'id' command displays user and group ID's
~]#id
below command will print or change default useradd configuration
~]#useradd -D
Before you create a user in your server check the below things are ready, if not create them.
- User primary and Secondary group is exists..?
- Is your /etc/sudoers file is modified as per your requirements..?
- Is your /etc/skel directory defaults has been modified as per your requirements ..?
- Useradd defaults /etc/default/useradd file has been modified as per your requirement..?
Do not create a user with below defaults:
- Always separate the user HOME directory to separate directory. We can handle if any unwanted data has been copied to the user's home directory
- Do not create a default user group with same as user name
- Do not leave a user without adding comment
- Create a user in different servers with same UID to identify and manage easily
- Always create a group with same GID in all the servers
###### START/etc/sudoers sample#############
## Host alias specification###
Host_Alias LINUX = "hostname"
## User alias specification#######
### Cmnd alias specification#######
Cmnd_Alias SHELLS = /bin/sh,\
/bin/bash,\
/bin/csh,\
/bin/tcsh
Cmnd_Alias SU = /bin/su
Cmnd_Alias KILL = /bin/kill,\
/usr/bin/kill
## Cmnd alias restricted##########
Cmnd_Alias ETC = /etc/*,\
/bin/* /etc/*,\
/bin/* /etc*,\
/usr/bin/* /etc/*,\
/usr/bin/* /etc*
Cmnd_Alias CPASSWD = /usr/bin/passwd
Cmnd_Alias PROOT = /usr/bin/passwd root,\
/usr/bin/yppasswd -u root
### Override built-in defaults#########
Defaults syslog=auth, insults, syslog_goodpri=alert
Defaults logfile=/var/log/sudo.log
Defaults timestamp_timeout=0, log_year, tty_tickets
Defaults mailto="admin@rhel7.com", mail_always, mail_badpass, mail_no_user
## Allow root to run any commands
root ALL =(ALL) ALL
## Allow members of groups with no passwd for sudo###########
%admins ALL =NOPASSWD: ALL,\
!SU,\
!SHELLS,\
!VISUDO,\
!ROOT,\
!AUDIT,\
!LOG,\
YUM,\
MOUNT,\
UMOUNT,\
!/usr/bin/sudo -s
############# END /etc/sudoers sample ###############
Change useradd defaults by editing the /etc/default/useradd
~]#vi /etc/default/useradd
i have changed the default home directory path to /users
add below line to .bashrc file to get alert when user is loggedin
echo "ALERT-Shell Access on:" `date` `who` | mail -s "Alert: User loggedin to `hostname`" root@localhost
Create groups
~]#groupadd admins
~]#groupadd oinstall
Now add the user
~]#useradd -u 666 -g oinstall -G admins -d /users/home/kumar -s /bin/bash -c "RHEL7 for Freshers" kumar
verify the /users/ directory path whether it will create a home directory
verify /etc/skel modified files has been copied Or not
~]#passwd kumar
Now assign the password to the created user using 'passwd' command
change the user password expiry days and password notification before password expires
Default values of user account
~]#chage -m 80 -M 90 -W 10 kumar
check the changed settings
~]#chage -l kumar
Add aliases to map the user accounts to Email Address
edit the /etc/aliases file and add email address
~]#vi /etc/aliases
Example:
kumar: ravikumar@gmail.com
raj: raj@gmail.com
then save the file, when any alert sent to user 'kumar' Or 'raj' it will automatically reach your mail box.
in the same way you can use below command utilities to change user / group related changes
useradd , usermod , userdel | Standard utilities for adding, modifying, and deleting user accounts. |
groupadd , groupmod , groupdel | Standard utilities for adding, modifying, and deleting groups. |
gpasswd | Standard utility for administering the /etc/group configuration file. |
No comments:
Post a Comment