Managing Local Linux Users & Groups | Mostafa Mahmoud | Skillshare

Playback Speed

  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Lessons in This Class

7 Lessons (1h 11m)
    • 1. 00 Class Five Overview

    • 2. 01 Linux Users and Groups

    • 3. 02 Gaining Superuser Access

    • 4. 03 Managing Local User Accounts

    • 5. 04 Managing Local Group Accounts

    • 6. 05 Managing User Passwords

    • 7. Exercise 6

  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.





About This Class

RHEL 8 / CentOS 8 Linux Administration - RHCSA 8 - Class Five

Managing Local Linux Users & Groups

Hi, I'm Mustafa Mahmoud. A Senior Linux Administrator and Online Instructor. I have been working as Linux System Administrator for more than ten years, currently devoted to teaching. I like to share my knowledge with others and help them advance in their careers.

Students testimonials - See what others say!

  • Siddharth Kumar: I really loved the course content and the way all details have been explained by the trainer, it will certainly help me or anyone else to improve their Linux administration skills.
  • Eric Voigt: Excellent overview of the basic skills, well organized and taught.
  • Suman Mandal: This course was useful to me. I have learned many things that were not clear to me. Thank you.

What you should know before starting

In this class you will learn:

Users and Groups:

  • What a multi-user system is.
  • Using the id command.
  • Using the ps command.
  • The /etc/passwd file.
  • What a group is.
  • The /etc/group file.
  • The primary groups.
  • The supplementary groups.

Gaining Superuser Access:

  • What a root user is.
  • Switching users with the su command.
  • Running commands as root with the sudo command.
  • The /etc/sudoers file.
  • The group wheel.
  • The PolicyKit.

Managing Local User Accounts:

  • Managing local users.
  • The useradd command.
  • The /etc/login.defs file.
  • The usermod command.
  • The userdel command.
  • The id command.
  • The passwd command.
  • The UID ranges.

Managing Local Group Accounts:

  • Managing supplementary groups.
  • The groupadd command.
  • The groupmod command.
  • The groupdel command.
  • The usermod command.

Managing User Passwords:

  • Shadow passwords and password policy.
  • The /etc/shadow file.
  • The authselect command.
  • Password aging.
  • The chage command.
  • Using the date command to calculate a date in the future.
  • Restricting access.
  • The nologin shell.

What's next?

RHEL 8 / CentOS 8 Linux System Administration - RHCSA 8 - Class Six

Meet Your Teacher

Teacher Profile Image

Mostafa Mahmoud

Data Scientist/ML Engineer/Linux Expert


Hello, I'm Mostafa. A data scientist, ml engineer, and Linux expert. I worked for ten years as a Linux systems administrator at Express, then I had the opportunity to turn to data science. Because of my passion for this field and my keen attention to detail, I got my Udacity certifications to work as a data scientist and machine learning engineer. The most recent projects I worked on were Finding Donors for CharityML, a full exploratory and explanatory analytics work project for Ford Go Bike company trips data, and creating a logistic regression to predict absenteeism. I'm working on improving my skills and looking for job opportunities that will help me in this direction.

Skills: Python, SQL, Linux
Applications: Jupyter Notebook, Google Colab, Weka, P... See full profile

Class Ratings

Expectations Met?
  • 0%
  • Yes
  • 0%
  • Somewhat
  • 0%
  • Not really
  • 0%
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.


