The translation is temporarily closed for contributions due to maintenance, please come back later.
Administration Tasks
Additional tasks mimic any other Linux administration tasks and use available utilities included in the Fedora distribution. Some tasks are described below with specific links to other Fedora Documentation or upstream documentation.
General Resources:[Fedora 29 System Administrator’s Guide][Fedora Quick Docs]
Man pages
User Management
The initial image includes a locked root account without a password, a ssh key is provisioned via the provisioning service using xref:ignition.adoc[ignition].
$ id testuser
uid=1000(testuser) gid=1000(testuser) groups=1000(testuser),10(wheel)
$ getent passwd testuser
Package installation may add additional users to own files and processes on the system. For example the httpd package installation scripts will create a user apache if one does not already exist.
$ id apache
uid=48(apache) gid=48(apache) groups=48(apache)
$ getent passwd apache
This account is typically a system account with a UID below 1000, no password, and a shell of `/sbin/nologin`. Accounts with a nologin shell cannot be used interactively. These accounts also do not have a home directory created in `/home`
To manually create a system account for your application use the useradd command:
$ sudo useradd -r -s /sbin/nologin appuser
$ getent passwd appuser
Centralized users accounts (LDAP, Kerberos) can be configured with `authconfig` after the client packages, including `sssd`, have been installed. The `/etc/nsswitch.conf` file is already configured to look for sss as well as files and altfiles for account information.
Fedora 29 Administration Guide:[Managing Users and Groups]
User accounts which are members of the wheel group automatically have full privileges with the `sudo` command. This is from the following lines in the sudo configuration file:
$ sudo grep wheel /etc/sudoers
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
Edits to this configuration file should be made with the `visudo` command so that syntax is checked on exit. Instead of editing the main configuration file, grant other users the ability to issue specific commands as a different user by adding a configuration file to the `/etc/sudoers.d/` directory.
Fedora 29 Administration Guide:[Gaining Privileges]