RHCSA Study Guide – Objective 5 : Users

Everything below are my raw notes that I took while attending an unofficial RHCSA training session.  I am posting them here in hopes they will assist others who may be preparing to take this exam.  

My notes are my own interpretation of the lectures, and are certainly not a replacement to classroom training either through your company, or by taking the official RHCSA classes offered through Red Hat.  If you are new to the Red Hat world, I strongly suggest looking into their training courses over at Red Hat.

Users and Groups

EXAM NOTE: On the test, I will likely have to link this machine to a ldap or nis server.

Users and Groups define access to the OS through the file permission scheme. Root is the super user (uid 0). All users are associated with at least one group. Secondary group memberships can exist too.

User info is stored in:


/etc/passwd has 7 fields

1.  username
2.  Where the pw used to be set, (but exists in /etc/shadow, so its just a place holder)
3.  Numberical identify for the account (UID)
4.  Numerical idenitfer for the primary group (GID)
5.  Comments field (aka gecos field). 
6.  Home directory where your homedir exists
7.  Your shell or program that executes when you log in.

/etc/shadow has 2 important fields

- login:encrypted_password: (The rest are password aging fields).
- aging fields track dates for passwd resets locks, etc


- group name, pw, gid,membergroups.  
- Group passwords allow temp management to a group are rarely used and not setup by default.

Management tools:

1. useradd – add user. Most common option is -g to specify primary group, and -G to add secondary groups. Example:

[[email protected] ~]# useradd -g clowns -G trouble,simpson bart

2. usermod – Modify a users settings. It takes pretty much all the options as useradd. Though, when modifying group behaviors, when you try to add him to a secondary group, just run:

[[email protected] ~]# usermod -a -G detension bart

3. userdel – Remove user from system. If you give it a -r, it’ll also remove his homedir and spool directories. Example:

userdel -r moe

4. groupadd – Add new group
5. groupmod – Mainly used to rename a group ex. groupmod -n mktg mkg
6. groupdel – Remove a group. Ex. groupdel microsoft
7. passwd – change pw
a. root can change all
b. can diasble accounts ex. passwd -l mary
c. Setup passwd aging
d. Time passwd resets
e. Account disabling (or use chage)

Passord aging

You can set max / min lifetimes for a user’s password.

[[email protected] ~]# passwd -x days user

When a users pw has expired, you can set the nuber of days it can remain expired before disabling the account completely:

[[email protected] ~]# passwd -i days user

User environment files

Used files or defaults when creating accounts

1.  /etc/skel : default template for newly added users homedir
2.  /etc/profile : sets env variabled used by all users
3.  /etc/profile.d : contains scripts specific to certain rpms
4.  /etc/bashrc : contains global aliases and system settings
5.  ~/.bashrc : contains users aliases and functions
6.  ~/.bash_profile : contains user env settings, and can be set to automatically start programs at login.


EXAM NOTE: ALL this stuff is on the test.

1.  Create a new group 'dev'.  Create a new user 'alice' as a member of the 'dev' group, with a description of 'Alice from Dev' and a default shell of '/bin/csh'.  Use the password command to set a password for alice, then log in as alice and verify her access.

[[email protected] ~]# groupadd dev
[[email protected] ~]# useradd -G dev -c "Alice from Dev" -s /bin/csh alice
[[email protected] ~]# passwd alice

2.  Set a maximun pw lifetime of 4 weeks for the alice account.  Look at the password, shadow, and group files

[[email protected] ~]# passwd -x 30 alice

3.  Configure the users simon, linus, richard.  Set all their passwords to 'linux'
[[email protected] ~]# groupadd ru
[[email protected] ~]# useradd -G ru simon
[[email protected] ~]# useradd -G ru linus
[[email protected] ~]# useradd -G ru richard
[[email protected] ~]# passwd simon
[[email protected] ~]# passwd linux
[[email protected] ~]# passwd richard

4.  Make these users part of the ru group
See #3

5.  Configure the directory /home/linux so that each user from the ru group can read, create, and modify files:
[[email protected] ~]# mkdir /home/linux
[[email protected] ~]# chown -R root:ru /home/linux
[[email protected] ~]# chmod 775 /home/linux
[[email protected] ~]# chmod g+s /home/linux # This means that any files created in here will be writable by group ru regardless of ownership.

6.  Configure the directory /home/linux/work so that each user can create and read files, but only the files's owner can delete.
[[email protected] ~]# mkdir /home/linux/work
[[email protected] ~]# chown root:ru /home/linux/work
[[email protected] ~]# chmod 775 /home/linux/work
[[email protected] ~]# chmod -t /home/linux/work

7.  Use ACL's to allow alice, not in 'ru', access to the work folder.
[[email protected] ~]# setfacl -R -m u:alice:rwx /home/linux/work
[[email protected] ~]# setfacl -m default:u:alice:rwx /home/linux/work # As new objects are created in here, they will inherit the acl's.


NIS and LDAP Servers can be configured to centrally manage system and account info.

NIS – This is suppose to be a very basic management system.

[[email protected] ~]# yum install rpcbind ypbind
[[email protected] ~]# system-config-authentication  # <-- GUI tool for setting this up.  Does everything for you.
[[email protected] ~]# setup -> authentication configuration

It’ll modify:


LDAP – Widely used, flexible db for storing mac, unix, windows, acl’s, and a whole lot more.

[[email protected] ~]# yum install nss-pam-ldapd
[[email protected] ~]# system-config-authentication

It’ll modify:


EXAM NOTE: You just need to know how to configure the clients. Setting up the servers isn’t required for rhcsa or rhce.

[[email protected] ~]# vim /etc/auto.nis
* server1:/nis/&

[[email protected] ~]# man 5 autofs

Side note:

All the kernel documentation that exists is available via:

[[email protected] ~]# yum install kernel-doc
[[email protected] ~]# cd /usr/share/docs/kernel-docs/blah