Navigation
Nouveautés
UID : User Identifier (Il s'agit d'un nombre qui identifie l'utilisateur dans le système multiutilisateur)
GID : Group Identifier (L'identificateur de groupe associant un chiffre à un groupe d'utilisateurs sur une machine multiutilisateur)
Les utilisateurs dit “système” possèdent un UID entre 0 et 500.
Les utilisateurs proprement dit ont (par convention) un UID compris entre 500 et 60000.
Le super-utilisateur root a pour UID : 0 et GID : 0
Il contient toutes les informations relatives aux utilisateurs. Seul le superutilisateur (root) doit pouvoir le modifier. Il faut donc modifier les droits de ce fichier de façon à ce qu'il soit en lecture seule pour les autres utilisateurs.
Il contient les mots de passe cryptés. Ce fichier doit appartenir à root en 0600 seulement.
Il contient la liste des utilisateurs appartenant aux différents groupes.
Ce fichier très important qui permet une élévation de droits pour éxecution de commandes. Il peut permettre la délégation sur certains binaires ou commande.
adduser
adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID] [--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID] [--disabled-password] [--disabled-login] [--encrypt-home] USER Add a normal user adduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID] [--gecos GECOS] [--group | --ingroup GROUP | --gid ID] [--disabled-password] [--disabled-login] USER Add a system user adduser --group [--gid ID] GROUP addgroup [--gid ID] GROUP Add a user group addgroup --system [--gid ID] GROUP Add a system group adduser USER GROUP Add an existing user to an existing group general options: --quiet | -q don't give process information to stdout --force-badname allow usernames which do not match the NAME_REGEX[_SYSTEM] configuration variable --help | -h usage message --version | -v version number and copyright --conf | -c FILE use FILE as configuration file
useradd
usermod
Usage: usermod [options] LOGIN Options: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account
deluser
deluser USER remove a normal user from the system example: deluser mike --remove-home remove the users home directory and mail spool --remove-all-files remove all files owned by user --backup backup files before removing. --backup-to <DIR> target directory for the backups. Default is the current directory. --system only remove if system user delgroup GROUP deluser --group GROUP remove a group from the system example: deluser --group students --system only remove if system group --only-if-empty only remove if no members left deluser USER GROUP remove the user from a group example: deluser mike students general options: --quiet | -q don't give process information to stdout --help | -h usage message --version | -v version number and copyright --conf | -c FILE use FILE as configuration file
passwd
chsh user
chfn user
deluser <utilisateur> <groupe>
addgroup
addgroup --system [--gid ID] GROUP Add a system group adduser USER GROUP Add an existing user to an existing group general options: --quiet | -q don't give process information to stdout --force-badname allow usernames which do not match the NAME_REGEX configuration variable --help | -h usage message --version | -v version number and copyright --conf | -c FILE use FILE as configuration file
groupmod
groupdel
gpasswd
La commande SU permet d'ouvrir un shell enfant sous un autre login.
su - <user>
su <user>
visudo
%support ALL=/bin/chmod, /bin/chown, /bin/chgrp, /bin/df, /usr/bin/du
sudo chown root ~/TEST
useradd --shell /bin/false --skel /etc/wwwskel --gid webusers --home-dir /data/www/<user> -m <user>
usermod -G 1er-groupe,2ond-groupe nom_user
usermod -e 2010-01-01 <user>En fixant une date antérieure en date d'expiration, le user ne peut plus se loguer.
usermod -L <user>qui locke le compte mais uniquement en local. L'authentification en SSH reste active !
usermod -L user chage -d 0 user usermod -U user
vi /etc/sudoers
# Host alias specification Host_Alias HOST=127.0.0.1/255.255.255.255 # User alias specification User_Alias NRPE=nagios # Cmnd alias specification Cmnd_Alias XEN=/usr/sbin/xm list NRPE HOST=(root) NOPASSWD:XEN