User and Group Management in Linux

Linux is a multi-user operating system, several people may be logged in and actively working on a given machine at the same time. you will need to know how to perform effective user management: how to add, edit, suspend, or delete user accounts, along with granting them the necessary permissions to do their assigned tasks. 

Adding User Accounts

adduser

useradd

The command adduser creates the user and sets up the account’s home folders and other settings.

The command creates a user directory in the home (/home/user ) automatically.

Usage: adduser teknixx

The command useradd just creates the user.

useradd teknixx

The command useradd does not create a user directory in the home, if not specified with -m.

Usage: useradd -m teknixx

Both commands has to be run as root.

When create a new user account the system perform, the following operations.

  1. The home directory is created.
  2. The following hidden files are copied into the user’s home directory, and will be used to provide environment variables for the user session.
    • .bash_logout
    • .bash_profile
    • .bashrc
  3. A mail spool is created for the user at /var/spool/mail/username.
  4. A group is created and given the same name as the new user account.

Assigning a password

The passwd command changes passwords or assign for user accounts. A normal user can only change  the password for their account, but the superuser can change the password for any account.

Usage: passwd teknixx

Understanding /etc/passwd

The full account information is stored in the /etc/passwd file. This file contains a record per system user account and has the following format (fields are delimited by a colon).

cat /etc/passwd

Prints the data of the configuration file:

[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]

Pretty Obvious

Indicates that the account is protected by a shadowed password (in /etc/shadow), which is needed to logon as [username].

Integer fields that represent the User Identification and the primary Group Identification to which [username] belongs, respectively.

Self explanatory

Indicates the absolute path to [username]’s home directory

Is the shell that will be made available to this user when he or she logins the system.

Modifying user attributes

Setting the expiry date for an account

usermod –expiredate 2019-12-31 teknixx

Use the –expiredate flag followed by a date in YYYY-MM-DD format.

The command usermod is used to modify or change any attributes of a already created user account.

When we execute usermod command in terminal, the following files are used and affected.

  • /etc/passwd – User account information.
  • /etc/shadow – Secure account information.
  • /etc/group – Group account information.
  • /etc/gshadow – Secure group account information.
  • /etc/login.defs – Shadow password suite configuration.
Change the user ID for a user.

usermod -u new_id teknixx

This command can change the user ID of a user. The user with the given username will be assigned with the new ID given in the command and the old ID will be removed.

Adding the user to supplementary groups

usermod –append –groups root,users teknixx

OR

usermod -aG root,users teknixx

Use the combined -aG, or –append –groups options, followed by a comma separated list of groups.

Understanding /etc/group

Group information is stored in the /etc/group file. Each record has the following format:

[Group name]:[Group password]:[GID]:[Group members]

Is the name of group.

An x in [Group password] indicates group passwords are not being used.

Same as in /etc/passwd.

A comma separated list of users who are members of [Group name].

Change user primary group

usermod -g new_primary_group teknixx

Before, changing user primary group, first make sure to check the current group for the user teknixx.

id teknixx

uid=501(teknixx) gid=20(teknixx) groups=20(teknixx)

Now, set the devel group as a primary group to user teknixx and confirm the changes.

usermod -g devel teknixx
id teknixx

uid=501(teknixx) gid=20(devel) groups=502(teknixx)
Changing the default location of the user’s home directory

Use the d, or home options, followed by the absolute path to the new home directory.

usermod –home /home/new_home teknixx

Changing the shell the user will use by default

Use shell, followed by the path to the new shell.

usermod –shell /bin/sh teknixx

Disable/Enable a user account by locking password

Lock

Unlock

Use the -L or the —lock option to lock a user’s password.

usermod –lock teknixx

Use the –u or the —unlock option to unlock a user’s password.

usermod –unlock teknixx

Managing Groups​

In Linux, groups are used to organize and administer user accounts. The primary purpose of groups is to define a set of privileges such as reading, writing, or executing permission for a given resource that can be shared among the users within the group.

You may also like...

1 Response

  1. Marco Rus says:

    Very nice post. I definitely love this website.
    Keep writing!

Leave a Reply

Your email address will not be published. Required fields are marked *