Aug 182012
 
General Startup
	To use vi: vi filename
	To exit vi and save changes: ZZ   or  :wq
	To exit vi without saving changes: :q!
	To enter vi command mode: [esc]

Counts
        A number preceding any vi command tells vi to repeat
	that command that many times.

Cursor Movement

	h       move left (backspace)

	j       move down

	k       move up

	l       move right (spacebar)

	[return]   move to the beginning of the next line

	$       last column on the current line

	0       move cursor to the first column on the
		current line

	^       move cursor to first nonblank column on the
		current line

	w       move to the beginning of the next word or
		punctuation mark

	W       move past the next space

	b       move to the beginning of the previous word
		or punctuation mark

	B       move to the beginning of the previous word,
		ignores punctuation

        e       end of next word or punctuation mark

        E       end of next word, ignoring punctuation

        H       move cursor to the top of the screen 

        M       move cursor to the middle of the screen

        L       move cursor to the bottom of the screen 

Screen Movement

       G        move to the last line in the file

       xG       move to line x

       z+       move current line to top of screen

       z        move current line to the middle of screen

       z-       move current line to the bottom of screen

       ^F       move forward one screen

       ^B       move backward one line

       ^D       move forward one half screen

       ^U       move backward one half screen

       ^R       redraw screen
		( does not work with VT100 type terminals )

       ^L       redraw screen
		( does not work with Televideo terminals )

Inserting

       r        replace character under cursor with next
		character typed

       R        keep replacing character until [esc] is hit

       i        insert before cursor

       a        append after cursor

       A        append at end of line

       O        open line above cursor and enter append mode

Deleting

	x       delete character under cursor

	dd      delete line under cursor

        dw      delete word under cursor

        db      delete word before cursor

Copying Code

        yy      (yank)'copies' line which may then be put by
		the p(put) command. Precede with a count for
		multiple lines.

        :t.     will duplicate the line.

        :t 7    will copy it after line 7.

        :,+t0   will copy current and next line at the
        beginning of the file.

        :1,t$   will copy lines from beginning of the file
        to the current cursor position, to the end of the file.

Put Command
        brings back previous deletion or yank of lines,
	words, or characters

        P       bring back before cursor

        p       bring back after cursor

Find Commands

	?       finds a word going backwards

	/       finds a word going forwards

        f       finds a character on the line under the
		cursor going forward

        F       finds a character on the line under the
		cursor going backwards

        t       find a character on the current line going
		forward and stop one character before it

	T       find a character on the current line going
		backward and stop one character before it

	;	repeat last f, F, t, T

Find and Replace Commands

        :%s/hello/goodbye/g   find hello and replace with goodbye

        :%s/^\(.*\)\n\1$/g    delete duplicate lines

        :%s/\n/ /g            join lines together

Miscellaneous Commands

	.	repeat last command

	u	undo last command issued

	U	undoes all commands on one line

	xp	deletes first character and inserts after
		second (swap)

	J	join current line with the next line

	^G	display current line number

	%	if at one parenthesis, will jump to its mate

	mx	mark current line with character x

	'x	find line marked with character x

	NOTE: Marks are internal and not written to the file.

Line Editor Mode
	Any commands from the line editor ex can be issued
	upon entering line mode.

	To enter: type ':'

	To exit: press[return] or [esc]

ex Commands
	For a complete list consult the
	UNIX Programmer's Manual

READING FILES
	copies (reads) filename after cursor in file
	currently editing

	:r filename

WRITE FILE
	:w 	saves the current file without quitting
	:20,40w filename write the contents of the lines numbered 20 through 40 to
	a new file named filename
MOVING

	:#	move to line #

	:$	move to last line of file

SHELL ESCAPE
	executes 'cmd' as a shell command.

	:!'cmd'

Source:
Aug 142012
 
If you want to find the system ID of the user type:
	id username

You can check what groups a user belongs to by using the "groups" command.
	groups <username>

To create a user with the default groups type:
	sudo adduser --add_extra_groups username
        Fedora: sudo adduser -m username

To delete a user and its primary group type:
	sudo deluser username

To add an existing user to an existing group type:
	sudo usermod -a -G thegroupname theusername
	sudo usermod -a -G thegroupname theusername
	sudo useradd -G thegroupname theusername

Use gpasswd:
	sudo gpasswd -a theusername thegroupname

To remove user billybob from the group hillbilly.
	gpasswd -d billybob hillbilly

To give user billybob administrative rights to the group hillbilly.
	gpasswd -A billybob hillbilly

To Change a users primary group type:
	useradd -g www joebob

To show users that are in a group named joebob type:
	getent group joebob

To temporarily lock or unlock a user account, use the following syntax, respectively: 
	sudo passwd -l username 
	sudo passwd -u username 

If you want to use the GUI you will have to install the gnome-system-tools 
	sudo apt-get install gnome-system-tools 

Here are a few ways to run it once it is installed type: 
	sudo users-admin 
Press Alt+F2 
Type 
	sudo users-admin 
Press Enter. Press Ctrl+Alt+T. 
Type 
	sudo users-admin
Press Enter. 

