User & Group Modification (Demo)
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey, there Cybrarians.
00:00
Welcome back to the Linux+ course here at Cybrary.
00:00
I'm your instructor Rob Goelz.
00:00
In today's lesson, we're going to be
00:00
discussing User, and Group Modification.
00:00
Upon completion of today's lesson,
00:00
you're going to understand user,
00:00
and group modification,
00:00
and be able to use the usermod, and groupmod commands.
00:00
Right off the bat, the usermod command is used to
00:00
modify and establish user account.
00:00
What do you do when you forgot to add
00:00
a user to a group when you are creating the user?
00:00
You can use the command usermod.
00:00
The two common usermods that I use are usermod-aG,
00:00
which allows you to append,
00:00
that's the a option,
00:00
and then G which
00:00
adds in the additional group that we want to add,
00:00
or you can use usermod-L to lock a user account.
00:00
Now the groupmod command is used to
00:00
modify an existing group account.
00:00
For instance, what do you do if
00:00
you want to change a group name?
00:00
You use the command groupmod.
00:00
A common groupmod commands or groupmod-n,
00:00
that does change the group name.
00:00
Or we can do groupmod-g to change the group ID.
00:00
Let's take a look at these two commands
00:00
with some demo time.
00:00
[NOISE] For our demo
00:00
today we're just going to work in CentOS.
00:00
I added the best group that we had,
00:00
we just created an Ubuntu over here on CentOS as well.
00:00
To get started, let's create a new user.
00:00
Useradd test2 over here in CentOS.
00:00
Then we've done that, and now if we do an ID on test 2,
00:00
we can see all of the groups that is part of.
00:00
It has a user ID, a group ID.
00:00
Actually, it has another group ID as well.
00:00
Those are the three default groups
00:00
that it gets when you create the user.
00:00
Now if we wanted to add that user
00:00
to the wheel group, if you said, oh, man,
00:00
we forgot to add this user so that this user can
00:00
have advanced privileges so
00:00
that they can elevate their privileges,
00:00
and become root using pseudo.
00:00
If we can add the user to the group
00:00
after the fact by using usermod,
00:00
the we'll do -aG,
00:00
and we'll specify the name of the group,
00:00
and then we'll specify the name of the user.
00:00
Usermod dash, lowercase a for a pen,
00:00
G for group, the name of the group,
00:00
and then the name of the user.
00:00
We've got to be pseudo to do this, of course.
00:00
There we are, We're good to go.
00:00
Now if we do [NOISE] an ID test2, again,
00:00
we're going to see that it has all the groups,
00:00
and also the wheel group.
00:00
If we wanted to add the user
00:00
to another group, we can do so.
00:00
We can just say, well it's also
00:00
add this user to the group,
00:00
that best group that we created,
00:00
best novelist, there we go.
00:00
[NOISE] There we are.
00:00
If we do ID test2,
00:00
we can now see that this user is part of
00:00
all the default user groups that it
00:00
has plus wheel, and plus best.
00:00
Now it's very important that when you do usermod,
00:00
you use this a option or a flag as well as the G option.
00:00
Because I'll show you what happens if
00:00
we were to just run usermod-G,
00:00
and then add this user to wheel,
00:00
[NOISE], and then do an ID test,
00:00
what we'll see is that it removes the other group,
00:00
it removes best,
00:00
and it just adds the user to wheel.
00:00
That's how we have to add a user to additional groups,
00:00
and not remove any other secondary groups when we add it,
00:00
we have to use usermod-aG.
00:00
[NOISE] Let's take a look
00:00
at how we lock a user account out.
00:00
First of all, let's add a password to this user.
00:00
We'll do pseudo [NOISE] password on test2,
00:00
[NOISE] and we'll just give it a password.
00:00
[NOISE].
00:00
Then if we do a grep for test2 in etc shadow,
00:00
[NOISE] we need to
00:00
add a little bit of privileges to do
00:00
this too, there we go.
00:00
Now what we can see is that
00:00
this user has this field here.
00:00
This is actually the password field that you'll
00:00
see in a shadow file for a user.
00:00
We'll get more into shadow files,
00:00
and password files down the road in this course.
00:00
But this is basically what you'll see will just be
00:00
that this second field or column.
00:00
This Column 1, this is Column 2, or Field 2.
00:00
This holds this big long nasty hashed value
00:00
of the password hash consulted,
00:00
and that contains the password for the user.
00:00
But if we were to do a usermod-L for the user,
00:00
and then give it the username test2,
00:00
oh, got to be pseudo to do that, of course, sorry.
00:00
There we go, and then let's do
00:00
another grep on etc shadow.
00:00
Now what we see is that instead of starting with a $6,
00:00
it starts with a exclamation point, and then $six.
00:00
What this really does,
00:00
is it adds an exclamation point before
00:00
the password hash in the etc shadow
00:00
file so that it tells
00:00
the Linux system it is user account is locked.
00:00
When you see an exclamation point at
00:00
the very beginning of this field for any user,
00:00
that means that this user is locked.
00:00
They can't log in, their password has been locked.
00:00
You know what, we made a mistake.
00:00
We meant to use lowercase l, and rename the user.
00:00
How do we unlock the user?
00:00
Well, we can do that with usermod,
00:00
and then capital U,
00:00
and of course must be pseudo.
00:00
Let's elevate our privileges first before we do this.
00:00
We need to do this on test2.
00:00
[NOISE] Then if we do a grep test2 on etc shadow again,
00:00
look at that, our exclamation point is gone,
00:00
and now this user can log in once again.
00:00
Finally, let's take a look and
00:00
mess around with the group that we created.
00:00
If we do a grep for best in etc group,
00:00
we're going to see we have best with
00:00
the group ID of 1337.
00:00
Let's see, we want to change the name.
00:00
We're going to make the best group until the worst group.
00:00
We can do that with the command groupmod [NOISE].
00:00
Then we're going to specify we want to
00:00
change the name but the dash n flag,
00:00
and we're going to change the name to worst,
00:00
and the current group name is best,
00:00
and then we hit Enter.
00:00
Now if we were to try and do another graph for best,
00:00
we get nothing because it doesn't
00:00
exist anymore, we changed the name.
00:00
But if we do a grep for worst, there it is.
00:00
Unfortunately, it still has the group ID of 1337,
00:00
and we don't want the worst group to
00:00
have that ID. Let's change that.
00:00
We're going to go ahead,
00:00
and use the groupmod command rather again,
00:00
and we'll do the dash g flag to
00:00
specify that we want to change the group ID,
00:00
and we'll change it to, I don't know, 666 for worst.
00:00
[NOISE] Now if we grab worst,
00:00
we see that we have also changed
00:00
the group ID from 1337 to 666,
00:00
and we changed the name to worst.
00:00
With that, in this lesson,
00:00
we covered the user and group modification
00:00
using usermod, and groupmod commands.
00:00
Thanks so much for being here,
00:00
and I look forward to seeing you in our next lesson.
Up Next
Instructed By
Similar Content
