Linux Crash Course - Managing Users

Rollback to version 1

0:01 - 0:03

today's video is proudly sponsored by
0:03 - 0:04

lenode
0:04 - 0:06

the note has been doing cloud computing
0:06 - 0:07

since 2003
0:07 - 0:09

which is actually before amazon web
0:09 - 0:11

services was even a thing
0:11 - 0:13

on the notes platform you can get your
0:13 - 0:15

server up and running
0:15 - 0:17

in minutes and they include all the
0:17 - 0:18

popular distributions
0:18 - 0:21

such as debian fedora ubuntu
0:21 - 0:25

and get this even arch linux and let's
0:25 - 0:26

be honest what could be better than a
0:26 - 0:28

linux focus cloud server provider that
0:28 - 0:30

lets you tell all of your friends i run
0:30 - 0:31

arch
0:31 - 0:33

the note has multiple server plans
0:33 - 0:34

available to make any app
0:34 - 0:37

scalable and flexible you could use it
0:37 - 0:38

to host a blog
0:38 - 0:41

a vpn server a minecraft server
0:41 - 0:44

and much more in fact lenode is the
0:44 - 0:46

platform of choice to host the entire
0:46 - 0:48

web presence of learnlinux tv
0:48 - 0:52

in addition the note offers 24x7 365
0:52 - 0:52

support
0:52 - 0:55

regardless of plan size so you can get
0:55 - 0:57

help from a live person when you need it
0:57 - 0:59

new users can get started right now with
0:59 - 1:01

one hundred dollars towards your new
1:01 - 1:02

account
1:02 - 1:03

and i highly recommend you check them
1:03 - 1:05

out because lenode is
1:05 - 1:08

awesome and now let's get started with
1:08 - 1:13

today's video
1:13 - 1:18

[Music]
1:22 - 1:28

[Music]
1:28 - 1:30

hello again everyone and welcome back to
1:30 - 1:32

learn linux tv
1:32 - 1:34

in today's video we're going to take a
1:34 - 1:36

look at user management in linux one of
1:36 - 1:37

the most important things that you'll
1:37 - 1:38

learn how to do
1:38 - 1:40

because well you have to keep track of
1:40 - 1:42

your users on your linux servers
1:42 - 1:43

and that's exactly what i'm going to
1:43 - 1:46

show you the basics of in this video
1:46 - 1:48

i'll show you how to add users how to
1:48 - 1:50

remove users
1:50 - 1:52

how to set their password and some other
1:52 - 1:53

stuff as well so
1:53 - 1:56

let's go ahead and get started
1:59 - 2:02

alright so here i am on my popos system
2:02 - 2:05

this is my thinkpad x1 extreme laptop
2:05 - 2:07

but it doesn't really matter which
2:07 - 2:09

distribution you're using or what
2:09 - 2:10

computer you have
2:10 - 2:12

there will be some variations here and
2:12 - 2:14

there but for the most part
2:14 - 2:15

when it comes to adding and removing
2:15 - 2:19

users it's the same on each distribution
2:19 - 2:21

now if i do run across something that i
2:21 - 2:22

think might be different from
2:22 - 2:24

one distro to another i'll be sure to
2:24 - 2:26

point it out let's go ahead and open up
2:26 - 2:28

a terminal and get started
2:28 - 2:30

and here's my terminal complete with a
2:30 - 2:32

ridiculously large font
2:32 - 2:33

i just want to make sure that everyone
2:33 - 2:35

is able to see the content
2:35 - 2:38

and understand what i'm doing let's go
2:38 - 2:39

ahead and get started
2:39 - 2:40

just like with most things when it comes
2:40 - 2:42

to linux there's more than one way that
2:42 - 2:44

we can do just about everything
2:44 - 2:47

and adding users is no exception to that
2:47 - 2:49

especially in my case considering i'm
2:49 - 2:50

using desktop linux i don't even need to
2:50 - 2:51

use the command line
2:51 - 2:55

at all however using the command line is
2:55 - 2:56

completely universal
2:56 - 2:57

there's many different desktop
2:57 - 2:59

environments and each one is going to
2:59 - 3:01

have a different process for adding
3:01 - 3:02

users
3:02 - 3:04

but each linux distribution is going to
3:04 - 3:06

have access to the user add command
3:06 - 3:07

which is the command that we'll be using
3:07 - 3:10

for the majority of this video
3:10 - 3:12

and when it comes to servers it's very
3:12 - 3:14

common that linux servers won't have a
3:14 - 3:15

desktop environment
3:15 - 3:17

another reason to learn the command line
3:17 - 3:19

anyway like i mentioned
3:19 - 3:20

the command that we will use to add a
3:20 - 3:22

new user to our system
3:22 - 3:25

is the user add command and considering
3:25 - 3:26

that we'll be making changes to the
3:26 - 3:28

system
3:28 - 3:29

we'll either need to be logged in as
3:29 - 3:31

root or we can simply use
3:31 - 3:33

sudo in order to run this command with
3:33 - 3:34

root privileges
3:34 - 3:36

which is required for any command that's
3:36 - 3:38

going to make changes to the server
3:38 - 3:40

and of course adding a user is making a
3:40 - 3:42

system-wide change
3:42 - 3:43

so of course we're going to need root
3:43 - 3:46

privileges or we could just use sudo if
3:46 - 3:47

we have that installed
3:47 - 3:50

and most of you should after we type
3:50 - 3:51

user add
3:51 - 3:53

we type the name of the user that we
3:53 - 3:55

actually want to add to the system
3:55 - 3:57

and that will complete the command
3:57 - 3:58

before we
3:58 - 4:00

actually add a new user let's take a
4:00 - 4:02

look at some foundational concepts
4:02 - 4:06

first before we get started on that
4:06 - 4:08

and the first thing that i recommend you
4:08 - 4:10

do is understand which users you have on
4:10 - 4:12

your system already
4:12 - 4:15

what some people do is they will simply
4:15 - 4:18

list the contents of the home directory
4:18 - 4:20

because generally speaking most users
4:20 - 4:22

