Linux/System Users: Difference between revisions

From Wiki
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
== add admin user ==
<pre>
adduser username
usermod -aG sudo username
</pre>
* [[Linux/sudoers]]
== basics ==
<pre>
<pre>
usermod -l login-name old-name
usermod -l login-name old-name
usermod -d /home/username username
usermod -d /home/username username
groupmod -n newname oldname
groupmod -n newname oldname
usermod -s /sbin/nologin username    # disable login
</pre>
* useradd
<blockquote>
<pre>
Usage: useradd [options] LOGIN
      useradd -D
      useradd -D [options]
Options:
  -b, --base-dir BASE_DIR      base directory for the home directory of the
                                new account
  -c, --comment COMMENT        GECOS field of the new account
  -d, --home-dir HOME_DIR      home directory of the new account
  -D, --defaults                print or change default useradd configuration
  -e, --expiredate EXPIRE_DATE  expiration date of the new account
  -f, --inactive INACTIVE      password inactivity period of the new account
  -g, --gid GROUP              name or ID of the primary group of the new
                                account
  -G, --groups GROUPS          list of supplementary groups of the new
                                account
  -h, --help                    display this help message and exit
  -k, --skel SKEL_DIR          use this alternative skeleton directory
  -K, --key KEY=VALUE          override /etc/login.defs defaults
  -l, --no-log-init            do not add the user to the lastlog and
                                faillog databases
  -m, --create-home            create the user's home directory
  -M, --no-create-home          do not create the user's home directory
  -N, --no-user-group          do not create a group with the same name as
                                the user
  -o, --non-unique              allow to create users with duplicate
                                (non-unique) UID
  -p, --password PASSWORD      encrypted password of the new account
  -r, --system                  create a system account
  -R, --root CHROOT_DIR        directory to chroot into
  -s, --shell SHELL            login shell of the new account
  -u, --uid UID                user ID of the new account
  -U, --user-group              create a group with the same name as the user
  -Z, --selinux-user SEUSER    use a specific SEUSER for the SELinux user mapping
      --extrausers              Use the extra users database
</pre>
</blockquote>
== only allow filetransfer / no login ==
* /etc/ssh/sshd_config
<pre>
Match User myuser
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
</pre>
</pre>
[[Category:Linux/System]]
[[Category:Linux]]

Latest revision as of 13:27, 4 October 2019

add admin user

adduser username
usermod -aG sudo username

basics

usermod -l login-name old-name
usermod -d /home/username username
groupmod -n newname oldname
usermod -s /sbin/nologin username     # disable login


  • useradd
Usage: useradd [options] LOGIN
       useradd -D
       useradd -D [options]

Options:
  -b, --base-dir BASE_DIR       base directory for the home directory of the
                                new account
  -c, --comment COMMENT         GECOS field of the new account
  -d, --home-dir HOME_DIR       home directory of the new account
  -D, --defaults                print or change default useradd configuration
  -e, --expiredate EXPIRE_DATE  expiration date of the new account
  -f, --inactive INACTIVE       password inactivity period of the new account
  -g, --gid GROUP               name or ID of the primary group of the new
                                account
  -G, --groups GROUPS           list of supplementary groups of the new
                                account
  -h, --help                    display this help message and exit
  -k, --skel SKEL_DIR           use this alternative skeleton directory
  -K, --key KEY=VALUE           override /etc/login.defs defaults
  -l, --no-log-init             do not add the user to the lastlog and
                                faillog databases
  -m, --create-home             create the user's home directory
  -M, --no-create-home          do not create the user's home directory
  -N, --no-user-group           do not create a group with the same name as
                                the user
  -o, --non-unique              allow to create users with duplicate
                                (non-unique) UID
  -p, --password PASSWORD       encrypted password of the new account
  -r, --system                  create a system account
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --shell SHELL             login shell of the new account
  -u, --uid UID                 user ID of the new account
  -U, --user-group              create a group with the same name as the user
  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
      --extrausers              Use the extra users database

only allow filetransfer / no login

  • /etc/ssh/sshd_config
Match User myuser
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no