Options userdel, usermod, groupadd, groupdel and groupmod - Administration

Why can SetUID programs be a bad thing? What happens if you forget to add the home directory for a user? Get answers to these and other questions in this, part 2 of Managing Users from the book Linux Administration, A Beginner's Guide, third edition by Steven Graham and Steve Shah (McGraw-Hill/Osborne, 0072225629, 2002). See this link for Part 1.

TABLE OF CONTENTS:

By: McGraw-Hill/Osborne

Poor Best

Rating:

/ 15

June 29, 2004

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

userdel

userdel does the exact opposite of useradd—it removes existing users. This straightforward command has only one optional parameter and one required parameter:

userdel [-r] username

By running the command with only the user’s login specified on the command line, for example, userdel sshah, all of the entries in the /etc/passwd and /etc/shadow files, and references in the /etc/group file, are automatically removed. By using the optional parameter (for example, userdel -r sshah) all of the files owned by the user in their home directory are removed as well.

usermod

usermod allows you to modify an existing user in the system. It works in much the same way as useradd. The exact command-line usage is as follows:

usermod [-c comment] [-d homedir] [-m] [-e expire date]
[-f inactive time] [-g initial group]
[-G group[,...]] [-l login] [-s shell]
[-u uid] login

Every option you specify when using this command results in that particular parameter being changed about the user. All but one of the parameters listed here are identical to the parameters documented for the useradd program. That one option is -l.

The -l option allows you to change the user’s login name. This and the -u option are the only options that require special care. Before changing the user’s login or UID, you must make sure the user is not logged in to the system or running any processes. Changing this information if the user is logged in or running processes will cause unpredictable results.

Here’s an example of using usermod to change user hdc so that their comment field reads H.D. Core instead of H.D.C:

[root@ford /root]# usermod -c "H.D. Core" hdc

groupadd

The group commands are similar to the user commands; however, instead of working on individual users, they work on groups listed in the /etc/group file. Note that changing group information does not cause user information to be automatically changed. For example, if you remove a group whose GID is 100 and a user’s default group is specified as 100, the user’s default group would not be updated to reflect the fact that the group no longer exists.

The groupadd command adds groups to the /etc/group file. The command-line options for this program are as follows:

groupadd [-g gid] [-r] [-f] group

Table 5-2 shows command options and their descriptions.

Option	Description
-g gid	Specifies the GID for the new group as gid. By default, this value is automatically chosen by finding the first available value.
-r	By default, Red Hat searches for the first GID that is higher than 499. The -r options tell groupadd that the group being added is a system group and should have the first available GID under 499.
-f	When adding a new group, Red Hat Linux will exit without an error if the specified group to add already exists. By using this option, the program will not change the group setting before exiting. This is useful in scripting cases where you want the script to continue if the group already exists.
group	This option is required. It specifies the name of the group you want to add to be group.

Table 5-2 groupadd Commands and Options

Suppose, for example, that you want to add a new group called research with the GID 800. To do so, you would type the following command:

[root@ford /root]# groupadd -g 800 research

groupdel

Even more straightforward than userdel, the groupdel command removes existing groups specified in the /etc/group file. The only usage information needed for this command is:

groupdel group

where group is the name of the group to remove. For example, if you wanted to remove the research group, you would issue this command:

[root@ford /root]# groupdel research

groupmod

The groupmod command allows you to modify the parameters of an existing group. The options for this command are:

groupmod -g gid -n group-name group

where the -g option allows you to change the GID of the group, and the -n option allows you to specify a new name of a group. Additionally, of course, you need to specify the name of the existing group as the last parameter.

For example, if the superman research group wanted to change its name to batman, you would issue the following command:

[root@ford /root]# groupmod -n batman superman

This chapter is from Linux Administration, A Beginner's Guide, third edition, by Graham and Shah. (McGraw-Hill/Osborne, 2002, ISBN: 0072225629). Check it out at your favorite bookstore today.