1. 00 Class Five Overview: Classify, overview, managing local Linux users and groups. In this class, you will learn what a multiuser system is using the id command, using the BS comment, the sludge, ETC. Slash password file. What a group is. The sludge ETC. Slash group file. The primary groups, the supplementary groups. What a root user is, switching users with the SU command, running commands as root. With this you do commend the sludge, ETC. Slash, see you doers file. The group wheel, the policy kit. Managing local users, the user edX command, the sludge, ETC. Slash login dot d fs file. The user mood command, the user del, command, the id command, the best route command. The user id ranges. Managing supplementary groups. The group Ed command, group mode Command, the group del command, the user mode, comment, shadow buzzwords, and Bedford policy, the sludge, ETC, slash shadow file. The select command, password, ageing, the change each command. Using the date command to calculate a date in the future, restricting access. The normal again shell. 2. 01 Linux Users and Groups: Linux users and groups. After completing this lecture, you should be able to explain the role of users and groups on a Linux system and how they are understood by the computer. The next is a multi-user system. And operating system is considered multi-user if it allows multiple people to use a computer and not affect each other's stuff like files and preferences. Every process which is running programs on the system runs as a particular user, and every file is owned by a particular user. Accessing to files and directories are restricted by user. And the user associated with a running process determines that the files and directories accessible to that process. You can use the id command to show information about the current logged in user. As you can see here, it shows the UID, which is the user ID, and GID, which is the group ID and the groups for the current user. Basic information about another user can also be requested by basing in their user name of that user is the first argument to the ID command. For example, to view the user associated with a file or directory. You can use the ls dash l comment. Like here. The animals file is associated with the user and statistic group. The fields displayed here represents file permissions, number of links, the owner name, the group name, the file size, the time of last modification, and the file or the directory name. File permissions are displayed as following. First character is dish or L, or D. A dash represents a file. D indicates a directory, and L is a symbolic link or softly, followed by three sets of characters three times, indicating permissions for owner, group and the other. R means readable and W writable and executable. To view process information, you can use the BS comment. The default is to show only processes in the current shell. And we can use the option to view all processes with a terminal. To view the user associated with a process include the u option. The first column shows the username. The output of the previous commands displays users by name. But internally, the operating system takes users by a user ID, you ID number. The mapping of names to numbers is defined in databases of account information. By default, systems use the sludge, ETC. Slash password file to store information about local users. The format of the sludge, ETC. Slash password file follows seven colon separated fields. The first field is for the username, the second for the password, the third for the user ID, the fourth for the group ID, the fifth for the G equals field, six for the user home directory, and seven for the shell used. The first field username is a mapping of a user ID to an aim for the benefit of human users. The second field, password, is where historically passwords were kept in an encrypted form it today they are stored in a separate file, sludge, ETC, slash shadow. The third field, user ID is a number that identifies the user at the most fundamental level. The fourth field, Group ID, in the user's primary group ID number. The fifth field, glucose, is typically used to record the general information about the account or its user, such as the users real name and phone number. The sixth field, slash home slash username, is the location of the user's personal data and the configuration files. And the seventh field, sludge spins less fish, is a program that runs as the user logs in. For a regular user, this is normally the program that provides the user's common line Brom bit. What is a group in Linux? The next groups are a mechanism to manage a collection of computer system users. Like users, Linux groups have an M and a number, which is a group ID. Local groups are defined in slash slash Group file. Primary groups. Every user has exactly one bribery group for local users, the primary group is defined by the group ID number of the group listed in the fourth field of the sludge, ETC, slash password file. Normally the bribery group owns new files created by the user. And normally the primary group of a newly created user is a newly created group with the same name as the user, and the user is the only member of this user private group, supplementary groups. Users may be a member of 0 or more supplementary groups. Users that are sedimentary members of local groups are listed in the last field of the group's intrigue in the sludge sludge Group file. For local groups, user membership is determined by a comma separated list of users found in the last field of the group's entry in the sludge sludge group file. Supplementary group membership is used to help ensure that users have access permissions to files and other resources on the system. I hope this has been informative for you and I'd like to thank you for viewing. 