In this guide we are going to learn about managing Users and Groups in a Linux environment. Most Linux system administrators are at pain to manage users and groups in a very large organization settings. This tutorial will help to unlock that pain.
Users are accounts that are used to login into a system. Each user is identified by unique identification number (UID). Users can be identified by level of access. There are two categories:
- Normal Users: These are regular users who does not make any changes to the system. They have limited access, they don’t make any modifications.
- Sudoers/root/administrators. These are users with all access rights. They can modify the system whenever they want. They have what we call sudoers privileges. Not every one can do the modification to the system but only a few in the organization.
Group is a collection of users. The main purpose of groups is to define a set of privileges such as read, write and execute permission for a given resource that can be shared among the users in that group.
The main reason why we are talking about user and group management is because of security. Security is paramount in any organization setting. It is never a good idea to allow users to share credentials of the same account. Not all users have the same agenda. Some want to plan worms so that they can gain access to unauthorized sections.
Related content
Prerequisites
- Fresh installed server
- Be sudo or root user
Commands used to manage Users and Group permissions
The following commands are mostly used to manage users and groups. The concerned party for managing users and groups are the administrators, root users or users with sudo privileges.
- adduser: command used to add users to the system.
- userdel: command used to delete users from the system.
- addgroup: command used to add group to the system.
- delgroup: command used to remove a group from the system.
- usermod: command used to modify user account
- chage: command used to change user password expiry date
- sudo: allows a system administrator to delegate authority to give certain users (or groups of users)
/etc/passwd: This is where configuration files for passwords management is stored.
/etc/shadow: This is where configuration files for encrypted passwords is stored.
/etc/sudoers: This is where configuration files for sudo is stored.
/etc/group: this is where configuration files for group users is stored.
Check if sudo is installed in your Linux flavor with the following command:
$ which sudoSample output
$ # which sudo
/usr/bin/sudoIf it returns an absolute path /usr/bin/sudo as show in the sample output, that means sudo is installed in your system else you can install with the following command:
$ apt install sudoAdding a new regular User
Regular users are added into the system so that they can operate daily operation. Use the following command to add new users: make sure you are in root to add new user or sudo if you already have sudo privileges.
$ adduser nextgentips$ # adduser nextgentips
Adding user `nextgentips' ...
Adding new group `nextgentips' (1000) ...
Adding new user `nextgentips' (1000) with group `nextgentips' ...
Creating home directory `/home/nextgentips' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for nextgentips
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] yIncase you are not prompted for the password, you can create new password with the following command:
$ sudo passwd nextgentipsYou will follow prompt to add password, full name room number like the above case. Accept that everything is right and press enter.
Connect to the created user using SSH like this:
$ ssh [email protected]<your_IP_Address>Sample output
# ssh [email protected]<your_IP_Address
The authenticity of host '67.205.150.16 (67.205.150.16)' can't be established.
ECDSA key fingerprint is SHA256:pEHTcEIM4iEp66SuAJlbCCl7H9LJdQT0oZqc7qrUaNI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '<your_IP_Address' (ECDSA) to the list of known hosts.
[email protected]<your_IP_Address password:
Welcome to Ubuntu 21.10 (GNU/Linux 5.13.0-20-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed Oct 27 10:24:50 UTC 2021
System load: 0.0 Users logged in: 1
Usage of /: 2.9% of 48.29GB IPv4 address for eth0: <your_IP_Address>
Memory usage: 9% IPv4 address for eth0: 10.10.0.0
Swap usage: 0% IPv4 address for eth1: 10.211.0.0
Processes: 99
3 updates can be applied immediately.
3 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.Delete the user with the following command:
$ userdel -r username-r will ensure that all the user files are removed completely.
Adding user Group:
To create a new group, we can do it like the following:
$ addgroup ITDeleting Group
We can delete the group with the following command:
$ delgroup ITAdding Special Permissions to Users and Groups
Owners, users can be granted different type of access to read from, write and execute files.
Commands used to grant permissions
- chown: is used to change file owner
- chmod: is used to change file permission
- chgrp: is used to change group ownership
- id: is used to print user and group IDs
The owner is the user who created that file. Lets create a file and use it as an example:
$ echo "This is awesome work" > workThen do list the file with the following command:
$ ls -lsample output
# ls -l work
-rw-r--r-- 1 root root 20 Oct 27 11:27 work-rw group indicate that the user has both read and write permission.
-r- group indicate that the user has read permission only
To change permissions, use chmod.
The following are permissions you can add to change the behavior of the content:
- +r adds read permission
- -r removes read permission
- +w adds write permission
- -w removes write permission
- +x adds execute permission
- -x removes execute permission
- +rw adds read and write permissions
- +rwx adds read and write and execute permissions
Let us look at each with an example:
$ chmod u+x work# ls -l work
-rwxr--r-- 1 root root 20 Oct 27 11:27 workAs you can see the w and x had been added.
Another way to set permissions is to us octal. Look at the following table to understand how octal works:
| Permissions | Binary | Octal |
| – | 000 | 0 |
| -x | 001 | 1 |
| -w- | 010 | 2 |
| -wx | 011 | 3 |
| r- | 100 | 4 |
| r-x | 101 | 5 |
| rw- | 110 | 6 |
| rwx | 111 | 7 |
Let us do it with an example
$ chmod 456 work# ls -l work
-r--r-xrw- 1 root root 20 Oct 27 11:27 work$ chmod 725 work# ls -l work
-rwx-w-r-x 1 root root 20 Oct 27 11:27 workConclusion
You have learned how to manage user and groups in an organization, try to do more practical work to know better.
