Andromeda Computer - What you should know about: Linux Users and Groups
(0 votes)

What you should know about: Linux Users and Groups

BANNERGnulinuxrocks

 

What is a multi-user Operating system ? When the OS allows multiple people to use the computer at the same time without affecting other's stuff, it becomes a multi-user OS. Like wise Linux is also belongs to above mentioned category. There can be having multiple users, groups with their own personal files and preferences. So, this article will be helpful for you in below actions.

 

  • Managing Users ( Create/Edit/Delete accounts, Suspend accounts )
  • Manage User's Passwords ( Set Password policies, Expiration, further modifications )
  • Manage Groups ( Create/Delete user groups )

 

From this article we will discuss mostly useful Linux commands with their syntax's.


How to create a user

 

1) useradd : Add a user

 

syntax : useradd 

eg : We will create a user named ""Jesica". The command is useradd jesica . First i switch to root user with sudo su command as i am a sudo user.

UGLINUX1.png

You can see when we created the user in root account, it just added the user without asking the password for the newly created user. So now we will create a password for the user jesica.

 

 

2) passwd : set a password for users

 

syntax : passwd 

UGLINUX2.png

Here, i set a password for jesica. I set the password also as "jesica".You can use your own. The password you are writing will not be displayed for security reasons. As my password only having 6 characters, we get a message saying password is shorter than 8 characters. Those are password policies. We will discuss later in this article.

 

* Now we have created a new user with command useradd and set a password with passwd command. This is done in CentOS. But in some other linux distributions, adduser command will be used instead of useradd.

 * If you are a normal user, you have to be a super user to add a new user. So you have to use the commands as sudo useradd and sudo passwd .

 

Where all of these users are residing ?

We discussed these stuff in "Linux File System Hierarchy" article. As /root directory is root user's home directory, normal user's home directory is /home. Inside of /home directory all the user's profiles are stored. You can use the command ls /home to check who are currently in your OS. Check the below image, which shows my users in my OS.

 UGLINUX3.png

 

 

What is /etc/passwd file ?

 

When you created a user with command useradd without any options, there are some configuration file which are changing. Those are as below

 

  1. /etc/passwd
  2. /etc/shadow
  3. /etc/groups
  4. /etc/gshadow

 

Output of the above files are as below according to my OS.

 

1. /etc/passwd file

UGLINUX4.png

 

 

2. /etc/shadow file

UGLINUX5.png 

 

3. /etc/group file

UGLINUX6.png

 

When we created a new user with useradd command without any options, /etc/passwd file sets reasonable defaults for all field in that file for the new user. It is just a text file which contains useful information about the users like username, user id, group id, user's home directory path, shell and etc.

 

If we discuss about the fields in /etc/passwd file, eg : student:x:1000:1000:student:/home/student:/bin/bash

 

1. student : This is the username. To login we use this name.

 

2. x : This is the password. This is an encrypted password stored in /etc/shadow file. You can see the password record in /etc/shadow file for user student in the above image.

 

3. 1000 : This is the user id. Each an every user should have UID. This is zero for root user and 1-99 is for predefined user accounts and 100-999 is for system administrative accounts. Normal users are having User IDs starting from 1000. Extra - Also you can use command id for viewing user details.

 

4. 1000 : Primary group ID ( GID ). see /etc/group file on left side.

5. student : Comment field

6. /home/student : User's home directory

7. /bin/bash : The shell used by the user

 

 

* Summary of the above

 

  • When a user created, new profile will be created in /home/username by default
  • Hidden files like .bashrc , .bash_profile , .bash_logout will be copied to user's home directory. Environmental variables for the user is set by those hidden files and they will be covered in future articles.
  • A separate groups will be created for each user with their name.

 

Useradd command with some options

 

1.) If accidentally user's home directory is not created with useradd command.

 UGLINUX7.png

 

If you want to create a user without the home directory, useradd -M panda.