3. 02 Gaining Superuser Access: Gaining superuser access. After completing this lecture, you should be able to run commands as the superuser to administer a Linux system. Most operating systems have some sort of superuser IE users that has all power over the system. This user is the root user. He has the power to override normal privileges on the file system and is used to manage and administer the system in order to perform tasks such as installing or moving software and to manage system files and directories, I user must escalate privileges to the root user. Most devices can only be controlled by root, but there are a few exceptions. For instance, removable devices, such as USB devices, are allowed to be controlled by a normal user. Thus, an Android user is allowed to add and remove files and otherwise managed a removable device, but only root is allowed to manage or fix hard drives by default. This unlimited privilege, however, comes with responsibility. The root user has unlimited power to damage the system, like remove any pies and directories, removing user accounts, adding backdoors and others. If the root account is compromised, someone else would have administrative control on the system throughout the course, administrators will be encouraged to log in as a normal user and escalate privileges to root only when needed. The root account on Linux is roughly equivalent to the local administrator account on Windows. Note that most system administrators like into an umbrella user account and use various tools to temporarily gain root privileges like Switch User, C, u du, or bossy kit. Logging in as the administrative user. The entire desktop environment unnecessarily runs with administrative privileges. In that situation, in a security vulnerability which would only compromise the user account has the potential to compromise with the entire system. In recent versions of Microsoft Windows, administrator disabled by default in features such as a user account control are used to limit administrative privileges for users until actually needed. In Linux WC kit system, if the nearest equivalent to user account control. Switching users with the Switch User command. The SU comment allows a user to switch to a different user account. Username is not specified. The root account isn't blind. When invoked as a regular user, type SU two switch to the root user, followed by enter. A Brahmin display asking for the password of the account you are switching to. When invoked as root to switch to woo user type ASU, followed by the username and breast enter. Here, there is no need to enter the account password as you are switching from the root user account. The comment is you followed by username, started and unplugging shell. Why did the command SU space? This space test starts elegant shell. The main difference between using the command is u and using the comment is you space dish. Here we use the command SU dish to switch to the root user, followed by inter. Here, as you can see, using the command is used. This dish sits up there shall environment as if this were a clean login. Is that user, while using the comment is you only just starts a shell as that user with the parent environment settings. In most cases, administrators want to run the comment is you space dish to get the user's normal settings. Note that the SU command is most frequently used to get a command line interface which is running, is another user typically route. However, with the dash c option, it can be used like the Windows utility run to run an arbitrary program is another user. For example, to show the sludge, ETC, slash pseudowords file. You can use the command running commands as root. With this, you do comment. Fundamentally, the next implements a very restricted permissions model. Group can do everything, other users can do nothing pull systems related tasks. The common solution previously discussed is to allow standard users to temporarily become root using the Switch User command. The disadvantage is that while acting as route, all the privileges and responsibilities of routes are granted. Not only can the user restart the observer, but they can also remove the entire sludge, ETC, directory. Additionally, all users requiring superuser privilege in this manner must know the root password. The sudo command allows a user to be permitted to run a command as root or as another user based on settings in the sludge, ETC. Slash pseudowords fight. Unlike other tools such as Switch User C, you do requires users to enter their own buzzword for authentication, note the password of the account they are really trying to access. This allows an administrator to hand out fine-grained permissions to users to dedicate system administration tasks without having to hand out the root password. For example, when CO2 has been configured to allow the user to run the command user mode as root MOOC could run the following command to lack a user account. Is the user move is not allowed to run this command as root and the user is not. Letting the user account disk has failed. The easiest way to get a user access without multiplying your servers you doers file is to use the user mode common to aid the user to the wheel Group, for example. And to check. And to make the group with the primary group for the user MOOC, we will need to use the dish lowercase g option. And to check, we can check using the command. Let's try it again, looking at the test user account. User account succeeded. If we try to switch user to user account. As you can see, authentication failure. Now the test user account is logged. Also, you can use the best food command to lock, unlock Bridget, the