User and Group Management in Linux
Linux is a multi-user operating system, several people may be logged in and actively working on a given machine at the same time. you will need to know how to perform effective user management: how to add, edit, suspend, or delete user accounts, along with granting them the necessary permissions to do their assigned tasks.
Adding User Accounts
The command adduser creates the user and sets up the account’s home folders and other settings.
The command creates a user directory in the home (/home/user ) automatically.
Usage: adduser teknixx
The command useradd just creates the user.
The command useradd does not create a user directory in the home, if not specified with -m.
Usage: useradd -m teknixx
Both commands has to be run as root.
When create a new user account the system perform, the following operations.
- The home directory is created.
- The following hidden files are copied into the user’s home directory, and will be used to provide environment variables for the user session.
- A mail spool is created for the user at /var/spool/mail/username.
A group is created and given the same name as the new user account.
Assigning a password
The passwd command changes passwords or assign for user accounts. A normal user can only change the password for their account, but the superuser can change the password for any account.
Usage: passwd teknixx
The full account information is stored in the /etc/passwd file. This file contains a record per system user account and has the following format (fields are delimited by a colon).
Prints the data of the configuration file:
[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]
Indicates that the account is protected by a shadowed password (in /etc/shadow), which is needed to logon as [username].
Integer fields that represent the User Identification and the primary Group Identification to which [username] belongs, respectively.
Indicates the absolute path to [username]’s home directory
Is the shell that will be made available to this user when he or she logins the system.
Modifying user attributes
usermod –expiredate 2019-12-31 teknixx
Use the –expiredate flag followed by a date in YYYY-MM-DD format.
The command usermod is used to modify or change any attributes of a already created user account.
When we execute usermod command in terminal, the following files are used and affected.
- /etc/passwd – User account information.
- /etc/shadow – Secure account information.
- /etc/group – Group account information.
- /etc/gshadow – Secure group account information.
- /etc/login.defs – Shadow password suite configuration.
usermod -u new_id teknixx
This command can change the user ID of a user. The user with the given username will be assigned with the new ID given in the command and the old ID will be removed.
usermod –append –groups root,users teknixx
usermod -aG root,users teknixx
Use the combined -aG, or –append –groups options, followed by a comma separated list of groups.
Group information is stored in the /etc/group file. Each record has the following format:
[Group name]:[Group password]:[GID]:[Group members]
usermod -g new_primary_group teknixx
Before, changing user primary group, first make sure to check the current group for the user teknixx.
uid=501(teknixx) gid=20(teknixx) groups=20(teknixx)
Now, set the devel group as a primary group to user teknixx and confirm the changes.
usermod -g devel teknixx
uid=501(teknixx) gid=20(devel) groups=502(teknixx)
Use the –d, or –home options, followed by the absolute path to the new home directory.
usermod –home /home/new_home teknixx
Use –shell, followed by the path to the new shell.
usermod –shell /bin/sh teknixx
Use the -L or the —lock option to lock a user’s password.
usermod –lock teknixx
Use the –u or the —unlock option to unlock a user’s password.
usermod –unlock teknixx
In Linux, groups are used to organize and administer user accounts. The primary purpose of groups is to define a set of privileges such as reading, writing, or executing permission for a given resource that can be shared among the users within the group.