will have his or her own home directory
4:22 - 4:23

underneath
4:23 - 4:25

home and you can see mine right here so
4:25 - 4:27

i have a home directory
4:27 - 4:29

and we can glean from this that my user
4:29 - 4:31

j is on the system
4:31 - 4:32

now you probably already knew that
4:32 - 4:35

because well you can see my username
4:35 - 4:36

right here in the prompt
4:36 - 4:38

so you already knew that at least my
4:38 - 4:40

user account existed here
4:40 - 4:43

and here it is but checking the contents
4:43 - 4:44

of the home directory
4:44 - 4:46

is not really the best way to find out
4:46 - 4:47

how many users
4:47 - 4:50

or which users in particular you have
4:50 - 4:51

already on your server
4:51 - 4:53

i mean from the output here you'd
4:53 - 4:55

probably assume that my user account is
4:55 - 4:57

the only user on the system
4:57 - 5:00

but actually that's not true what i want
5:00 - 5:01

to do right now
5:01 - 5:02

is make sure that you're aware of the
5:02 - 5:06

existence of a very special file
5:07 - 5:09

and that's the etsy password file
5:09 - 5:11

password is abbreviated
5:11 - 5:13

that's not a typo that's actually what
5:13 - 5:14

the file is named
5:14 - 5:16

but i'll refer to it as etsy password
5:16 - 5:18

which is common in the linux community
5:18 - 5:21

even though it's abbreviated so the cat
5:21 - 5:22

command is just going to show me the
5:22 - 5:25

contents of that file
5:25 - 5:26

and you can see that the text is wrapped
5:26 - 5:28

here so what i'm going to do
5:28 - 5:32

is just lower the font size a bit
5:32 - 5:34

and as you can see we have quite a few
5:34 - 5:36

users on this system not just mine we
5:36 - 5:37

have many more
5:37 - 5:40

we see my user right here
5:40 - 5:43

and each user is on their own line so
5:43 - 5:44

for example
5:44 - 5:47

if i was to again cap the contents of
5:47 - 5:49

the etsy password file
5:49 - 5:51

and then i pipe it into the wc command
5:51 - 5:52

which stands for
5:52 - 5:55

word count and that's a bonus command it
5:55 - 5:56

wasn't even supposed to be part of the
5:56 - 5:58

video but you're welcome
5:58 - 6:00

anyway what i'm going to do is add the
6:00 - 6:02

dash l option to the word count command
6:02 - 6:04

what that's going to do is give me the
6:04 - 6:06

count of how many lines there are so as
6:06 - 6:08

you can see from the output there's 44
6:08 - 6:10

users on the system
6:10 - 6:11

so definitely a lot more than the one
6:11 - 6:13

you saw earlier when i listed the
6:13 - 6:17

contents of slash home
6:17 - 6:19

and in this file every user on the
6:19 - 6:22

system has its own line in this file
6:22 - 6:24

the first column shows the name of the
6:24 - 6:26

user and then there's other columns that
6:26 - 6:28

follow after that
6:28 - 6:29

i'll go over this file in a little bit
6:29 - 6:31

more detail later on
6:31 - 6:32

but at this point in the video i want to
6:32 - 6:34

make sure that you're aware of this file
6:34 - 6:36

that you're aware that it exists
6:36 - 6:38

and that you're aware of what its
6:38 - 6:40

purpose is its purpose is to contain a
6:40 - 6:41

listing
6:41 - 6:43

and the options that are associated with
6:43 - 6:45

the user accounts on your server
6:45 - 6:47

but either way it's just a good idea to
6:47 - 6:49

know whether or not the user is on the
6:49 - 6:50

system
6:50 - 6:52

already and by checking the contents of
6:52 - 6:53

this file
6:53 - 6:55

we can determine that now one of the
6:55 - 6:56

things i'm going to do
6:56 - 6:59

is cap this out again that i'm going to
6:59 - 7:00

grep
7:00 - 7:02

so that way the only line of output that
7:02 - 7:03

it's going to produce
7:03 - 7:05

is just the one line that contains my
7:05 - 7:07

user account
7:07 - 7:09

and what i want to point you to is this
7:09 - 7:10

number right here
7:10 - 7:13

where it shows 1000. now again i'll go
7:13 - 7:16

over this file in more detail later
7:16 - 7:17

i think it's a good idea to understand
7:17 - 7:19

what this number is
7:19 - 7:22

that number refers to the user id aka
7:22 - 7:25

uid every user has his or her
7:25 - 7:28

own uid as you can see here the uid of
7:28 - 7:30

my user is 1000.
7:30 - 7:32

most distributions of linux actually ask
7:32 - 7:34

you to create a user account during the
7:34 - 7:36

installation process
7:36 - 7:38

and that first user is well pretty much
7:38 - 7:39

almost
7:39 - 7:42

always given the uid of 1000.
7:42 - 7:44

i'll talk more about uids a bit later
7:44 - 7:46

but that's just another thing that i
7:46 - 7:48

wanted you to be aware of
7:48 - 7:50

anyway let's go back to the user ad
7:50 - 7:51

command
7:51 - 7:53

after all that's why we're here in the
7:53 - 7:55

first place we want to know how to add
7:55 - 7:57

and remove users and the user add
7:57 - 7:58

command
7:58 - 8:00

as the name would imply is the command
8:00 - 8:01

that we would use
8:01 - 8:04

to add a user to the system i'm logged
8:04 - 8:05

in as j
8:05 - 8:07

so i can't really use this command like
8:07 - 8:09

i mentioned earlier without sudo
8:09 - 8:11

or just logging in as root so i'm going
8:11 - 8:13

to add sudo to the command
8:13 - 8:15

and then at the end i'm going to give it
8:15 - 8:18

the name of a user i want to create
8:18 - 8:20

so i'm going to tell it to create a user
8:20 - 8:22

with the name of foxmolder
8:22 - 8:24

so for all of you x-files fans out there
8:24 - 8:26

yes that was an easter egg and the
8:26 - 8:27

x-files was
8:27 - 8:29

actually my favorite sci-fi series
8:29 - 8:32

growing up i loved watching that every
8:32 - 8:32

