Linux user and group management

  • In Linux and Unix systems users and groups are identified with user and group identifiers (UID and GID)
  • UID and GID are basically numerical codes
    • UID and GID number for root user is always 0
    • For regular users these numbers start typically from 1000
    • Number used for identifying users and groups depends on Linux distribution
    • For example in CentOS numbers start from 500

User management

  • /etc/passwd file includes all user accounts with each account presented on its own line
  • Each line has multiple values separated with colon
  • Below is an example of testusers information stored in passwd file

User account information stored in passwd file

  • Each user must have a read permission for /etc/passwd file
  • User information may by changed with chfn command
  • Default shell can be changed with chsh command (all allowed shells are listed in /etc/shells file)
  • Example:
testuser@ubuntu-PC:~$ chfn
Password:
Changing the user information for testuser
Enter the new value, or press ENTER for the default
        Full Name: testuser
        Room Number []: 453
        Work Phone []: +53623465
        Home Phone []: +54352349
  • User passwords are stored in a hash format in /etc/shadow file
  • Example:
testuser@ubuntu-PC:~$ sudo cat /etc/shadow | grep testuser
testuser:$6$kRpw22eh$5bGqUX9a42LItVJhKLrDPOEJ2J9jESwhlmtPAHa/cP1JHduhjmPGN3GQY8eGsRs6qjb.vTVJVW.iahWCDlsQD1:18136:0:99999:7:::
  • Similar to /etc/passwd file each line represents stored information of one user

User account password information stored in shadow file

Adding a new user

Useradd command

  • New user can be added with useradd command
  • Example:
  • Add user mark and create home directory (option m) and set bash as a default shell
testuser@ubuntu-PC:~$ sudo useradd -m -s /bin/bash mark
testuser@ubuntu-PC:~$ ls /home
mark  testuser

  • Important to notice when creating a new username:

    • Has eight letters at maximum if possible
    • Contains only small letters if possible
    • No scandinavian characters
    • No special characters

  • Important: Useradd command sets sh as a default shell if not provided separately with -s option with useradd command

  • Example: Let's add a new user to the system with the following information:

    • Username: david
    • Homefolder: yes
    • Shell: bash
    • Group: moderators (this is primary group)
testuser@ubuntu-PC:~$ sudo useradd –m -g moderators –s /bin/bash david
  • Let's set a new password for the user by using the passwd command
testuser@ubuntu-PC:~$ sudo passwd david
  • passwd command has the following options:
    • -d Removes user password, which restricts the login for the user
    • -l Locks user password, which restricts the login with password. Suitable for example with SSH keypair authentication
    • -u Removes password lock
    • -e Sets user password in expired status, which means that password must be changed during the next login attempt

Adduser command

  • In addition to previously presented useradd command, user can also be added with adduser command
  • All necessary information will be collected after the command has been run
  • Example: Let's add a new user Chris
testuser@ubuntu-PC:~$ sudo adduser chris
Adding user `chris' ...
Adding new group `chris' (1004) ...
Adding new user `chris' (1003) with group `chris' ...
Creating home directory `/home/chris' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for chris
Enter the new value, or press ENTER for the default
    Full Name []: Chris
    Room Number []: 456
    Work Phone []: +45678912
    Home Phone []: +45678912
    Other []:
Is the information correct? [Y/n] Y

Remove a user

  • User can be removed with either userdel or deluser command
  • In both cases command will be followed by username
testuser@ubuntu-PC:~$ userdel user

testuser@ubuntu-PC:~$ deluser user
  • If user home directory needs to be also deleted -r option must be issued with the command, for example:
testuser@ubuntu-PC:~$ userdel -r user

Groups

Manage groups

  • Linux group is a logical collection of users
  • Group defines user rights within the operating system
  • User may belong to one or more groups

  • Examples of Linux groups:

    • sudo: Administrative rights for running every command in the system
    • adm: System monitoring with possibility to read many log files from /var/log directory
    • plugdev: Allows to plug devices to the system (mount umount)

  • A new group can be added to the system with either groupadd or addgroup command

testuser@ubuntu-PC:~$ groupadd database_users

testuser@ubuntu-PC:~$ addgroup database_users
  • Group can be deleted from the system with groupdel or delgroup command
testuser@ubuntu-PC:~$ groupdel database_users

testuser@ubuntu-PC:~$ delgroup database_users
  • Important: Group cannot be deleted if any of the user has the group set as primary group!

Adding user to the group

  • User can be added to the group with usermod command

  • The following options are important: -g Sets primary group -G Sets supplementary groups

  • Example: Let's set group db_users as a primary group for the user chris. User will also be added to moderators and file_service groups

testuser@ubuntu-PC:~$ usermod -g db_users -G moderators,file_service chris
  • User's group information can be retrieved with groups command
  • Example: Let's check groups for user testuser
testuser@ubuntu-PC:~$ groups testuser
testuser : testuser adm cdrom sudo dip plugdev lxd