Linux User Management Snippets

Linux User Management Snippets #

Related: Set up SFTP users

Understanding /etc/passwd format #

This file contains one entry per line for each user.
An entry looks like the following:

username:x:0:1:comment:/home/directory:/login/shell

All values are separated by a colon. I recommend using getenv and cut in combination to output one of the seven parts.

  1. $ getent passwd username | cut -d: -f1
    > username
    The name of the user (1-32 characters)
  2. $ getent passwd username | cut -d: -f2
    > x
    Password, x indicates that there is an encrypted password which is stored in /etc/shadow
  3. $ getent passwd username | cut -d: -f3
    > 0
    User ID, unique. 0 => root, 1-99 => predefined accounts, 100-999 => admin/system accounts
  4. $ getent passwd username | cut -d: -f4
    > 1
    Primary Group ID, stored in /etc/groups
  5. $ getent passwd username | cut -d: -f5
    > comment
    Comment, additional information
  6. $ getent passwd username | cut -d: -f6
    > /home/directory
    path to home directory
  7. $ getent passwd username | cut -d: -f7
    > /login/shell
    login shell, typically /bin/bash

List all users #

To get a list of all users you could use the cat command in combination with the cut command already used above:

$ cat /etc/passwd | cut -d: -f1
root
daemon
bin
sys
sync
..

Edit an user #

If you want to edit an user you've to use the keyword usermod. To get a full list of what's possible, have a look at the usermod man page.

Example

Changing the default login shell / deny SSH shell access:

usermod -s /bin/false username

Allow SFTP Users to connect to the database #

Edit /etc/ssh/sshd_config. Find the matching group entry. Set AllowTcpForwarding to yes. Now the user should be able to login to your database.