sunday night
8:32 - 8:35

great times anyway what i'm going to do
8:35 - 8:36

right now is press
8:36 - 8:38

enter and now it's asking me for my
8:38 - 8:39

password
8:39 - 8:42

my user password to verify that i have
8:42 - 8:45

access to the sudo command
8:46 - 8:48

and it didn't say anything but it also
8:48 - 8:50

doesn't appear to have failed either
8:50 - 8:52

so if i cap the contents of etsy
8:52 - 8:54

password again
8:54 - 8:56

let's see what happens and as you can
8:56 - 8:57

see the very last
8:57 - 9:00

line in this file shows that user was
9:00 - 9:01

created
9:01 - 9:04

now if you recall the uid for my user
9:04 - 9:05

was uid
9:05 - 9:09

1000 for fox moulder that user got uid
9:09 - 9:12

1001. now something to keep in mind is
9:12 - 9:13

that when you add a user to a linux
9:13 - 9:14

system
9:14 - 9:16

it's going to assign the next available
9:16 - 9:18

uid to that user
9:18 - 9:20

now my user already had assigned the uid
9:20 - 9:21

of 1000. so
9:21 - 9:24

that uid is no longer available when i
9:24 - 9:26

created the account fox molder
9:26 - 9:28

it just incremented it by one 1001
9:28 - 9:30

that's the uid that it was provided as
9:30 - 9:31

you can see here
9:31 - 9:33

now you'll notice from the output that
9:33 - 9:35

there's some uids here that are much
9:35 - 9:39

lower than 1000 for example 122 121 and
9:39 - 9:39

so on
9:39 - 9:42

on most distributions of linux normal
9:42 - 9:43

user accounts
9:43 - 9:45

basically user accounts that are
9:45 - 9:47

associated with interactive logins or
9:47 - 9:49

basically user ids that are going to be
9:49 - 9:51

used by a human
9:51 - 9:54

those are given uids 1000 and above
9:54 - 9:57

uids below 1000 are considered system
9:57 - 9:58

accounts
9:58 - 9:59

and i'll talk a little bit more about
9:59 - 10:01

system accounts in a few minutes but i
10:01 - 10:03

just wanted you to be aware of that
10:03 - 10:04

distinction we have
10:04 - 10:07

user accounts we also have system user
10:07 - 10:08

accounts
10:08 - 10:10

and the user add command by default adds
10:10 - 10:13

normal user accounts
10:13 - 10:16

now i added a user for foxmolder we did
10:16 - 10:17

that with the previous command that we
10:17 - 10:19

entered let's also list the contents of
10:19 - 10:21

the home directory
10:21 - 10:22

and see whether or not that user has a
10:22 - 10:24

home directory underneath
10:24 - 10:28

home and it doesn't why is that
10:28 - 10:30

now depending on your distribution it
10:30 - 10:31

might have
10:31 - 10:33

actually created a home directory for
10:33 - 10:35

that user on my end
10:35 - 10:37

it didn't this is one thing that
10:37 - 10:38

actually does differ
10:38 - 10:40

from one distribution to another each
10:40 - 10:42

distribution is going to set their own
10:42 - 10:45

defaults for the user add command
10:45 - 10:46

so on your end it might have created a
10:46 - 10:48

home directory on my end well
10:48 - 10:51

i wasn't so fortunate so let's take a
10:51 - 10:53

quick detour here
10:53 - 10:55

and what i'm going to do is point you to
10:55 - 10:58

another file
10:58 - 11:00

and that file is the etsy default user
11:00 - 11:02

ad file
11:02 - 11:04

now i'm not going to go over this
11:04 - 11:07

particular file in too much detail
11:07 - 11:09

but basically what it does is sets the
11:09 - 11:11

defaults for user ad
11:11 - 11:14

each distribution is free to supply
11:14 - 11:15

their own version
11:15 - 11:18

of this particular file so as you can
11:18 - 11:19

see here we have
11:19 - 11:22

shell equals slash bin slash sh
11:22 - 11:24

if you want to use a different default
11:24 - 11:26

shell then you'll change it right here
11:26 - 11:28

but basically this file just sets the
11:28 - 11:30

defaults and again
11:30 - 11:31

it's going to be different from one
11:31 - 11:33

distribution to another
11:33 - 11:35

and it's entirely possible that on your
11:35 - 11:36

distribution you may not even have this
11:36 - 11:38

file at all
11:38 - 11:40

now all i want at this point is for you
11:40 - 11:42

to be aware that this file exists
11:42 - 11:44

what you might think that i'm going to
11:44 - 11:46

recommend is that you customize this
11:46 - 11:48

file with the defaults that you prefer
11:48 - 11:51

but i'm not going to do that instead i
11:51 - 11:54

recommend that you be explicit
11:54 - 11:56

say what you mean and mean what you say
11:56 - 11:58

so even if your distribution did create
11:58 - 12:00

a home directory here
12:00 - 12:02

i still recommend that you tell the user
12:02 - 12:03

add command
12:03 - 12:05

specifically that you want a home
12:05 - 12:07

directory now on your end
12:07 - 12:09

that might be redundant if it already
12:09 - 12:11

created a home directory for the user
12:11 - 12:12

that you created
12:12 - 12:14

then why should you bother and add a
12:14 - 12:16

redundant option to tell it to create a
12:16 - 12:19

home directory when it already did
12:19 - 12:21

now it's a good idea to basically be
12:21 - 12:22

explicit
12:22 - 12:24

when it comes to linux include all the
12:24 - 12:26

options
12:26 - 12:27

that's especially true when you're
12:27 - 12:29

writing scripts because you want your
12:29 - 12:31

scripts to be portable
12:31 - 12:33

maybe you have a script that you want to
12:33 - 12:35

run on multiple distributions
12:35 - 12:37

if that's the case you'll probably want
12:37 - 12:39

the same output every time that script
12:39 - 12:40

runs
12:40 - 12:42

so if you are using the user add command
12:42 - 12:43

as part of a script
