Linux User Management Snippets

Linux User Management Snippets #

Related: Set up SFTP users

Understanding /etc/passwd format #

This file contains one entry per line for each user.
An entry looks like the following:

username:x:0:1:comment:/home/directory:/login/shell

All values are separated by a colon. I recommend using getenv and cut in combination to output one of the seven parts.

1. $ getent passwd username | cut -d: -f1
   > username
   The name of the user (1-32 characters)
2. $ getent passwd username | cut -d: -f2
   > x
   Password, x indicates that there is an encrypted password which is stored in /etc/shadow
3. $ getent passwd username | cut -d: -f3
   > 0
   User ID, unique. 0 => root, 1-99 => predefined accounts, 100-999 => admin/system accounts
4. $ getent passwd username | cut -d: -f4
   > 1
   Primary Group ID, stored in /etc/groups
5. $ getent passwd username | cut -d: -f5
   > comment
   Comment, additional information
6. $ getent passwd username | cut -d: -f6
   > /home/directory
   path to home directory
7. $ getent passwd username | cut -d: -f7
   > /login/shell
   login shell, typically /bin/bash

List all users #

To get a list of all users you could use the cat command in combination with the cut command already used above:

$ cat /etc/passwd | cut -d: -f1
root
daemon
bin
sys
sync
..

Edit an user #

If you want to edit an user you've to use the keyword usermod. To get a full list of what's possible, have a look at the usermod man page.

Example

Changing the default login shell / deny SSH shell access:

usermod -s /bin/false username

Allow SFTP Users to connect to the database #

Edit /etc/ssh/sshd_config. Find the matching group entry. Set AllowTcpForwarding to yes. Now the user should be able to login to your database.