Linux users - Hello, Humans !


system vs regular user accounts

Technically, there is little difference between system and regular user accounts, they are made different mostly for administrative and auditing reasons :
Same goes on with regular vs system groups, won't be repeating "accounts or groups" hereafter .
As for the differences :

Creation of system accounts

Can be achieved :

Read current ranges :


awk '
/\yUID_MIN\y/		{ uidMin=$2 }
/\yUID_MAX\y/		{ uidMax=$2 }
/\ySYS_UID_MIN\y/	{ sysUidMin=$2 }
/\ySYS_UID_MAX\y/	{ sysUidMax=$2 }
END { print "Range of UIDs :\n\tsystem accounts : \t"sysUidMin"-"sysUidMax"\n\tregular accounts :\t"uidMin"-"uidMax }
' /etc/login.defs
Range of UIDs :
	system accounts :	100-999
	regular accounts :	1000-60000


awk '
/\yGID_MIN\y/		{ gidMin=$2 }
/\yGID_MAX\y/		{ gidMax=$2 }
/\ySYS_GID_MIN\y/	{ sysGidMin=$2 }
/\ySYS_GID_MAX\y/	{ sysGidMax=$2 }
END { print "Range of GIDs :\n\tsystem groups : \t"sysGidMin"-"sysGidMax"\n\tregular groups :\t"gidMin"-"gidMax }
' /etc/login.defs
Range of GIDs :
	system groups :		100-999
	regular groups :	1000-60000

How to manage users and groups

On a Linux system, users belong to 2 group types :

Action Linux FreeBSD
add a user account adduser + follow on-screen instructions
delete a user account userdel -r kevin
-r : delete the user's home directory too.
rmuser kevin
lock a user account usermod -L kevin Details about LOCKED accounts
unlock a user account
usermod -U kevin
This removes the ! in front of the encrypted password in /etc/shadow
get date of latest user login lastlog | grep kevin
create a new group groupadd newGroupName pw group add groupName
delete a group pw group del groupName
list all groups less /etc/group (also shows group members) pw group show -a
add a user into an existing group
  • Primary group : pw usermod kevin -g groupName
  • Group list : pw usermod kevin -G current,groups,groupName
remove a user from a group
  • gpasswd -d kevin groupName
  • deluser kevin groupName
  • edit /etc/group
list the members of a group grep 'groupName' /etc/group
  • grep 'groupName' /etc/group
  • pw group show groupName
list the last n logins of a user last -n stuart | less
List the groups a user belongs to
to know which unix users are currently connected who
to read details about a user account on a local/distant host
  • finger
  • finger kevin@host
  • finger @host

About the FreeBSD LOCKED accounts (source) :

  • Check whether an account is LOCKED :
    • vipw (to edit the password file with vi)
    • or : less /etc/master.password

    This will display the users list, the encrypted passwords and *LOCKED* before it when applicable.

  • How to lock a user account :

    pw lock kevin

  • Now, this user can not log in anymore into telnet, ftp, ssh and rlogin. But he still has access to Samba.

How to limit users' resource usage ?

With /etc/security/limits.conf and PAM (details) :

  1. Make sure PAM limits are enabled (source) : in /etc/pam.d/login, you should have
    session	required
  2. To limit the maximum number of processes for a given user, add into /etc/security/limits.conf a line such as (source, configuration details) :
    stuart hard nproc maximumNumberOfProcesses
  3. At this step, settings will be applied after stuart's next login. To reload settings now : sudo -i -u stuart (source)
  4. Then, as stuart, check that limits settings have been reloaded : ulimit -a
  5. A potentially unsafe QnD solution would be to restart the init process : kill -HUP 1 (source)

With ulimit

Just read the linked article

With /etc/limits and shadow :

This is a now obsolete method, deprecated by the PAM method described above.