12:43 - 12:45

you'll probably want to add all the
12:45 - 12:47

appropriate options to ensure
12:47 - 12:48

that all the user accounts that you
12:48 - 12:51

create are always created the same way
12:51 - 12:53

and i recommend that you be explicit not
12:53 - 12:55

just when you're creating scripts
12:55 - 12:57

but basically just get in the habit of
12:57 - 12:58

always doing that
12:58 - 13:01

so what i want to do is re-add the user
13:01 - 13:03

but i want to add the user with a home
13:03 - 13:05

directory this time
13:05 - 13:07

but that requires another detour because
13:07 - 13:08

the user already exists
13:08 - 13:11

i could create another user but what i'm
13:11 - 13:12

going to do instead is take this
13:12 - 13:14

opportunity to show you how to remove a
13:14 - 13:16

user account
13:16 - 13:18

so to remove a user account you can use
13:18 - 13:20

the user dell command
13:20 - 13:22

the user delete command however you want
13:22 - 13:24

to say it
13:24 - 13:27

we'll need to use sudo and then we give
13:27 - 13:28

it the name of the user that we want to
13:28 - 13:29

delete
13:29 - 13:32

but be very careful here when you run a
13:32 - 13:34

command like this on a linux system the
13:34 - 13:36

linux system is going to make the
13:36 - 13:36

assumption
13:36 - 13:38

that you know what you're doing so just
13:38 - 13:39

make sure that you're typing the
13:39 - 13:40

username
13:40 - 13:42

that's actually the user you want to
13:42 - 13:44

delete just be very careful
13:44 - 13:46

so we created a user earlier named
13:46 - 13:48

foxmolder i'm going to delete that user
13:48 - 13:49

account
13:49 - 13:51

maybe moulder got abducted by aliens or
13:51 - 13:52

something i don't know
13:52 - 13:53

but we're going to remove them from the
13:53 - 13:57

system and that's it
13:57 - 13:58

now that user didn't even have a home
13:58 - 14:00

directory to begin with
14:00 - 14:02

but the thing is though if that user did
14:02 - 14:03

have a home directory
14:03 - 14:05

they would probably still have a home
14:05 - 14:07

directory here because of the user
14:07 - 14:08

delete command
14:08 - 14:10

that doesn't delete the home directory
14:10 - 14:11

for the user when you delete a user by
14:11 - 14:12

default
14:12 - 14:14

just keep that in mind we'll return to
14:14 - 14:18

that in a few minutes but anyway
14:20 - 14:21

we can see here that that particular
14:21 - 14:24

user account is gone
14:24 - 14:26

so let's go ahead and add that user back
14:26 - 14:27

to the system
14:27 - 14:29

and at the same time make sure that a
14:29 - 14:31

home directory is also created for that
14:31 - 14:32

user
14:32 - 14:35

when we create the user itself
14:38 - 14:40

and this is the command right here that
14:40 - 14:42

we used earlier so what i'm going to do
14:42 - 14:43

is add the dash
14:43 - 14:47

m option i'll press enter
14:47 - 14:49

no output just like last time but the
14:49 - 14:50

difference
14:50 - 14:53

at least in my case is that the user
14:53 - 14:55

actually has a home directory right now
14:55 - 14:56

we see that right here
14:56 - 14:58

the line is wrapped a bit you get the
14:58 - 15:00

idea that user does indeed have a home
15:00 - 15:02

directory we added the dash m
15:02 - 15:05

option which is what you see here that
15:05 - 15:07

specifically tells user ad that we want
15:07 - 15:08

a home directory
15:08 - 15:11

when we create this user
15:11 - 15:13

so let's talk about removing the user
15:13 - 15:15

again but this time
15:15 - 15:19

also removing the home directory as well
15:20 - 15:21

and again we see that user does indeed
15:21 - 15:23

have a home directory
15:23 - 15:25

and earlier when we remove this account
15:25 - 15:28

the first time
15:30 - 15:32

this is the command that we used right
15:32 - 15:36

here so to remove a home directory
15:36 - 15:39

we add the dash r option to this command
15:39 - 15:41

that's going to like i mentioned
15:41 - 15:43

remove the user account and also their
15:43 - 15:44

home directory
15:44 - 15:47

now before i actually press enter here i
15:47 - 15:49

do want to mention that
15:49 - 15:50

before you start removing a home
15:50 - 15:52

directory for a user
15:52 - 15:54

for example if you are working at a
15:54 - 15:56

company you'll want to make sure that
15:56 - 15:58

you should remove their home directory
15:58 - 16:00

before you actually do it
16:00 - 16:02

for example if an employee leaves the
16:02 - 16:03

company
16:03 - 16:05

that employee supervisor might need
16:05 - 16:08

access to their files in order to finish
16:08 - 16:09

any projects that they might have been
16:09 - 16:10

working on
16:10 - 16:12

but if you delete their files well they
16:12 - 16:14

can't do that
16:14 - 16:16

perhaps more importantly a lot of
16:16 - 16:17

companies out there
16:17 - 16:20

they have requirements for how long to
16:20 - 16:22

retain their employees data
16:22 - 16:24

and if you're actually working in a
16:24 - 16:25

company it's extremely
16:25 - 16:28

important that you ask hr or whoever it
16:28 - 16:29

is you ask there
16:29 - 16:31

what the retention policy is for
16:31 - 16:32

employee data
16:32 - 16:34

you'll want to make sure that you are in
16:34 - 16:36

compliance with any policies that might
16:36 - 16:37

exist
16:37 - 16:39

maybe a company might have a policy
16:39 - 16:41

where they have to retain
16:41 - 16:44

user records for a few years if you
16:44 - 16:46

delete a user account with their home
16:46 - 16:49

directory then you are not in compliance
