Managing Users and Groups
●
Under Linux, every file and program must be owned by a user. Each user has a unique identifier called a user
ID (UID). Each user must also belong to at least one group, a collection of users established by the system
administrator. Users may belong to multiple groups. Like users, groups also have unique identifiers, called
group IDs (GIDs). The accessibility of a file or program is based on its UIDs and GIDs. A running program
inherits the rights and permissions of the user who invokes it.
●
Normal Users : Normal users can access only what they own or have been given permission to run;
permission is granted because the user either belongs to the file’s group or because the file is accessible to
all users. Every normal user is identified by an user ID.
●
Superuser/root user : The root user is allowed to access all files and programs in the system, whether or not
root owns them. The root user has user and group ID 0.
�●
su (switch user): Once you have logged into the system as one user, you need not log out and
back in again in order to assume another identity (root user, for instance). Instead, use the su
command to switch. This command has few command-line parameters. For instance if you
want to swith the user to root use the command $ su -
●
It will prompt for root password and the if the provided password is correct you will be dropped
down to a root shell.
●
sudo : The command stands for “super user do”. It will run that command with elevated
privileges or allow a user with proper permissions to execute a command as another user, such
as the superuser. This is the equivalent of the “run as administrator” option in Windows.
Eg $ sudo -u <user> <command> will execute the command with all the privileges of
the user <user>.
“$ sudo bash” will start a bash shell with root privileges.
� User information files
●
All the information about the users and groups in the system are stored in mainly three files.
● /etc/passwd : It is a word readable file and contains a list of users, each on a separate line.
On each line is a colon delimited list containing the following information:
●
Username -The name the user types when logging into the system.
●
Password - Contains the encrypted password (or an x if shadow passwords are being
used)
●
User ID (UID) - It is the numerical equivalent of the Username field. The UID must be
unique for every user, with the exception of the UID 0 (zero). Any user who has a UID of 0
has root (administrative) access and thus has the full run of the system. Usually, the only
user who has this specific UID has the login root.
●
Group ID (GID) - It is the numerical equivalent of the primary group to which the user
belongs.
●
GECOS - This field can store various pieces of information for a user. It can act as a
placeholder for the user description, full name (first and last name), telephone number,
and so on. This field is optional and as a result can be left blank. It is also possible to
store multiple entries in this field by simply separating the different entries with a comma.
� ●
Home directory - The absolute path to the user's home directory. but it can also be any arbitrary
location on the system. Each user who actually logs into the system needs a place for
configuration files that are unique to that user.
●
Shell - The program automatically launched whenever a user logs in. This is usually a command
interpreter (often called a shell). Under Red Hat Enterprise Linux, the default value is /bin/bash. If
this field is left blank, /bin/sh is used. If it is set to a non-existent file, then the user will be unable
to log into the system.
● /etc/shadow : It is a text file that stores the encrypted password information for user accounts. This
shadow file is directly accessible only to the root user. In addition to storing the encrypted password,
the /etc/shadow file stores optional password aging or expiration information. Below are the 9 fields of
an /etc/shadow file.
●
Login name
●
Encrypted password
●
Days since January 1, 1970, that password was last changed
●
The minimum number of days required between password changes i.e. the number of days left
before the user is allowed to change her password again. An empty field and value 0 mean that
there are no minimum password age.
●
The maximum number of days the password is valid, after that user is forced to change her
password again
�●
Days before password is to expire that user is warned.
●
The number of days after password expires that account is disabled.
●
The date of expiration of the account, expressed as the number of days since Jan 1, 1970.
� /etc/group : The /etc/group file contains a list of groups, with one group per line.
Each group entry in the file has four standard fields, each colon-delimited, as in
the /etc/passwd and /etc/shadow files. Each user on the system belongs to at least
one group, that being the user’s default group. Users can then be assigned to
additional groups if needed.
●
Group name : The name of the group.
●
Group password : Optional, but if set, allows users who are not part of the group to
join.
●
Group ID (GID) : The numerical equivalent of the group name.
●
Group members : A comma-separated list
� User Management Tools
●
User management tools can be launched both from the command-line interface as well as
graphical user interface tools.
●
Command-Line User Management :
●
useradd : allows you to add a single user to the system. Unlike the GUI tools, this tool
has no interactive prompts. Instead, all parameters must be specified on the command
line.
– $ useradd <username> -d <home_dir> -u <user_id> -g <group> -s
<shell(/bin/bash)>
eg useradd john -u 10056 -g sudo -G shaiju -d /home/john -s /bin/bash
●
usermod : The usermod command allows you to modify an existing user in the
system. It works in much the same way as useradd.
$ usermod [options] LOGIN
eg $ usermod -d /home/alice john (changing the home directory of user john)
$ usermod -l new_john john (changing the login name)
$ usermod -aG john_grp john (adding user john to the group john_grp)
●
userdel : It does the exact opposite of useradd—it removes existing users.
$ userdel john
� ●
groupadd : command that allows you to create new user groups on the system. The
groupadd command adds groups to the /etc/group file.
●
$ groupadd [options] GROUP
●
groupdel : the command removes existing groups specified in the /etc/group file.
$ groupdel <groupname>
●
groupmod : the groupmod command allows you to modify the parameters of an
existing group. The syntax and options for this command are shown here:
g, --gid GID change the group ID to GID
● -n, --new-name NEW_GROUP change the name to NEW_GROUP
● -o, --non-unique allow to use a duplicate (non-unique) GID
● -p, --password PASSWORD change the password to this (encrypted) PASSWORD
●
GUI User Managers : Many of the Linux distributions come with their own GUI user managers.
Fedora, CentOS, and RHEL come with a utility called system-config-users, and
openSUSE/SEL Linux has a YaST module that can be invoked with yast2 users. Ubuntu uses a
tool called Users Account, which is bundled with the gnome-control-center system applet. All
these tools allow you to add, edit, and maintain the users on your system.
�Fedora •
Open SUSE
Ubuntu
