Essential Guide to Managing Users and Groups in RHEL for RHCSA Certification

Published On: 14 January 2025

Objective

Management of users and groups is an important aspect of the duties of a system administrator. This task forms the core activity associated with preparing for the RHCSA exam, that is, the Red Hat Certified System Administrator exam-activities related to Creating, Updating, and Managing users and groups on Red Hat Enterprise Linux( RHEL) must be mastered. The following guide provides thorough coverage aimed at developing suitable competence regarding the RHCSA exam.

1. Creating and Managing Users

  • Creating a User

    • To create a user, use the useradd command followed by the username. For example, to create a user named nick, execute:

 

useradd nick

 

create-user

  • This command is used to make a blank user of default values. You can modify the user by providing more options like giving a home directory, shell or a userID. For example:

 

sudo useradd -d /home/nick -s /bin/bash -u 1001 nick

 

  • Setting a Password

    • After creating a user, set a password using the passwd command:

 

sudo passwd nick

 

setting-password

  • Verifying User Creation

    • To verify the user creation, check the /etc/passwd file, which lists all users:

 

cat /etc/passwd 

 

verify-user

  • Alternatively, you can use the id command to view the user’s ID and group ID:

 

id nick

 

id-command

  • Viewing Password Status

    • The /etc/shadow file stores password information. 

    • When a user is created, no password is set initially. You can view the password status by running:

 

cat /etc/shadow | grep nick

 

password-status

  • Modifying a User

    • You can modify an existing user using the usermod command.

    • For example, to change the user’s shell:

 

sudo usermod -s /bin/zsh nick

 

  • Deleting a User

    • To delete a user and remove their home directory, use the userdel command with the -r option:

 

sudo userdel -r nick

 

delete-user

  • Verify the deletion by checking the /etc/passwd file again:

 

cat /etc/passwd

 

2. Creating and Managing Groups

  • Creating a Group

    • To create a group, use the groupadd command. 

    • For example, to create a group named developers:

 

groupadd developers

 

create-group

  • Verifying Group Creation

    • You can verify the group creation by checking the /etc/group file, where all groups are listed:

 

cat /etc/group

 

verifygroupverifygroup

  • Adding a User to a Group

    • To add a user to a group, use the usermod command with the -aG options:

 

sudo usermod -aG developers nick

 

add-user-group

  • Verify the user’s group membership by checking the /etc/group file again:

 

cat /etc/group

 

verify-user-group

  • Alternatively, you can check the user’s group membership with the id command:

 

id nick

 

  • Changing a User’s Primary Group

    • To change a user’s primary group, use the usermod command with the -g option:

 

sudo usermod -g testers nick

 

change-user

  • You can verify the primary group change by using the id command again:

 

id nick

 

verify-user

  • Removing a User from a Group

    • To remove a user from a group, use the gpasswd command with the -d option:

 

gpasswd -d nick developers

 

remove-user-from-group

  • Verify the removal by checking the /etc/group file again:

 

cat /etc/group

 

  • Deleting a Group

    • To delete a group, use the groupdel command:

 

groupdel developers

 

group-delete

  • Verify the deletion by checking the /etc/group file:

 

cat /etc/group

 

3. Managing User and Group Information

  • Viewing User Information

    • To view detailed information about a user, use the id command:

 

id nick

 

    • This will display the user's UID, GID, and group memberships.

  • Viewing Group Information

    • To view information about a group, use the getent command:

 

getent group developers

 

4. Understanding User and Group Configuration Files

  • /etc/passwd

    • This file contains user account information. Each line represents a user account, with fields separated by colons (:):

 

student:x:1001:1001:Student:/home/student:/bin/bash

 

Field

Value

Username

student

Password

x (password stored in /etc/shadow)

UID

1001

GID

1001

Comment

Student

Home Directory

/home/student

Shell

/bin/bash

  • /etc/shadow

    • This file contains secure user account information, including encrypted passwords:

 

john:$6$hash:18295:0:99999:7:::

 

Field

Value

Description

Username

student

The username associated with the account.

Password

$6$hash

The hashed password for the user. The $6$ indicates SHA-512 hashing.

Last Password Change

18295

The number of days since January 1, 1970, when the password was last changed.

Minimum Age

0

The minimum number of days required between password changes.

Maximum Age

99999

The maximum number of days a password is valid before it must be changed.

Warning Period

7

The number of days before password expiration during which the user is warned.

Inactive Period

  

The number of days after password expiration during which the account remains active before being disabled. (Empty in this case)

Expiration Date

  

The date on which the user account will expire. (Empty in this case)

Reserved

  

Reserved field, usually empty.

 

  • /etc/group

    • This file contains group information. Each line represents a group, with fields separated by colons (:):

 

developers:x:1002:student

 

Field

Value

Group Name

developers

Password

x (password stored in /etc/gshadow)

GID

1002

Group Members

student

  • /etc/gshadow

    • This file contains secure group information, including encrypted group passwords:

 

developers:!::john

 

 

Field

Value

Description

Group Name

developers

The name of the group.

Password

!

The group's password. A ! indicates that the group does not have a password.

Group Administrators

  

The group administrators. This field is empty if no administrators are specified.

Group Members

student

The members of the group. In this case, john is a member of the developers group.

5. Password Management and Aging

You can manage password aging using the chage command. For example, to set the minimum password age to 10 days, the maximum password age to 30 days, and a password warning period of 5 days for the user nick:

 

chage -m 10 -M 30 -W 5 -I 10 nick

 

manage-password

To verify the password aging configuration, use:

 

chage -l nick

 

verify-password-configuration

6. Best Practices for User and Group Management

  • Descriptive Names: Use descriptive usernames and group names to simplify administration. For example, use jdoe for John Doe or devs for developers.

  • Permissions Management: Use the chown and chmod commands to set the correct file and directory permissions, thereby enforcing security on the system.

  • Regular Audits: Conduct regular audits of user accounts and groups to ensure access is limited to authorized users. Use commands like getent passwd and getent group for reviews.

7. Hands-On Practice

To practice user and group management in a controlled environment, consider using interactive labs such as those offered by RHCSAGuru. These labs provide real-world scenarios for hands-on experience in managing users and groups, as well as other essential RHCSA exam topics. To practise the above commands, visit Lab “Manage Local Users and Groups”. 

Conclusion

Management of users and groups is the foundation of any preparation for the RHCSA exam. A focus on important commands such as useradd, usermod, groupadd, and chage will prepare you to take on the task of administering users in RHEL. Continuously practice these tasks to enhance your competence and confidence as a system administrator.

FAQ: Managing Users and Groups for RHCSA Certification

Q1: What exactly are the areas that comprise/engage/cover the major parts in an RHCSA exam?

The RHCSA exam assesses competency in areas such as user and group management, system security configuration, storage handling, and basic networking. These are the core subjects that need to be mastered in order to pass the exam and perform well as a systems administrator.

Q2: Identify the commonest practices in managing users and groups in RHEL that one needs to focus on for RHCSA exams.

A2: Best practices tell you to use descriptive usernames and group names, to perform user and group configuration audits on a regular basis, and to set the correct file and directory permissions.These practices not only help you pass the RHCSA exam but also ensure secure and efficient system management.

Q3: Can you provide an example of an RHCSA exam question related to user and group management?

A3: An example question could be: "How would you add an existing user to a group in Red Hat Enterprise Linux?" The answer would be to use the usermod command with the -aG option, like this:

 

sudo usermod -aG groupname username