16:49 - 16:50

now if your company does not have a
16:50 - 16:52

policy when it comes to user data
16:52 - 16:55

retention or data retention in general
16:55 - 16:56

it's actually one of those things that
16:56 - 16:58

should definitely be drafted
16:58 - 17:01

let somebody know anyway i'm going to
17:01 - 17:02

press enter
17:02 - 17:04

we can ignore this message right here
17:04 - 17:05

about the mail spool
17:05 - 17:07

that's beyond the scope of this video
17:07 - 17:08

that is a normal message though so
17:08 - 17:10

nothing to be concerned with
17:10 - 17:12

we can check the contents of the home
17:12 - 17:14

directory again and that home directory
17:14 - 17:16

is in fact gone
17:16 - 17:18

another thing that i want to show you
17:18 - 17:20

guys is how to set a password for a user
17:20 - 17:21

because
17:21 - 17:23

when we added the fox molder user it
17:23 - 17:25

didn't even ask us what we wanted the
17:25 - 17:27

password to be for that user
17:27 - 17:30

in fact the user had no password at all
17:30 - 17:32

now what i'm going to do
17:32 - 17:35

is just add the user back to the system
17:37 - 17:38

i'm going to add it with the home
17:38 - 17:41

directory
17:41 - 17:45

so nothing different i'll just press
17:45 - 17:46

enter
17:46 - 17:48

user has a home directory and the user
17:48 - 17:50

is on the system
17:50 - 17:52

so let's take a look at how we set a
17:52 - 17:54

password for the user
17:54 - 17:56

and to set a password for a user or even
17:56 - 17:58

change our own password for that matter
17:58 - 18:01

we have a dedicated command the past wd
18:01 - 18:02

command
18:02 - 18:04

now if i entered this by itself right
18:04 - 18:05

now
18:05 - 18:07

it's going to assume that i want to
18:07 - 18:08

change the password for the user
18:08 - 18:11

that i'm currently logged in with so if
18:11 - 18:13

you had a user for example that came to
18:13 - 18:14

you and said
18:14 - 18:16

how do i change my password you would
18:16 - 18:18

ask them to run the passwd command you
18:18 - 18:20

don't even need to get involved
18:20 - 18:22

they can change their own password
18:22 - 18:23

there's nothing for you as the
18:23 - 18:26

administrator to do in this regard
18:26 - 18:27

other than to know that the passwd
18:27 - 18:29

command exists
18:29 - 18:31

and i'm going to actually use it right
18:31 - 18:32

now i'm going to make it fail on purpose
18:32 - 18:34

though
18:34 - 18:35

and the reason why is because i don't
18:35 - 18:37

want to change my password right now
18:37 - 18:39

but the first thing that it does is it
18:39 - 18:43

asks you for your current password
18:43 - 18:45

which i've entered and then it asks you
18:45 - 18:47

for your new password what do you want
18:47 - 18:50

your new password to be
18:50 - 18:53

which i've entered and then you enter it
18:53 - 18:55

again
18:55 - 18:56

and it's telling me that the passwords
18:56 - 18:59

don't match and that was intentional
18:59 - 19:01

if the passwords did match then the
19:01 - 19:03

password i chose right then and there
19:03 - 19:04

would become my password
19:04 - 19:06

so that's how you change the password
19:06 - 19:09

for the user that you're logged in with
19:09 - 19:11

but actually i brought that up in
19:11 - 19:13

regards to setting a password for
19:13 - 19:14

another user
19:14 - 19:16

so for example if you have someone
19:16 - 19:17

that's going to start logging into your
19:17 - 19:18

linux server
19:18 - 19:20

you can set a temporary password for
19:20 - 19:23

them and then ask them to change it
19:23 - 19:25

in a future video we'll be going over
19:25 - 19:26

password expiration
19:26 - 19:28

but we're going to omit that right now
19:28 - 19:30

just to keep things simple
19:30 - 19:33

so to change a password for another user
19:33 - 19:34

you can type sudo
19:34 - 19:36

because in order to change a password
19:36 - 19:37

for another user you do need root
19:37 - 19:38

privileges or
19:38 - 19:40

at least access to sudo in order to be
19:40 - 19:42

able to do that
19:42 - 19:45

then you can run passwd and then the
19:45 - 19:46

name of the user that you want to change
19:46 - 19:47

the password for
19:47 - 19:49

or in this case you want to set the
19:49 - 19:51

password so i'll type the name of the
19:51 - 19:53

user right here
19:53 - 19:54

now notice that it didn't ask me for the
19:54 - 19:56

user's current password
19:56 - 19:58

you might think that the reason why it
19:58 - 20:00

didn't ask me was because the user
20:00 - 20:01

didn't even have a password we didn't
20:01 - 20:03

even set a password
20:03 - 20:05

but if you have access to sudo or the
20:05 - 20:07

root user it's never going to ask you
20:07 - 20:09

for the user's current password
20:09 - 20:12

i mean root is pretty much like god mode
20:12 - 20:14

if you've ever played doom for example
20:14 - 20:16

it's the all-powerful account that can
20:16 - 20:17

do basically
20:17 - 20:20

everything so root doesn't need to know
20:20 - 20:22

the password of the user
20:22 - 20:24

to change or set the password so even if
20:24 - 20:25

the user
20:25 - 20:27

already had a password it doesn't care
20:27 - 20:29

you're setting the password
20:29 - 20:31

and anyone that has access to root has
20:31 - 20:33

permission to set a password for another
20:33 - 20:34

user
20:34 - 20:38

so i'm going to type it in right now
20:38 - 20:42

and again and it said password updated
20:42 - 20:43

successfully so
20:43 - 20:45

i was able to add a password for the fox
20:45 - 20:47

motor user
20:47 - 20:49