status of a user account. You can use this lowercase L to lock the user account. Dish, lowercase u to unlock the user account. And this, our keys is to check the status of a user account. Now, let's check the status of that user account. Note that only root can use this command. And to unlock the user account, type that command. As you can see, the unlocking succeeded. Now let's try to switch to the test user accounts. As you can see, the switching succeeded. One additional benefit to using pseudo Is that all commands executed using pseudo are lagged by default to sledge board. Secure file. In Red Hat Enterprise Linux seven and up full members of group we can use Tudou drawn commands as in user, including route. The user will be prompted for their own buzzword. This is a change from Red Hat Enterprise Linux six and ealier users who were members of group. We'll get this administrative access by default, Enterprise Linux six and earlier. As you can see, this line in this you do or spite allows people in group. We'll run all commands. Node that it had Enterprise Linux, sex didn't grant group, we'll in a special privileges by default, sites which have been using this group. Maybe surprised when Red Hat Enterprise Linux seven automatically grants all members of willful sudo privileges. This could lead to unauthorized users getting superuser access to Red Hat Enterprise Linux systems. Historically, membership in group wheel has been used by Unix-like systems to prevent or control superuser access. Most System Administration applications with a GUI, US policy came to Brown, but users for authentication and to manage Root Access. In Red Hat Enterprise Linux seven and up policy kit may also prompted members of goodwill for their own buzzword in order to get root privileges when using graphical tools. This is similar to the way in which they can use you do to get those privileges at the shell Brahmins policy get grants these privileges based on its point configuration settings separate from pseudo. Thanks for viewing. 4. 03 Managing Local User Accounts: Managing local user accounts. After completing this lecture, you should be able to create, modify, luck, and lead locally defined user accounts. And number of command line tools can be used to manage local user accounts. First, they user add comment. Linux is a multi-user system, which means that more than one person can interact with the system at the same time. As a system administrator, you have the responsibility to manage the system's users and groups by creating and removing users and assign them to different groups. In Linux, you can create a user account and assign the user to different groups using the user add command. For example. To use the user add comment. First, you will need to switch to the root user. Then type user ID, followed by the new username. For example, Thera. This sits reasonable defaults for all fields in sludge, ETC. Slash password file when run without options. To check. It doesn't sit in invalid password by default. And only the root user can login and password is set. To set Sarah user password. You can use the command. You can use the user eight dash, dash help option to display the basic options that can be used to overwrite the default. In most cases, the same options can be used with the user mode comment to modify an existing user. The slash slash login dot d fs phi. Some defaults such as the default password, ageing rules and the range of valid user ID numbers are read from the sludge, ETC. Slash login dot DFS file. Values in this file are only used when creating new users. A change to this file will not have an effect on any existing users. The user mode Command and Linux distributions. The command user mode is used to modify or change any attributes of n already created user account via command line. Such as change user's home directory, login name, login, shell, password, expiry date, or others. It is similar to the user aid or edX user commands, but the login granted to an existing user. Only the user root is allowed to execute user mode comment. When we execute the User Mode command in terminal, the following files are used and affected. Slash slash password file, producer account information, shadow file for secure account information. And only the root user control this file. This file contains the user's passwords, sludge, ETC. Slash Group file for group account information. Shadow file for secure group account information. Lagging, DFS file, core shadow passwords, sweet configuration. As we said before, you can use the user mode dash, dash l option to display the basic options that can be used to modify an account. Determine user mode comment options include that this e option is used with the dish uppercase G option to append the user to the supplemental groups mentioned without removing the user from other groups that they see comment option to add a value such as a filename to the field. The DSD home directory option to specify a new home directory for the user account. That this g group option specified the primary group for the user accounts. The dish uppercase G groups option specified a list of supplementary groups for the user account. The dish uppercase L lack option to lack a user account. The dish em, move home, option to move a user home directory to a new location must be used with the HD option. The dish S Shell option, to specify a new ligand shell for the user account. And the dish uppercase you unlock option to unlock a user account. For example, to sit a brief comment about the user account using the dish C option. Now to check. Let's take another example for setting the user test account expiry date using this option before setting up an expiry date on the user test. Let's