Linux user and group management¶
- In Linux and Unix systems users and groups are identified with user and group identifiers (UID and GID)
- UID and GID are basically numerical codes
- UID and GID number for root user is always 0
- For regular users these numbers start typically from 1000
- Number used for identifying users and groups depends on Linux distribution
- For example in CentOS numbers start from 500
User management¶
- /etc/passwd file includes all user accounts with each account presented on its own line
- Each line has multiple values separated with colon
- Below is an example of testusers information stored in passwd file
- Each user must have a read permission for /etc/passwd file
- User information may by changed with chfn command
- Default shell can be changed with chsh command (all allowed shells are listed in /etc/shells file)
- Example:
testuser@ubuntu-PC:~$ chfn
Password:
Changing the user information for testuser
Enter the new value, or press ENTER for the default
Full Name: testuser
Room Number []: 453
Work Phone []: +53623465
Home Phone []: +54352349
- User passwords are stored in a hash format in /etc/shadow file
- Example:
testuser@ubuntu-PC:~$ sudo cat /etc/shadow | grep testuser
testuser:$6$kRpw22eh$5bGqUX9a42LItVJhKLrDPOEJ2J9jESwhlmtPAHa/cP1JHduhjmPGN3GQY8eGsRs6qjb.vTVJVW.iahWCDlsQD1:18136:0:99999:7:::
- Similar to /etc/passwd file each line represents stored information of one user
Adding a new user¶
Useradd command¶
- New user can be added with useradd command
- Example:
- Add user mark and create home directory (option m) and set bash as a default shell
testuser@ubuntu-PC:~$ sudo useradd -m -s /bin/bash mark
testuser@ubuntu-PC:~$ ls /home
mark testuser
-
Important to notice when creating a new username:
- Has eight letters at maximum if possible
- Contains only small letters if possible
- No scandinavian characters
- No special characters
-
Important: Useradd command sets sh as a default shell if not provided separately with -s option with useradd command
-
Example: Let's add a new user to the system with the following information:
- Username: david
- Homefolder: yes
- Shell: bash
- Group: moderators (this is primary group)
testuser@ubuntu-PC:~$ sudo useradd –m -g moderators –s /bin/bash david
- Let's set a new password for the user by using the passwd command
testuser@ubuntu-PC:~$ sudo passwd david
- passwd command has the following options:
- -d Removes user password, which restricts the login for the user
- -l Locks user password, which restricts the login with password. Suitable for example with SSH keypair authentication
- -u Removes password lock
- -e Sets user password in expired status, which means that password must be changed during the next login attempt
Adduser command¶
- In addition to previously presented useradd command, user can also be added with adduser command
- All necessary information will be collected after the command has been run
- Example: Let's add a new user Chris
testuser@ubuntu-PC:~$ sudo adduser chris
Adding user `chris' ...
Adding new group `chris' (1004) ...
Adding new user `chris' (1003) with group `chris' ...
Creating home directory `/home/chris' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for chris
Enter the new value, or press ENTER for the default
Full Name []: Chris
Room Number []: 456
Work Phone []: +45678912
Home Phone []: +45678912
Other []:
Is the information correct? [Y/n] Y
Remove a user¶
- User can be removed with either userdel or deluser command
- In both cases command will be followed by username
testuser@ubuntu-PC:~$ userdel user
testuser@ubuntu-PC:~$ deluser user
- If user home directory needs to be also deleted -r option must be issued with the command, for example:
testuser@ubuntu-PC:~$ userdel -r user
Groups¶
Manage groups¶
- Linux group is a logical collection of users
- Group defines user rights within the operating system
- User may belong to one or more groups
-
Examples of Linux groups:
- sudo: Administrative rights for running every command in the system
- adm: System monitoring with possibility to read many log files from /var/log directory
- plugdev: Allows to plug devices to the system (mount umount)
-
A new group can be added to the system with either groupadd or addgroup command
testuser@ubuntu-PC:~$ groupadd database_users
testuser@ubuntu-PC:~$ addgroup database_users
- Group can be deleted from the system with groupdel or delgroup command
testuser@ubuntu-PC:~$ groupdel database_users
testuser@ubuntu-PC:~$ delgroup database_users
- Important: Group cannot be deleted if any of the user has the group set as primary group!
Adding user to the group¶
- User can be added to the group with usermod command
-
The following options are important: -g Sets primary group -G Sets supplementary groups
-
Example: Let's set group db_users as a primary group for the user chris. User will also be added to moderators and file_service groups
testuser@ubuntu-PC:~$ usermod -g db_users -G moderators,file_service chris
- User's group information can be retrieved with groups command
- Example: Let's check groups for user testuser
testuser@ubuntu-PC:~$ groups testuser
testuser : testuser adm cdrom sudo dip plugdev lxd