now let's go ahead and see an example of
20:49 - 20:51

creating a system user
20:51 - 20:53

a system user is very useful when you
20:53 - 20:56

are doing any kind of automation
20:56 - 20:58

for example maybe you have an accounting
20:58 - 20:59

department
20:59 - 21:01

and you need to run a financial report
21:01 - 21:03

for them every week
21:03 - 21:05

that sounds tedious to me and to be
21:05 - 21:06

honest with you
21:06 - 21:08

doing a financial report that doesn't
21:08 - 21:10

really excite me and if you're like me
21:10 - 21:12

you'll probably want to automate that
21:12 - 21:14

report so you'll never be bothered to do
21:14 - 21:15

it
21:15 - 21:16

but if you're going to automate
21:16 - 21:18

something like a process or some sort of
21:18 - 21:18

task
21:18 - 21:21

then it makes sense to not use your user
21:21 - 21:22

account for it
21:22 - 21:24

create a system user and actually you
21:24 - 21:27

can use a system user with cron
21:27 - 21:29

to run a scheduled job which is the best
21:29 - 21:30

way to do it
21:30 - 21:32

now i'll be covering kron in a future
21:32 - 21:34

video in this series
21:34 - 21:35

go ahead and check the playlist to see
21:35 - 21:37

if it's already there but for now
21:37 - 21:39

just keep in mind that system users are
21:39 - 21:41

useful when you want something to run in
21:41 - 21:42

the background
21:42 - 21:44

and it's not something that's associated
21:44 - 21:46

to any one person
21:46 - 21:47

so let's go ahead and add a system user
21:47 - 21:49

right now so again it's sudo and then
21:49 - 21:51

user add
21:51 - 21:54

and we're going to use dash r and that
21:54 - 21:54

dash
21:54 - 21:57

r option actually allows us to designate
21:57 - 21:59

that we want to create a system user
21:59 - 22:01

specifically
22:01 - 22:03

not a normal user and what i'm going to
22:03 - 22:06

do is call the system user assist user
22:06 - 22:10

just like that i'll press enter
22:10 - 22:12

and what i'm going to do is cap the
22:12 - 22:14

contents of etsy password again
22:14 - 22:16

and i'm going to grep for sysuser
22:16 - 22:19

because i only want to see that one line
22:19 - 22:22

and we see it right here now notice that
22:22 - 22:23

the uid
22:23 - 22:26

is 998. it doesn't start with 1000.
22:26 - 22:28

earlier when we created a user that user
22:28 - 22:30

was assigned uid
22:30 - 22:33

1001 but this user was actually assigned
22:33 - 22:34

a uid
22:34 - 22:36

of less than a thousand and that's
22:36 - 22:38

generally the case
22:38 - 22:40

normal user accounts will be provided a
22:40 - 22:42

uid of a thousand or greater
22:42 - 22:44

and then system users will generally be
22:44 - 22:46

provided a uid
22:46 - 22:48

of less than one thousand and that
22:48 - 22:50

distinction doesn't really matter
22:50 - 22:52

so much other than you can deduce that a
22:52 - 22:55

user is most likely a system user based
22:55 - 22:56

on the uid
22:56 - 22:58

in my case i'm using a desktop
22:58 - 23:00

distribution of linux
23:00 - 23:02

and most of the time desktop
23:02 - 23:04

distributions will not show a system
23:04 - 23:06

user on the login screen
23:06 - 23:08

now that does vary from one distribution
23:08 - 23:09

to another
23:09 - 23:11

but generally speaking most
23:11 - 23:13

distributions will not show you ids on
23:13 - 23:15

the login screen
23:15 - 23:17

that are under 1000. that's important
23:17 - 23:20

because if it did show you ids that are
23:20 - 23:21

under a thousand
23:21 - 23:24

then in my case there would be probably
23:24 - 23:24

around
23:24 - 23:27

44 user accounts shown on the login
23:27 - 23:28

screen
23:28 - 23:31

and that's very messy but anyway
23:31 - 23:34

at this point i just want you to be
23:34 - 23:35

aware of the dash r
23:35 - 23:37

option and just keep in mind that that
23:37 - 23:40

allows you to create a system user
23:40 - 23:42

and a system user again is a user that
23:42 - 23:43

generally doesn't log
23:43 - 23:46

in interactively and is used for things
23:46 - 23:47

that are going to run in the background
23:47 - 23:50

schedule tasks processes things like
23:50 - 23:51

that
23:51 - 23:53

now that actually completes the main
23:53 - 23:55

part of this video the whole goal was to
23:55 - 23:57

show you the basics of user management
23:57 - 23:58

and
23:58 - 24:00

i've already showed you how to add a
24:00 - 24:02

user how to remove a user
24:02 - 24:04

and some options with the user add
24:04 - 24:06

command now of course you could just
24:06 - 24:06

type
24:06 - 24:09

man and then user add and then you get a
24:09 - 24:10

bunch of options here
24:10 - 24:12

as far as some of the additional things
24:12 - 24:14

that you can do with that command
24:14 - 24:16

but as far as the basics are concerned
24:16 - 24:18

which was the actual purpose of this
24:18 - 24:20

entire video were covered there but i'm
24:20 - 24:21

not going to end the video
24:21 - 24:24

just yet there's one more thing that i
24:24 - 24:26

want to show you guys
24:26 - 24:28

and as i promised earlier in the video i
24:28 - 24:30

told you that i would go over the
24:30 - 24:31

contents of the etsy password file to
24:31 - 24:32

help you guys
24:32 - 24:34

understand it better let's go ahead and
24:34 - 24:36

do that right now
24:36 - 24:39

now as you recall
24:39 - 24:41

the etsy password file that contains a
24:41 - 24:43

listing of all the users on the system
24:43 - 24:45

there's quite a few lines there so what
24:45 - 24:46

i'm going to do is lower the font size a
24:46 - 24:47

bit
