In this lesson, I'll discuss securing users. Securing users within Linux is pretty simple. Some of the commands that we've used already, like user add, create files and permissions for users when we add them to Linux. However, if we need to modify something, there are other commands that we need to use. In this lesson, I'll talk about some of those commands and why we want to use certain commands over others. Let's look first at what we've already created. So we'll type in sudo cat /etc/passwd. We now have our four accounts that we've created. Here's our accounts right here. Now let's say that we want to modify a home directory. So, for the user greg, instead of /home/greg/ for my directory, let's use greg_temp1. Just to make sure it's there, let's type in ll /home. Here's my directory that I just created. However, the user and group are both root; we need to change that. So we'll type in sudo chown the username that I wanna change it to, the group that I wanna change it to, and then the directory. So if we look at that folder again, now we'll notice greg and greg are the owner in the group of greg_temp1. So now we can modify our etc password file to reflect these changes. In order to do that successfully, we need to use a different command other than going into /etc/passwd. The command is called vipw. What this does is it not only locks the file, the etc password file, from other users changing that file, but it also syncs the passwords. So I'm going to scroll down and I'm going to change user greg into greg_temp1. Write quit. Okay, now you're also get a warning. You may need to modify /etc/shadow for consistency. Now this is only if I am changing certain other characteristics with the user, and I can use vipw -s to do that. That will allow us to change and lock the etc shadow file. Let's also look at the groups really quick. Securing users not only ensures that we are securing a user making sure that they own the files that they need and locking out others that might have access to those files, but also modifying groups so that we can let other users make changes to other users' directories, or if they are sharing files, to lock certain people out of other areas in other people's files. In order to do this, I would have to modify the etc group file to allow other users to be in that group. In addition to adding users and making sure that their home directories are correct and their shell scripts are correct in the etc password file, we also need to think about removing users. This is a common occurrence with organizations. If somebody leaves, we not only have to remove the file, but we also need to search for anything that the user may have left behind. When we delete a user, we're gonna type in the command userdel. And I'm just gonna remove greg_test3 – remember, you have to use sudo here, userdel greg_test3. Let's look at the password file. Okay, greg_test2 is there but greg_test3 is gone. Now, when we have a user that has left the company, we also need to make sure of a couple other things. We need to remove their access for many local databases, remove any alias files that they have, remove any cron jobs. We need to remove the user's home directory or their mail queue and any other files that they may have had on the system. So let's check to see if we have any other files out there. Let's type in ll /home. You'll notice that not only is greg_test3 still here, but now it has no user or group associated with it. However, it still has the security ID, so we need to remove that directory. In order to remove somebody's files, we're going to type in sudo rm -rf greg_test3. Now, make sure that you are in your correct directory before typing rf because that stands for recursive and force. This is permanent, and if you're in the wrong directory, it's gonna delete everything in that directory. So is it still there? No, it's removed. Let's also make sure that we don't have any lingering files for the user. In order to do this, we're gonna type in sudo find, type in / and -xdev -nouser. What this does is it looks for any files out there without any user associated with it. Now this may take a while to search through your system if there's a lot of files on the system. It looks like the system has found another place where we have forgotten to remove some, the user's files. So let's remove that directory as well, sudo rm/var/spool/mail/greg_test3. Let's just make sure we force. Okay, let's run this command again. It may take a minute, and looks like we have no files that come back. So in conclusion, we need to be very careful about how we manage users within a Linux system. It's not like a Windows system where we can just delete a user's files or just delete files and they're gone. Files in Linux stay around even though there may not be any user associated with them.
