Centos 7 – Manage Users

Last updated on August 13th, 2018 at 09:24 am

Check All users

compgen -u
compgen -g
sudo adduser username
passwd username

—–add to sudos——–

gpasswd -a username wheel

userdel username

userdel -r username

Remove user from group

gpasswd -d user group

——-Prevent user to change pass for 274 years———-

 

passwd -n 9999 username

 

—-User + group for apache—-

 

adduser www-root
grooupadd www-root
sudo chown -R www-root:www-root /var/www/

—-Development User David creation with root permissions —-

adduser david
passwd david
New password: zwXeVfjfdsdsdsksdkh
gpasswd -a david wheel
gpasswd -a david www-root
passwd david -n 9999
usermod -a -G www-root david
sudo chown -R www-root:www-root /var/www/
chmod g+w /var/www/devweb01/

—-Development User David creation without root permissions —-

adduser david
passwd david
New password: zwXeVfjfdsdsdsksdkh
gpasswd -a david www-root 
passwd david -n 9999 
usermod -a -G www-root david
chown -R www-root:www-root /var/www/ 
chmod g+w /var/www/devweb01/
chown -R www-root:www-root /var/www
chmod go+x /var/www
chgrp -R www-root /var/www

—-Prepare WinSCP —-

Options -> Preferences
A preferences box will open
Click on Transfer
Double Click on Default
Uncheck Preserve Timestamp

—-Prepare Permissions on folder /var/www by your requirement —-

We need to set the owner/group of the web root

chown -R www-root:www-root /var/www

Second
We need to setup the proper permissions for users and groups. We do some blanket commands restricting access, and then open access up as much as we need to.

To start, make it so no-one but the current user (www-root) can access the web-root content. We use ‘go’, meaning apply to ‘group’ and ‘other’. We use ‘-‘, which means remove permissions. We use ‘rwx’ to remove read, write and execute permissions.

chmod go-rwx /var/www

Next, allow users of the same group (and ‘other’) to enter the /var/www directory. This is not done recursively. Once again, we use ‘group’ and ‘other’ but we use ‘+’ to allow the execute (‘x’) permission.

chmod go+x /var/www

Next, change all directories and files in the web root to the same group (www-data) – just in case there are files in there currently:

chgrp -R www-root /var/www

 

Permission for user on specific folder

useradd your_user
passwd your_user
86576fghdgt746t74

usermod -d /var/www/your_site.com/wp-content/themes/Divi-child your_user
chown -R youruser:www-root /var/www/your_site.com/wp-content/themes/Divi-child

crontab -e
* * * * * chown -R youruser:www-root /var/www/your_site.com/wp-content/themes/Divi-child
systemctl restart crond

 

Create Root User

adduser ben
passwd ben
y48zhssfdfsdfsfGznpu
gpasswd -a ben wheel
passwd -n 9999 ben
chage -m 99999 ben

———-Configuration file for sudos users————

visudo

Find the following code:

## Allow root to run any commands anywhere
root ALL=(ALL) ALL

Find the following code:
## Allow root to run any commands anywhere

root ALL=(ALL) ALL
mynewuser ALL=(ALL) ALL

## Run commands with sudo , without enter password:

visudo

Add to end this line:

mynewuser ALL = (root) NOPASSWD:ALL

—–Add this line——

ben ALL=(ALL) ALL

SSH Alert for This USER

If you want to get SSH alert on this users connection – please login with the user & Password you created now

nano ~/.bash_profile

IP="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
HOSTNAME=$(hostname)
NOW=$(date +"%e %b %Y, %a %r")

echo 'Someone from '$IP' logged into '$HOSTNAME' on '$NOW'.' | mail -s 'SSH Login Notification' [email protected]