24:47 - 24:49

just to make sure you can see everything
24:49 - 24:51

hopefully that's not too small
24:51 - 24:53

we have several different columns on
24:53 - 24:55

each line and each column is separated
24:55 - 24:56

by a colon
24:56 - 24:59

now the first column is the username no
24:59 - 25:00

surprise there
25:00 - 25:02

the second column which is this one
25:02 - 25:03

right here
25:03 - 25:06

that just refers to the password
25:06 - 25:07

actually it's a little bit more
25:07 - 25:08

complicated than that
25:08 - 25:10

but it essentially means that we have an
25:10 - 25:12

encrypted password in use here
25:12 - 25:15

and nowadays we don't really use any
25:15 - 25:15

other
25:15 - 25:19

kind of password we always use hashed
25:19 - 25:21

passwords which is what this refers to
25:21 - 25:23

it just means that the password for this
25:23 - 25:24

user is hashed
25:24 - 25:26

it's not shown here in some ways that's
25:26 - 25:28

a carryover from the olden days which is
25:28 - 25:30

why i'm not going to go into too much
25:30 - 25:32

detail on that
25:32 - 25:34

but you'll probably almost if not always
25:34 - 25:35

see an x
25:35 - 25:39

in that field continuing we have the uid
25:39 - 25:42

right here as i talked about earlier
25:42 - 25:45

the next field is the group id
25:45 - 25:47

i've already explained what a uid is
25:47 - 25:49

earlier in the video
25:49 - 25:53

and a gid or group id is essentially the
25:53 - 25:53

same thing
25:53 - 25:56

but for groups i'll be covering groups
25:56 - 25:57

in a separate video
25:57 - 26:00

so don't worry about that right now this
26:00 - 26:02

field here
26:02 - 26:05

that is the user information field and
26:05 - 26:06

you might see that referred to as the
26:06 - 26:08

geckos field
26:08 - 26:12

g-e-c-o-s so it looks like that
26:12 - 26:14

but i like to refer to it as the user
26:14 - 26:15

information field
26:15 - 26:17

and it's most commonly used for the
26:17 - 26:20

first and last name as you see here
26:20 - 26:22

that user information field is
26:22 - 26:24

completely optional it's perfectly fine
26:24 - 26:26

to go ahead and skip it and you'll
26:26 - 26:28

actually see it skipped
26:28 - 26:30

in other user accounts and other lines
26:30 - 26:32

you'll see like two colons together
26:32 - 26:35

that just means that that information
26:35 - 26:36

isn't there it's blank
26:36 - 26:39

continuing on we have the home directory
26:39 - 26:40

for the user in my case
26:40 - 26:43

slash home slash j that's where my home
26:43 - 26:44

directory is
26:44 - 26:46

so it's essentially telling the linux
26:46 - 26:48

system where to find the home directory
26:48 - 26:50

for that user
26:50 - 26:53

the last column here that refers to the
26:53 - 26:53

shell
26:53 - 26:55

that is designated for that user when a
26:55 - 26:58

user logs in their shell is activated
26:58 - 27:01

in my case slash bin slash bash that's
27:01 - 27:02

the shell
27:02 - 27:05

that i'm going to be using when i log in
27:05 - 27:06

so for example if i type
27:06 - 27:09

echo then dollar sign and then shell in
27:09 - 27:10

all caps
27:10 - 27:13

you can see that my shell is slash bin
27:13 - 27:15

slash bash
27:15 - 27:17

and that was set right here and again
27:17 - 27:19

this is the shell that's going to start
27:19 - 27:20

up as soon as i log
27:20 - 27:22

in now you will see other things here
27:22 - 27:24

instead of slash bin
27:24 - 27:27

sh or bin bash for example user s bin no
27:27 - 27:28

login
27:28 - 27:30

and you'll see other variations of this
27:30 - 27:33

as well user aspen no login means well
27:33 - 27:35

that user is not going to be able to log
27:35 - 27:37

in and when it comes to system users
27:37 - 27:40

we really don't want them to log in and
27:40 - 27:41

generally speaking
27:41 - 27:43

system users are not associated to a
27:43 - 27:44

human being
27:44 - 27:45

so there's no reason for them to
27:45 - 27:47

interactively log in and they don't have
27:47 - 27:48

to log in
27:48 - 27:50

in order to run reports run command
27:50 - 27:52

scripts or anything like that
27:52 - 27:54

often people will use system accounts to
27:54 - 27:56

automate things like i mentioned earlier
27:56 - 27:58

and that's essentially all this is user
27:58 - 28:00

spin no login
28:00 - 28:01

means basically what it says when that
28:01 - 28:04

user tries to log in even if you did set
28:04 - 28:05

a password for that user
28:05 - 28:07

they'll be denied it's going to attempt
28:07 - 28:09

to run user spin no login
28:09 - 28:11

which is basically going to deny the
28:11 - 28:12

login
28:12 - 28:14

now let's go ahead and take a look at
28:14 - 28:16

the etsy shadow file
28:16 - 28:19

now real quick
28:23 - 28:24

you'll recall that i mentioned that we
28:24 - 28:27

have an x rate here for most if not all
28:27 - 28:28

the users
28:28 - 28:30

and that x refers to the fact that that
28:30 - 28:32

user has a hashed password
28:32 - 28:34

it's almost always going to be the case
28:34 - 28:36

we really don't want to store the user's
28:36 - 28:38

password in plain text in the etsy
28:38 - 28:39

password file
28:39 - 28:41

we would rather hash it and store it
28:41 - 28:43

somewhere else
28:43 - 28:44

so if we take a look at the etsy shadow
28:44 - 28:47

file
28:48 - 28:50

now as an aside you will need sudo in
28:50 - 28:52

order to view this file unlike the etsy
28:52 - 28:53

password file
28:53 - 28:56

as you can see i was able to run cat
28:56 - 28:58

etsy password with no sudo at all
28:58 - 29:00

