What is/are the standard CLI program(s) to manage users and groups?

I'm primarily inquiring about customer monitoring from the command line (e.g. on a system where there are no visual devices readily available). In the past I've made use of numerous various programs to add or delete users and also teams or to change their features: adduser, useradd, usermod, gpasswd, and also probably others I've neglected. I've additionally listened to a pair times that several of these programs are low-level and also need to be stayed clear of for basic usage, yet I can never ever bear in mind which. So I would certainly such as to get a clear-cut solution for which programs are the advised ones for at the very least the adhering to jobs:

  • Create a new customer
  • Add a customer to a team
  • Remove a customer from a team
  • Adjustment a customer's key team
  • Adjustment a customer's login shell or residence directory site
  • Delete a customer

I'm seeking typical devices which I can anticipate to be readily available on virtually any kind of Linux system (of any kind of circulation).

2019-05-04 08:17:58
Source Share
Answers: 9

The closest point to a typical you'll get is vi /etc/passwd, vi /etc/shadow, and also vi /etc/groups. (Heretics might replace emacs.) Every little thing ever since that I've located will just work with some systems.

Seriously, figure out what tools your OS has, and also utilize them. Simply do not anticipate them to function the very same on all systems. It would certainly behave if they were standard, yet they aren't.

2019-05-08 15:22:07

Sadly, none of those procedures were ever before standard.

Some running systems supply this capability as component of the OS, like Linux, yet also if your Linux system includes them, with time and also throughout Linux circulations the devices and also their names transformed so you can not actually rely on a typical set of devices to do those jobs.

You require to have a per-operating system set of devices.

2019-05-08 02:31:57

On Debian (and also acquired) systems, adduser and also deluser are higher-level wrappers around useradd and also relevant capability. The cover customer production, team subscription enhancement and also reduction, and also customer removal. The equivalent commands from making/deleting groups are, smartly sufficient, addgroup and also delgroup. usermod shows up to cover the continuing to be usage instance you call.

2019-05-08 02:24:48

In several scenarios, recognizing just how to modify "/ etc/passwd" is still valuable.

2019-05-08 02:19:22

Just for efficiency, in the low-level end of the range I would certainly state vipw (8) and also vigr (8 ), simply over "vi/ etc/passwd" and also "pet cat >/ etc/passwd" yet right listed below "useradd". Oh, and also they exist in the majority of Unix versions.

2019-05-08 01:27:53

If your inquiry was restricted to

any kind of Linux system (of any kind of circulation)

yet every one of the systems have network accessibility to a solitary web server. You can make use of something like NIS or YP. So this solution is restricted to admins within a solitary company.

You still have the concern where virtually every circulation has a little various means to set up YP, yet arrangement just takes place as soon as. Additionally, this sort of network is not unimportant.

Within a solitary site/network you will certainly obtain a whole lot doing this. In mix with automount, my fave is having the ability to SSH to any kind of *nix equipment and also have all my residence documents and also devices readily available to me.

To the factor, the circulation you pick for the master is the system you make use of for taking care of users. You after that will certainly have a solitary set of tools/documentation to take care of users and also teams.

It is also feasible to make use of something like LDAP and also samba devices on the master. Making use of samba additionally permits me to have my residence documents readily available to me on windows equipments.

2019-05-08 01:00:12

If you are making use of a backend apart from the default neighborhood equipment backend - OpenLDAP being one of the most usual - after that cpu (adjustment password energy ) could be the command you are seeking. It can be worked on equipments apart from the LDAP master if set up appropriately, and also it's syntax is primarily all the same as useradd etc with a prefix of cpu. So to add myself I can do

$ sudo cpu useradd hamish

See the cpu man page for even more information.

2019-05-08 00:43:47

All of these devices are inevitably constructed to modify message documents for you. If you need to know just how to take care of users and also teams over systems, you need to get accustomed to these underlying message documents. Fortunate for you, there's simply 2 of them, /etc/passwd and also /etc/group. There are additionally corresponding /etc/shadow and also /etc/gshadow apply for tailing passwd and also team specifically.

2019-05-08 00:32:09

You state Linux in the tail end of your inquiry, yet given that the title is common I'll address for FreeBSD.

FreeBSD has comparable commands as Linux yet they are commands passed to the pw energy :

pw useradd [user|uid] ...
pw usermod [user|uid] ...

and more. Nonetheless, one can parse the command right into 2 components : user and also mod; a noun and also a verb. In addition, one can additionally make use of group and also del :

pw groupdel [group|gid] ...

to, as an example, delete a team. So below's what I assume is actually cool down : the order does not matter, neither does the spacing! What this suggests, is that you can remember what to call by thinking of what you intend to do (in English anyhow ) :

pw del user [user|uid] ...
pw mod group [group|gid] ...
pw show user [user|uid] ...
pw next user [user|uid] ...

and also extra! The pw energy additionally allows you lock and also unlock accounts :

pw lock [user|uid] ...
pw unlock [user|uid] ...

Alternatives and also any kind of parameters that you pass are all standard (although do not constantly relate to call commands ) so memorization is decreased. In conclusion a wonderful means to do points.

Keep in mind : the ellipses in the above instances stand for alternatives and also parameters passed to pw not added users or teams.

2019-05-07 23:09:56