Author: Ruwantha Nissanka

In Linux, Users can be listed in groups. Groups allow you to set permissions on the group level instead of having to set permissions for every individual user. In this guide, we will see how to get the advantage of using groups in our Linux system. Groupadd Groups can be created with the groupadd command. The example below shows the creation of five (empty) groups group file Users can be a member of several groups. Group membership is defined by the /etc/group file The first field is the group’s name. The second field is the group’s (encrypted) password (can be empty). The third field is the group identification or GID. The fourth field is the list of members, these groups have no members. groups A user can type the groups command to see a list of groups where the user belongs to. usermod Group membership can be modified with the useradd or usermod command. Be careful when using usermod to add users to groups. By default, the usermod command will remove the user from every group of which he is a member if the group is not listed in the command! Using the -a (append) switch prevents this behaviour. Groupmod You can change the group name with the groupmod command. Groupdel You can permanently remove a group with the groupdel command. gpasswd You can delegate control of group membership...

In our previous guide, we have discussed on how to secure our passwords in Linux. In this tutorial, we will see how to manage passwords in our Linux system. /etc/login.defs The /etc/login.defs file contains some default settings for user passwords like password aging and length settings. (You will also find the numerical limits of user ids and group ids and whether or not a home directory should be created by default). Debian also has this file. Chage The chage command can be used to set an expiration date for a user account (-E), set a minimum (-m) and maximum (-M) password age, a password expiration date, and set the number of warning days before the password expiration date. Much of this functionality is also available from the passwd command. The -l option of chage will list these settings for a user. disabling a password Passwords in /etc/shadow cannot begin with an exclamation mark. When the second field in /etc/passwd starts with an exclamation mark, then the password can not be used. Using this feature is often called locking, disabling, or suspending a user account. Besides vi (or vipw) you can also accomplish this with usermod. The first command in the next screenshot will show the hashed password of paul in /etc/ shadow. The next command disables the password of paul, making it impossible for paul to authenticate using this...