If you want to add a group type: 
	sudo groupadd foo 
	sudo addgroup groupname 

If you want to delete a group type: 
	sudo delgroup groupname 

User Profile Security when a new user is created, the adduser utility creates a 
brand new home directory named /home/username, respectively. The default profile 
is modeled after the contents found in the directory of /etc/skel, which includes 
all profile basics. If your server will be home to multiple users, you should pay 
close attention to the user home directory permissions to ensure confidentiality. 
By default, user home directories in Ubuntu are created with world read/execute 
permissions. This means that all users can browse and access the contents of other 
users home directories. This may not be suitable for your environment. 

To verify your current users home directory permissions, use the following syntax: 
	ls -ld /home/username 

	The following output shows that the directory /home/username has world 
readable permissions: drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username 
You can remove the world readable permissions using the following syntax: 
	sudo chmod 0750 /home/username 

Some people tend to use the recursive option (-R) indiscriminately which modifies 
all child folders and files, but this is not necessary, and may yield other 
undesirable results. The parent directory alone is sufficient for preventing
unauthorized access to anything below the parent. A much more efficient approach 
to the matter would be to modify the adduser global default permissions when creating 
user home folders. Simply edit the file /etc/adduser.conf and modify the DIR_MODE 
variable to something appropriate, so that all new home directories will receive the 
correct permissions. 
	DIR_MODE=0750 

After correcting the directory permissions using any of the previously mentioned 
techniques, verify the results using the following syntax: 
	ls -ld /home/username 

The results below show that world readable permissions have been removed: 
drwxr-x--- 2 username username 4096 2007-10-02 20:03 username Password Policy A 
strong password policy is one of the most important aspects of your security posture. 
Many successful security breaches involve simple brute force and dictionary attacks 
against weak passwords. If you intend to offer any form of remote access involving 
your local password system, make sure you adequately address minimum password 
complexity requirements, maximum password lifetimes, and frequent audits of your 
authentication systems. Minimum Password Length By default, Ubuntu requires a minimum 
password length of 4 characters, as well as some basic entropy checks. These 
values are controlled in the file /etc/pam.d/common-password, which is outlined 
below. password required pam_unix.so nullok obscure min=4 max=8 md5 If you would 
like to adjust the minimum length to 6 characters, change the appropriate variable 
to min=6. The modification is outlined below. password required pam_unix.so nullok 
obscure min=6 max=8 md5 The max=8 variable does not represent the maximum length of 
a password. It only means that complexity requirements will not be checked on 
passwords over 8 characters. You may want to look at the libpam-cracklib package for 
additional password entropy assistance. Password Expiration When creating user 
accounts, you should make it a policy to have a minimum and maximum password age 
forcing users to change their passwords when they expire. 

To easily view the current status of a user account, use the following syntax: 
	sudo chage -l username 

The output below shows interesting facts about the user account, namely that there 
are no policies applied: Last password change : Jan 20, 2008 Password expires : 
never Password inactive : never Account expires : never Minimum number of days 
between password change : 0 Maximum number of days between password change : 99999 
Number of days of warning before password expires : 7 To set any of these values, 
simply use the following syntax, and follow the interactive prompts: 
	sudo chage username 

The following is also an example of how you can manually change the explicit 
expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, maximum 
password age (-M) of 90 days, inactivity period (-I) of 5 days after password 
expiration, and a warning time period (-W) of 14 days before password expiration. 
sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username To verify changes, use the 
same syntax as mentioned previously: 
	sudo chage -l username 

The output below shows the new policies that have been established for the account: 
	Last password change : Jan 20, 2008 
	Password expires : Apr 19, 2008 
	Password inactive : May 19, 2008 
	Account expires : Jan 31, 2008 
	Minimum number of days between password change : 5 
	Maximum number of days between password change : 90 
	Number of days of warning before password expires : 14 

Other Security Considerations Many applications use alternate authentication 
mechanisms that can be easily overlooked by even experienced system administrators. 
Therefore, it is important to understand and control how users authenticate and gain 
access to services and applications on your server. SSH Access by Disabled Users 
Simply disabling/locking a user account will not prevent a user from logging into 
your server remotely if they have previously set up RSA public key authentication. 
They will still be able to gain shell access to the server, without the need for any 
password. Remember to check the users home directory for files that will allow for 
this type of authenticated SSH access. e.g. /home/username/.ssh/authorized_keys. 
Remove or rename the directory .ssh/ in the user's home folder to prevent further 
SSH authentication capabilities. Be sure to check for any established SSH connections 
by the disabled user, as it is possible they may have existing inbound or outbound 
connections. Kill any that are found. Restrict SSH access to only user accounts that 
should have it. 

For example, you may create a group called "sshlogin" and add the group name as the 
value associated with the AllowGroups variable located in the 
file /etc/ssh/sshd_config. 
	AllowGroups sshlogin 

Then add your permitted SSH users to the group "sshlogin", and restart the SSH service. 
	sudo adduser username sshlogin 
	sudo /etc/init.d/ssh restart 

MakeUser Function for .bashrc file:

  makeuser () { 
  if [ $# -eq 0 ] 
  then 
  echo "Usage: makeuser username." 
  else 
  sudo adduser --add_extra_groups $1 
  fi 
  } 

Source for most of this document: