DEV Community

Cover image for Managing User and Groups
Kbustast
Kbustast

Posted on • Edited on

Managing User and Groups

What is a User?
A user account is used to provide security boundaries between different people and programs that can run commands.

Users have user names to identify them to human users and make them easier to work with. Internally, the system distinguishes user accounts by the unique identification number assigned to them, the user ID or UID. If a user account is used by humans, it will generally be assigned a secret password that the user will use to prove that they are the actual authorized user when logging in.

User accounts are fundamental to system security. Every process (running program) on the system runs as a particular user. Every file has a particular user as its owner. File ownership helps the system enforce access control for users of the files. The user associated with a running process determines the files and directories accessible to that process.

Image descriptionYou can use the id command to show information about the currently logged-in user.

Gaining Superuser Access
**
**The Superuser

Most operating systems have some sort of superuser, a user that has all power over the system. In Red Hat Enterprise Linux this is the root user. This user has the power to override normal privileges on the file system, and is used to manage and administer the system. To perform tasks such as installing or removing software and to manage system files and directories, users must escalate their privileges to the root user. The root account on Linux is roughly equivalent to the local Administrator account on Microsoft Windows. In Linux, most system administrators log in to the system as an unprivileged user and use various tools to temporarily gain root privileges.

Switching Users
The su command allows users to switch to a different user account. If you run su from a regular user account, you will be prompted for the password of the account to which you want to switch.
If you omit the user name, the su or su - command attempts to switch to root by default.

Image description

Managing Local User Accounts
Managing Local Users
A number of command-line tools can be used to manage local user accounts.
Creating Users from the Command Line

  • The useradd username command creates a new user named username. It sets up the user's home directory and account information, and creates a private group for the user named username. At this point the account does not have a valid password set, and the user cannot log in until a password is set.

  • The useradd --help command displays the basic options that can be used to override the defaults. In most cases, the same options can be used with the usermod command to modify an existing user.

  • Some defaults, such as the range of valid UID numbers and default password aging rules, are read from the /etc/login.defs file. Values in this file are only used when creating new users. A change to this file does not affect existing users.
    Modifying Existing Users from the Command Line

The usermod --help command displays the basic options that can be used to modify an account. Some common options include:

-c Add the user's real name to the comment field.
-u Unlock the user account.
-g Specify the primary group for the user account.

Deleting Users from the Command Line

  • The userdel username command removes the details of username from /etc/passwd, but leaves the user's home directory intact.

  • The userdel -r username command removes the details of username from /etc/passwd and also deletes the user's home directory.

Setting Passwords from the Command Line
The passwd username command sets the initial password or changes the existing password of username.

What is a Group?
A group is a collection of users that need to share access to files and other system resources. Groups can be used to grant access to files to a set of users instead of just a single user.

Like users, groups have group names to make them easier to work with. Internally, the system distinguishes groups by the unique identification number assigned to them, the group ID or GID.

Create, modify, and delete groups
Like the user account commands described above, the group management commands are very intuitive and provide a lot of flexibility. There is an easy-to-remember command for each function you might need to carry out for a group:

  • Add a group: groupadd
# create new group01 with GID 10000
groupadd -g 10000 group01
# if no GID is added the next available will be used.
# confirm with:
tail /etc/group
Enter fullscreen mode Exit fullscreen mode
  • Modify a group: groupmod

  • Delete a group: groupdel

# modify groups
groupmod -g 1006 group01 # change GID for group01
groupmod -n groupONE group01 # change name
groupdel groupONE # delete group
Enter fullscreen mode Exit fullscreen mode

Top comments (0)