first check that this account expired status using the change is command to change it to first engineering 20-25, using the user mood command. To check the user dealt comment. The user dealt command is used to delete a user account and the related files. This command basically modifies the system account files, deleting all the interests which referred to the username login. It is a low-level utility for removing the users. It removes it the user from the sludge, ETC, slash password file, but leaves the home directory intact by default, you can use the user's username command to remove the user and the user's home directory. For example. To remove the user folks and his home directory. To check node that when a user is removed with the user del comment without the dish, are options specified? The system will have the files that are owned boy, and an assigned user ID number. This can also happen when files created by a deleted user exists outside the home directory. This situation can lead to information leakage and other security issues. And it had Enterprise Linux seven and up, the user add command assigns new users the first free user ID number available in the range starting from user ID 11000 or above. Unless one is explicitly specified with the Des you user ID option. Have the information leakage can occur if the first Fi user ID number had been previously assigned to a user account which has since been removed from the system. The old user's user ID number will get assigned to the new user, giving the new user ownership of the old users or meaning files. This scenario demonstrates this situation. If we added a new user and you home directory will be created for SEM. And if we deleted the user same without adding the desk or option, the home directory of the user same will remain as it is. Notice that when we created a new user, Yara, and here user ID become the same user ID that Sam was taking you around now owns all files that Sam once owned. Depending on the situation, you can do the following to get rid of all of the user's files. First, you can delete the removed user's home directory using the RM dash R username comment. For example, to remove same home directory. Note that if you are in the home directory, you don't need to specify the full path to same. You can type them directly. Heave, you need to tie BS for every file in the directory. Same. Instead of this, you can press control C to exit that they're moving to the comment to force the deletion without asking to check. The second way, you can find an own files and directories by running the command. Then you can delete every file in the output of the previous command using the RAM comment. The id command. The id command is used to display user information, including the user's ID number and the group membership. Using the ID username command will display user information for username, including the user's ID number and the group membership. For example. The best would command. The best word Username command can be used to either set the user's initial password origins, that user's password. If used without specifying username, it will prompt for changing the current user password. The root user can set a password to any value. For example, to set a password for the user Sarah. And I said you will be displayed with a password doesn't meet the minimum recommended criteria, but it's followed by a drumbeat to retype the new buzzword and all tokens are updated successfully. A regular user must choose a password which is at least eight characters in length and is not based on a dictionary reward, the username or the oblivious buzzword. The user ID to interests specific user ID numbers and ranges of numbers are used for specific purposes. Weighted head Enterprise Linux, user ID 0 is always assigned to the super user account. Root. User id one to 200 is the range of system users are saying aesthetically to system processes weighted head for internal IT head system user accounts, files and directories can be owned by these accounts. User ID to a 101 to 999 is a range of system users used by system processes that don't own files on the file system. They ultimately assigned dynamically from the available pool with the software that needed them is installed. Brooklyn's R1 is these under-privileged system users, in order to limit their access to just the resources they need to function. User ID when 1000 and above if the range available for assignment two regular users. Note that prior to Red Hat Enterprise Linux seven, the Convention would that user id one to 499 was used for system users and user id 500 and above for regular users. Default read just used by user ID and group. It can be changed in the sludge, ETC. Slash login dot DFS phi 5. 04 Managing Local Group Accounts: Managing the local group accounts. After completing this lecture, you should be able to create, modify, and lead locally defined group accounts. Managing supplementary groups. A group must exist before a user can be added to that group. Several command line tools are used to manage local group accounts. The group add comment. The group ed group name command without options uses the next available Group ID from the range is specified in the slash slash login dot DFS pile. As you can see here, the group ID minimum number is 10000 and the group ID maximum number is 60 thousand. Note that you can use the group. This group ID command specifying a specific group ID. For example, to add a new group by phone with a Group ID 2 thousand. To check. Note that given the automatic creation of user Brexit groups, that takes group ID 1000 and above is generally recommended to set aside a range of group ID numbers to be used for supplementary groups. High range