How to Manage Users and Groups in Linux

In this guide we are going to learn about managing Users and Groups in a Linux environment. Most Linux system administrators are at pain to manage users and groups in a very large organization settings. This tutorial will help to unlock that pain.

Users are accounts that are used to login into a system. Each user is identified by unique identification number (UID). Users can be identified by level of access. There are two categories:

  • Normal Users: These are regular users who does not make any changes to the system. They have limited access, they don’t make any modifications.
  • Sudoers/root/administrators. These are users with all access rights. They can modify the system whenever they want. They have what we call sudoers privileges. Not every one can do the modification to the system but only a few in the organization.

Group is a collection of users. The main purpose of groups is to define a set of privileges such as read, write and execute permission for a given resource that can be shared among the users in that group.

The main reason why we are talking about user and group management is because of security. Security is paramount in any organization setting. It is never a good idea to allow users to share credentials of the same account. Not all users have the same agenda. Some want to plan worms so that they can gain access to unauthorized sections.

Related content

Prerequisites

  • Fresh installed server
  • Be sudo or root user

Commands used to manage Users and Group permissions

The following commands are mostly used to manage users and groups. The concerned party for managing users and groups are the administrators, root users or users with sudo privileges.

  • adduser: command used to add users to the system.
  • userdel: command used to delete users from the system.
  • addgroup: command used to add group to the system.
  • delgroup: command used to remove a group from the system.
  • usermod: command used to modify user account
  • chage: command used to change user password expiry date
  • sudo: allows a system administrator to delegate authority to give certain users (or groups of users)

/etc/passwd: This is where configuration files for passwords management is stored.

/etc/shadow: This is where configuration files for encrypted passwords is stored.

/etc/sudoers: This is where configuration files for sudo is stored.

/etc/group: this is where configuration files for group users is stored.

Check if sudo is installed in your Linux flavor with the following command:

$ which sudo

Sample output

$ # which sudo
/usr/bin/sudo

If it returns an absolute path /usr/bin/sudo as show in the sample output, that means sudo is installed in your system else you can install with the following command:

$ apt install sudo

Adding a new regular User

Regular users are added into the system so that they can operate daily operation. Use the following command to add new users: make sure you are in root to add new user or sudo if you already have sudo privileges.

$ adduser nextgentips
$ # adduser nextgentips
Adding user `nextgentips' ...
Adding new group `nextgentips' (1000) ...
Adding new user `nextgentips' (1000) with group `nextgentips' ...
Creating home directory `/home/nextgentips' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for nextgentips
Enter the new value, or press ENTER for the default
        Full Name []: 
        Room Number []: 
        Work Phone []: 
        Home Phone []: 
        Other []: 
Is the information correct? [Y/n] y

Incase you are not prompted for the password, you can create new password with the following command:

$ sudo passwd nextgentips

You will follow prompt to add password, full name room number like the above case. Accept that everything is right and press enter.

Connect to the created user using SSH like this:

$ ssh nextgentips@<your_IP_Address>

Sample output

# ssh nextgentips@<your_IP_Address
The authenticity of host '67.205.150.16 (67.205.150.16)' can't be established.
ECDSA key fingerprint is SHA256:pEHTcEIM4iEp66SuAJlbCCl7H9LJdQT0oZqc7qrUaNI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '<your_IP_Address' (ECDSA) to the list of known hosts.
nextgentips@<your_IP_Address password: 
Welcome to Ubuntu 21.10 (GNU/Linux 5.13.0-20-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Oct 27 10:24:50 UTC 2021

  System load:  0.0               Users logged in:       1
  Usage of /:   2.9% of 48.29GB   IPv4 address for eth0: <your_IP_Address>
  Memory usage: 9%                IPv4 address for eth0: 10.10.0.0
  Swap usage:   0%                IPv4 address for eth1: 10.211.0.0
  Processes:    99

3 updates can be applied immediately.
3 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable



The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

Delete the user with the following command:

$ userdel -r username

-r will ensure that all the user files are removed completely.

Adding user Group:

To create a new group, we can do it like the following:

$ addgroup IT

Deleting Group

We can delete the group with the following command:

$ delgroup IT

Adding Special Permissions to Users and Groups

Owners, users can be granted different type of access to read from, write and execute files.

Commands used to grant permissions

  • chown: is used to change file owner
  • chmod: is used to change file permission
  • chgrp: is used to change group ownership
  • id: is used to print user and group IDs

The owner is the user who created that file. Lets create a file and use it as an example:

$ echo "This is awesome work" > work

Then do list the file with the following command:

$ ls -l

sample output

# ls -l work
-rw-r--r-- 1 root root   20 Oct 27 11:27 work

-rw group indicate that the user has both read and write permission.

-r- group indicate that the user has read permission only

To change permissions, use chmod.

The following are permissions you can add to change the behavior of the content:

  • +r adds read permission
  • -r removes read permission
  • +w adds write permission
  • -w removes write permission
  • +x adds execute permission
  • -x removes execute permission
  • +rw adds read and write permissions
  • +rwx adds read and write and execute permissions

Let us look at each with an example:

$ chmod u+x work
# ls -l work
-rwxr--r-- 1 root root 20 Oct 27 11:27 work

As you can see the w and x had been added.

Another way to set permissions is to us octal. Look at the following table to understand how octal works:

Permissions BinaryOctal
0000
-x0011
-w-0102
-wx0113
r-1004
r-x1015
rw-1106
rwx1117
Octal notation

Let us do it with an example

$ chmod 456 work
# ls -l work
-r--r-xrw- 1 root root 20 Oct 27 11:27 work
$ chmod 725 work
# ls -l work
-rwx-w-r-x 1 root root 20 Oct 27 11:27 work

Conclusion

You have learned how to manage user and groups in an organization, try to do more practical work to know better.

About Kipkoech Sang

I am a technology enthusiast who loves to share gained knowledge through offering daily tips as a way of empowering others. I am fan of Linux and all other things open source.
View all posts by Kipkoech Sang →

Leave a Reply

Your email address will not be published.