 

2.) If you want to move your home directory to a separate directory

UGLINUX8.png 

 

In the above command you have to use useradd command and then -d option for changing the default home directory path and /boo is the new home directory. Last put the username. You can see the below image. /etc/passwd file has a different home directory entry for user boo, Because we changed it's home directory.

UGLINUX9.png 

 

3.) Add a comment for the user when adding

UGLINUX10.png 

 

In /etc/passwd file :

UGLINUX11.png 

 

 

4.) Create a user by your own UID, useradd -u

5.) Create a user by your own UID and GID, useradd -u -g

6.) Create a user adding to a different groups, useradd -G There groups can be one or more and should be separated with a comma (,) the groups.

7.) To create a user, but disable shell login useradd -s /sbin/nologin With the above command, we can disable shell interaction with the user. But the account is active.


 

How to remove an account

 

3. userdel : Remove a user

 

syntax : userdel

 

eg : userdel -r

 

* When deleting the user, go with option -r. Why is it ? With -r option, it removes user with it's home directory. If removed without -r option, user's home directory will not be deleted.


 

How to modify an user account

 

4. usermod : Modify a user

 

syntax : usermod

 

* Here we can use all the options used in useradd command. Below are some options which is not discussed above.


 

1.) How to change the user's name

 

usermod -l

 

2.) To lock a user

 

usermod -L

 

3.) To unlock a user

 

usermod -U

 

4.) To change the group of a user

 

usermod -G

 

5.) To append a group to a user

 

usermod -aG

 

* Here appending means adding groups without removing the already existing groups. But if we use without -a, it removes the existing groups and join to new groups. This is relevant under primary groups and supplementary groups.

 

What is a group ?

 

Group is a collection of one or more users in Linux OS. Same as users, groups also have a group name and a id ( GID ). The group details can be found in /etc/group file. There are two types of main groups in Linux OS. Those are Primary groups and Supplementary groups. Every user once created is getting a new groups with the user's account name. That is the primary group and Supplementary groups are groups having one or more users inside.


 

How to create a group

 

4. groupadd : create a linux group

 

syntax : groupadd

 

Few examples

 

1.) To create a group named "student"

 

groupadd student

 

2.) Define a different group id ( GID )

 

groupadd -g 5000 student


 

How to modify an existing group

 

5. groupmod : modify a group

 

syntax : groupmod <options> <group name>

 

To change the name of the group, groupmod -n To change the group if, groupmod -g

 


 

How to delete an existing group

 

6. groupdel : delete a group

 

syntax : groupdel <group name>


 

How to manage user passwords using password policy ?

 

As we discussed above, while /etc/passwd file stores user details, /etc/shadow file stores user's password details. I attached an image of /etc/shadow file in the above. Here we use a term named Password aging. From that we use command chage edit the password aging policy. Look at the below image.

 UGLINUX12.png

Refer the above image and the options are as below.

 

  • chage -d 0 : Forcefully request the user to change the password in the next login.
  • chage -E Year-Month-Date : To expire an user account ( It should be in format YYYY-MM-DD ) 
  • chage -M 90 : Set password policy for requesting password should be renewed in every 90 days
  • chage -m 7 : Minimum days should be 7 to wait for changing the password again.

 

* Inactive days are set to define from how many days the account will be kept inactive after password expiration. If the user didn't change the password within inactive period, the account will be expired. 

 

chage -l : To display user's current settings for password policy.

 

The default values for all of the above values ( password expiration days, inactive days and etc ) will be in the configuration file, /etc/login.defs text file. Including User account ID , Group Account ID configurations also can be seen there. You can change the values in the /etc/login.defs file as your requirement.

UGLINUX13.png 

 

Now you have learned mostly needed stuff in Linux Users and Groups. This is not a small topic. There are a lots of commands you need to refer under this topic.

 

 You can see our previous posts with related topics

 

 

 

 

 

BannerFinalGNULINUZROCKS

Read 558 times Last modified on Friday, 12 July 2019 22:39

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

DMC Firewall is a Joomla Security extension!