will avoid a collision with assessment group group ID from 0 to 999. Using the dash R option with the group add comment will create assistant group using a Group ID from the range of valid system group ID numbers listed in the sludge. It is eat slash login dot d fs file. For example, to add a system group Java users. To check. As you can see, the Java users group ID is 974 in the range between 0999. The group not comment. The group not command is used to change a group name to a group ID mapping. You can use that as an option to specify a new name. For example, to change the group name Java uses to Java app to check. And you can use the option to specify a new group ID. For example, to change the biofilm group group ID to 5 thousand. And to check the group didn't comment. You can use the tail command to remove a group, for example, to move the Java App group. Here I used the grep command to select Java app from the group file. If exist, is there is no result, then Java is deleted successfully. Knew that a group may not be removed. If it is the primary group of any existing user is with user, then Comment. Check all file systems to ensure that no file zoom-in owned by the group. The user mode comment. The membership of a group is controlled with user management. You cannot change a user's brain regroup with the user moves the z group name command. For example, to make the group move the bribery group for the test user. And to check. And you can add a user to a supplementary group with a user mood. This EA, uppercase G, group name, username comment. For example, to add the user test to a supplementary group. And to check. Here, the use of the option is to make user mode function in the mood. Without it, the user would be removed from all other supplementary groups. I hope this has been informative for you and I'd like to thank you for viewing. 6. 05 Managing User Passwords: Managing user buzzwords. After completing this lecture, you should be able to lack accounts manually or by sitting a buzzword easing policy in the shadow password file. Shadow buzzwords and password policy. In the distant past, encrypted passwords were restored in the audit, readable sludge, ETC, slash bus route file. This was thought to be reasonably secure until dictionary attacks on encrypted passwords became common. At that point, the encrypted passwords or password hashes will move to the more secure sludge, ETC, slash shadow file. This new file also allowed buzzword aging and explaination features to be implemented. There are three pieces of information is stored in a modern buzzword hash. The ID, the salt, and the encrypted hash. The first part is the hashing algorithm. The number six indicates a secure hash algorithm. 512 is used. Number five indicates a secure hash algorithm to a 156 is used. And number one, I beams when an MD5 hash is used. The second board is the salt used to encrypt the hash. This is originally choosing at random. The salt and the unencrypted buzzwords are combined and encrypted to create the encrypted password hash, which is the third board. The use of assault prevents two users with the same password from having identical interests in the sludge, ETC, slash shadow file. And the third birth, if the encrypted hash. When a user tries to log in, the system looks up the entry for the user in the sludge, ETC. Slash shadow file combines the salt for the user with the unencrypted password that was tied in and encrypted them using the hashing algorithm specified. If there isn't matches the encrypted hash the user typed in the right password. If the result doesn't match the encrypted hash, the user typed in the wrong password and login at ten bit fields. This method allows the system to determine if the user typed in the correct password without storing that buzzword in a form usable for logging in. With that Enterprise Linux aboard to strong password hashing algorithms, secure hash algorithm to a 156 Algorithm five and thicker hash algorithm by a 112 algorithm six, both of the salt string and the encrypted hedge or longer for these algorithms. Red Hat Enterprise Linux, it and centers, it defaults to using secure hash algorithm by a 100 and twelv encryption. You can check using the sludge, ETC. Slash, select sludge system, dish, oath file or sludge, ETC. Stage Select slash buzzword niche. Using the command. Both select, test IS both Select is a utility that simplifies the configuration of user authentication on edit head Enterprise Linux host. The popular options that you can use with this command. Dash e to print the content of all files, DHS, brent password file content. And this b. Also to bring the best word Daesh file content. It is eat less shadow file format. The format of the sludge, ETC. Slash shadow file follows nine colon separated fields. First field, mean. Second, password. Third, plus the change. The fourth, minimum edge. Fifth, maximum age. The sixth, warning. The seventh, inactive. Ate, expired. And the last blank. The first field nim, is the login name and Must be a valid account name on the system. Second buzzword is the encrypted password and password field, which starts with an exclamation mark, means that the buzzword is loved. Third, plus the change is the date of the last password change, represented as the number of days since January 19, 74th minimum edge is the minimum number of days before a buzzword may be changing, where 0 means no minimum age requirements. Fifth, max age. Is the maximum number of days before a buzzword must be changed. Sixth, warning is the owning barrier. That password is about to expire, represented in days where 0 means no warning given. Seventh, inactive is the number of days and account means active after a password has expired, I