but i can't get away with that when it
29:00 - 29:01

comes to etsy shadow so
29:01 - 29:04

i will add sudo now just like with the
29:04 - 29:06

etsy password file
29:06 - 29:08

with the etsy shadow file we have a
29:08 - 29:10

bunch of different columns on each line
29:10 - 29:13

and each column is separated by a single
29:13 - 29:14

colon
29:14 - 29:17

on the left we have the username
29:17 - 29:20

and that's the username right here and
29:20 - 29:21

to make it a little bit easier
29:21 - 29:23

i'm going to grep for my user account
29:23 - 29:25

here
29:25 - 29:27

just to get it down to one line makes it
29:27 - 29:28

a little bit easier but in the first
29:28 - 29:30

column again we have the username
29:30 - 29:33

in the second column which is actually
29:33 - 29:34

ridiculously long
29:34 - 29:37

we have the actual hash for the password
29:37 - 29:39

now this isn't my actual password
29:39 - 29:42

it's just a hash of my password that's
29:42 - 29:43

an important distinction
29:43 - 29:46

so moving on we have this field right
29:46 - 29:47

here
29:47 - 29:48

and that number refers to the number of
29:48 - 29:50

days since the unix epoch that the
29:50 - 29:52

password was last changed
29:52 - 29:54

for those that aren't already aware the
29:54 - 29:56

unix epoch is january 1st
29:56 - 29:59

of 1970. therefore we could read that
29:59 - 30:01

column as a password having last been
30:01 - 30:02

changed
30:02 - 30:05

that many days after the unix epoch so
30:05 - 30:06

in this case
30:06 - 30:09

18 807 days
30:09 - 30:10

the fourth column tells us how many days
30:10 - 30:12

are required to pass
30:12 - 30:13

before the user will be able to change
30:13 - 30:16

their password again in this example
30:16 - 30:18

the user can change their password well
30:18 - 30:19

anytime
30:19 - 30:21

and they can do that because the number
30:21 - 30:23

of days is set to zero zero means any
30:23 - 30:24

time
30:24 - 30:26

this column right here refers to how
30:26 - 30:28

many days until a password change is
30:28 - 30:29

required
30:29 - 30:33

in this case 99 999 days
30:33 - 30:36

since the unix epoch will pass until i'm
30:36 - 30:36

required
30:36 - 30:38

to change my password so i guess it may
30:38 - 30:40

as well be infinite
30:40 - 30:42

in a future video we'll explore user
30:42 - 30:44

password expiration
30:44 - 30:46

so don't worry about that too much right
30:46 - 30:48

now so here we have number seven
30:48 - 30:51

and this field refers to how many days
30:51 - 30:52

until the user will be reminded to
30:52 - 30:54

change their password
30:54 - 30:56

so in this case if the user's password
30:56 - 30:58

is going to expire within seven days
30:58 - 31:00

it's going to show them a message on the
31:00 - 31:01

shell but
31:01 - 31:03

well i mean there's quite a few days
31:03 - 31:06

until this password is going to expire
31:06 - 31:08

so even though it shows 7 i'm probably
31:08 - 31:11

never going to see that message
31:11 - 31:13

now here we have several columns that
31:13 - 31:14

are not
31:14 - 31:17

set at all so the next field would have
31:17 - 31:18

showed us how many days
31:18 - 31:20

until the user password is going to be
31:20 - 31:22

locked i never actually set a time for
31:22 - 31:24

the password to be locked so that's not
31:24 - 31:25

set
31:25 - 31:26

we also have a field that would normally
31:26 - 31:28

show us how many days until the account
31:28 - 31:29

is disabled
31:29 - 31:31

but that's not set either now i went
31:31 - 31:34

over the last fields here fairly quickly
31:34 - 31:35

and that's because you really don't need
31:35 - 31:38

to memorize that i mean you can
31:38 - 31:40

if you want to but we have a dedicated
31:40 - 31:42

command that we would use
31:42 - 31:44

to lock a user account to set a password
31:44 - 31:46

expiration and things like that and more
31:46 - 31:47

importantly
31:47 - 31:50

a dedicated command we can use to check
31:50 - 31:51

that information
31:51 - 31:53

without having to remember those fields
31:53 - 31:54

so i wouldn't worry about it too much
31:54 - 31:56

we'll get to that when we cover password
31:56 - 32:02

expiration in a future video
32:02 - 32:05

so there you go there's actually
32:05 - 32:06

additional concepts that we could have
32:06 - 32:08

gone over in this video when it comes to
32:08 - 32:09

user management
32:09 - 32:11

but i decided to save those for future
32:11 - 32:13

videos again
32:13 - 32:15

check the playlist for this series
32:15 - 32:17

because other videos on user management
32:17 - 32:20

might already exist and if they don't i
32:20 - 32:22

will create those for you very soon
32:22 - 32:24

make sure you subscribe so you'll be the
32:24 - 32:26

first to see those videos as soon as
32:26 - 32:27

they're out
32:27 - 32:28

regardless thank you so much for
32:28 - 32:30

watching i really appreciate it
32:30 - 32:44

and i'll see you next time
32:45 - 32:58

[Music]
32:58 - 33:00

you

Title:: Linux Crash Course - Managing Users
Description:: more » « less
Video Language:: English
Duration:: 32:59

	OEVIDEOS edited English subtitles for Linux Crash Course - Managing Users
	OEVIDEOS edited English subtitles for Linux Crash Course - Managing Users
	OEVIDEOS edited English subtitles for Linux Crash Course - Managing Users

English subtitles

Revisions Compare revisions

Revision 3 Edited

OEVIDEOS
Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	3	OEVIDEOS
	2	OEVIDEOS
	1	OEVIDEOS

Linux Crash Course - Managing Users

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)