 1 -x 90 -w 7 bob (Password
can be changed after 1 Day, be max 90 days old and you get 7 days warning to
change)
Create,
delete, and modify local groups and group memberships
groupadd,groupmod,groupdel (Command
line equivalents)
gpasswd (Adds
or deletes group members, assigns or revokes group password)gpasswd -A bob,terry sales (Add two users to sales group)
Configure a
system to use an existing LDAP directory service for user and group information
yum -y install openldap-clients nss-pam-ldapdauthconfig-tui (Text graphical utility - choose the following: Cache Information, Use LDAP, Use MD5 Passwords, Use Shadow Passwords, Use LDAP Authentication, Local authorization is sufficient)
getent passwd student (tests, should get extract of /etc/passwd file for this user)
/etc/pam_ldap.conf (edit this file with ip/hostname & BaseDN of Ldap server)
/etc/openldap/ldap.conf (edit this file with
Configure a
system to use an existing authentication service for user and group information
yum -y install sssdauthconfig --enableldap --enableldapauth --ldapserver="10.0.0.20" --ldapbasedn="dc=example,dc=com" --update
authconfig --enableldaptls --update (Drop cert in /etc/openldap/cacerts first)