user mister luck into the system and they change the buzzword during this period. After the specified number of days, that count is lagged, becoming inactive. It expire is the account exploration did represented as the number of days since first January 19, 79th. Blank is blank field that is reserved for future use. Password eating. This diagram relates the relevant buzzword imaging parameters which can be adjusted using the change is common to implement a buzzword aging policy. Let's take some examples. Using the change is DSD 0 username command will force a buzzword update on next login. For example. Now let's try to switch user to Judy. You are required to change your buzzword immediately. Administrator enforcement. You can use the change is this username command to list a usernames current settings, for example. Another example. You can use the change is this uppercase 0s, followed by eight years. This month, Daesh days command to expire and account on a specific day, for example. And to check using the dead comment to calculate a date in the future. You can use the date command to calculate it in the future. For example. Here we use this command to 845 days to the current date. Restricting access. Because the change is command, an account exploration can be set. Once the did is leachate, the user can't log into the system interactively. You can use the User Mode command to lack an account with the dish uppercase L option. For example, to luck Tom account to check. And you can use the user mode, this upper case u userName comment to unlock the user account. For example, to unlock their user account, and to check. Another example. When a user has lifted, accompany the administrator me luck and xbar and account with a single user mode comment, that it must be given as the number of days since January first 1970. This is done using the dish option, followed by the number of days since January first 1970. To check. As you can see, when added 1D to January first 1970, January second 1970. Or instead of the number of days since January first 1970, you can add the date of expire this month, this D, for example. And to check, lacking the account prevents the user from authenticating with a password to the system. It is the recommended method of preventing access to an account by an employee who has left the company. If the employee returns, the account can literally be a lagged with the user mood, this uppercase you username comment. And if the account was also expired, be sure to also change the explanation. Did the NO ligand shell. As a system administrator, you will inevitably perform shuttle system maintenance is at some point or another a few times, your system may also encounter some problems and you will be forced to vote it down to fix the problems. Whatever the situations is. It is a good idea to prevent regular users from connecting to the system. Another situation is that sometimes I user needs an account with a password to authenticate, to assist them, but doesn't need an interactive shell on the system. For example, a mail server may require an account to store meal and password for the user to authenticate with Emil client used to retrieve meal. That user doesn't need to look directly into the system. A common solution to these situations is to set the user's login shell to the sludge is spin. No login file. If the user attempts to log into the system directly, the NO ligand shell will simply close the connection. For example, to set the user's desk lagging shell to the sludge Spin slash no login file. Now let's try switching user to the user test. As you can see, setting the user test login shell to the sludge Spin slash no login file succeeded. Mood that instead of the user mode is command, you can use the dish command. Or you can simply open the sludge less basswood file using any of your favorite command line text editors like them or nano, and change a specific user shell. For example. To switch, that is user shell to slash bin slash bash. First we will need to enter the insert mood by pressing the in-breath escaped to enter the command mode. Type column WQ to save and exit, followed by Enter. Now let's try to switch to the user test. As you can see, switching succeeded. Note that use of the normal ageing shell prevents interactive news of the system, but doesn't prevent all X's. Ie user may still be able to authenticate and upload already tried files through applications, such as with applications, file transfer programs, or mid leaders. I hope this has been informative for you and I'd like to thank you for viewing. 7. Exercise 6: Exercise six explanation. The id command to show information about another user in the system. To you all processes within a terminal and the user associated with each process using the abs command. Switch to the root user providing the root default login environment. I will do this by adding a dash after command to check the SUN list commands to show the sludge. As a regular user. Switch to the root user. Now to add a new user makes using the user add command. To add a bass for using the basswood command. To add a brief comment about the user makes in the field in the slash slash password file using the user mode command. To check for the user account to January tenth, 20-30, using the user mode command. To get the new expiry date using the change is command. To delete the account and home directory using the user del command to check next to the group as a supplementary group. Using the user mode command. To check the group for the user makes, using the user mode command to check using the sudo and get commands as a producer makes when mixed login using change to Locke's account using the user mode Command. Thanks for viewing.