My Cloud and DevOps Journey
Day-7: Users and Groups Management in Linux

Day-7: Users and Groups Management in Linux

Umar Ali Butt's photo
Umar Ali Butt
·

5 min read

Managing the Users and Groups in Linux is essential aspect of System Administration and below is the guide about how we can manage the Users and Groups in Linux.

1. Linux Users

A user in Linux is an account which is use to log into the system. Each user is identified by a UID ( User Identifier) and it has specific permissions.

There are 3 types of Users in Linux.

a. Root User:

  • This is the super user with full control of the system

  • Root user has UID = 0

  • Root user can execute any command and access any file.

b. Regular User:

  • These are Non-privileged users with limited access to the system.

  • Regular users are typically created for individual users who wants to access the system

c. System User:

  • Used by system services and processes for example daemon, bin etc.

  • These accounts often have no login shells and are used internally by the system as shown below:

    User Files:

    • /etc/passwd:

      • This contains user account information

      • Format is: username:x:UID:GID:comment:home_directory:shell

    • /etc/shadow:

      • This stores the password hashes for users.

      • Only Root user can access this.

    • /home/<username>:

      • This is default home directory for each user

  1. Linux Groups:

    A groups is a collection of users that shares permissions to the files and directories . Each group is identified by GID (Group Identifier).

Types of Groups:

  1. Primary Group

    • Assigned to user on creation

    • Files which are created by user, belongs to this group

  2. Secondary Group

    • Additional groups a user can be part of for shared permission

Group Files:

  • /etc/group:

    • It contains group account information

    • Format for this is: groupname:x:GID:user1,user2,user3

2. User and Group Management Commands

User Management

  1. Add a User:

    • In above, we have created a new user morten with useradd command

    • We have put password for user morten with passwd <user> command

    • To verify if the user is created or not, we can run the command cat /etc/passwd as shown below:

      Now we want to set the home directory for newly created user, we will use -m option

      Now if we also want to specify that which shell user will use, we can do that as follow:

      In above example, we have also verified that user Erik is created.

  1. Removing User

    • userdel command removed the user from the system as shown below

      and if you want to remove the user along with their home directory

      sudo userdel -r john

      To verify if user is properly deleted, you can check with

      cat /etc/passwd

To view the user information (Displays UID, GID, and group membership), you can use

id <username>

If you want to add user in different directory, you can do that with

useradd -m -d </Directory Path> <username>

Group Management

  1. Add Group

    To add new group we are going to use

    sudo groupadd <groupname>

  2. DeleteGroup

    To delete the group, we will use

    sudo groupdel <groupname>

  3. Viewing Group Membership

    We use following command to displays the groups a user belongs to.

    groups <username>

  4. Adding User to a Group

    To add user into group, we will use usermod command as shown below

    sudo usermod -aG developers umar

    this will add user umar into group developers

    In above example, we can see that the user “umar” is now part of 2 groups i-e developers and umar

3. Switching Users

Using su (Switch User)

We use “su” command to switch to another user account

For example:

Using sudo (Execute as Superuser)

The “sudo” command executes the command with root privileges as shown below:

Configuring Sudo Access

When you create the user, you can open the sudoer files and add the user in that file as shown below:

visudo

Now add the user in this file

Now save the file and once you switch to user “ali” and you can verify if the user have sudo privileges

4. Password Management & Policy

We use “passwd” command to set or change password for users.

Syntax

passwd <username>

For example

Password Aging Policies

In Linux, we can also configure password policies such as expiry, minimum age and maximum age or Lock the user.

Command

chage: Modify password aging policies

For example, if we want to check the aging information of user:

sudo chage -l <username>

Now, if we want to set password expiry to 90 days, we can do that with following command:

sudo chage -M 90 <username>

Now, if we want user to change password on his/her next login, we can do that with following command:

sudo chage -d 0 <username>

Enforcing Strong Passwords

We need to install the package name “libpam-pwquality” to enforce strong password policies

You can the the configuration by opening

vi /etc/security/pwquality.conf

I hope you have enjoyed reading my Blog on my Cloud and DevOps journey. If you like the blog, Please don't forget to re-share it so we all can learn and enjoy.

LinuxLinux Users and Groups