What is a user?
A user account is used to provide security boundaries between different people and programs that can run commands.
There are three main types of user account: the superuser, system users, and regular users.
- The superuser account is for administration of the system. The name of the superuser is root and the account has UID 0. The superuser has full access to the system.
- The system has system user accounts which are used by processes that provide supporting services. These processes, or daemons, usually do not need to run as the superuser. They are assiged non-privileged accounts that allow them to secure their files and other resources from each other and from regular users on the system. Users do not interactively log in using a system user account.
- Most users have regular user accounts which they use for their day-to-day work. Like system users, regular users have limited access to the system.
You can use the id command to show information about the currently logged-in user.
$ id
To view basic information about another user, pass the username to the id command as an argument.
$ id user02
To view the owner of a file use the ls -l command. To view the owner of a directory use the ls -ld command. In the following output, the third column shows the username.
$ ls -l file1
$ ls -ld dir1
To view process information, use the ps command. To view the user associated with a process, include the u option. In the following output, the first column shows the username.
ps -au
On most Linux distributions, when creating a new user account with useradd, the user’s home directory is not created.
Use the -m (--create-home) option to create the user home directory as /home/username:
$ sudo useradd -m username
The command above creates the new user’s home directory and copies files from /etc/skel directory to the user’s home directory. If you list the files in the /home/username directory, you will see the initialization files:
$ sudo ls -la /home/username/
Deleting Users from the Command Line
- The userdel username command removes the details of username from /etc/passwd, but leaves the user's home directory intact.
- The userdel -r username command removes the details of username from /etc/passwd and also deletes the user's home directory.
A group is a collection of users that need to share access to files and other system resources. Groups can be used to grant access to files to a set of users instead of just a single user.
What is a group?
Managing Local Groups
A group must exist before a user can be added to that group. Several command-line tools are used to manage local group accounts.
Every user has exactly one primary group. For local users, this is the group listed by GID number in the /etc/passwd file. By default, this is the group that will own new files created by the user.
Creating Groups from the Command Line
- The groupadd command creates groups. Without options the groupadd command uses the next available GID from the range specified in the /etc/login.defs file while creating the groups.
- The -g option specifies a particular GID for the group to use.
$ sudo groupadd -g 10000 group01
$ tail /etc/group
- The -r option creates a system group using a GID from the range of valid system GIDs listed in the /etc/login.defs file. The SYS_GID_MIN and SYS_GID_MAX configuration items in /etc/login.defs define the range of system GIDs.
$ sudo groupadd -r group02$ sudo groupmod -n group0022 group02
$ tail /etc/group
- The groupmod command changes the properties of an existing group. The -n option specifies a new name for the group.
$ sudo groupmod -n group0022 group02
- The -g option specifies a new GID.
$ sudo groupmod -g 20000 group0022
$ tail /etc/group
Deleting Groups from the Command Line
- The groupdel command removes groups.
$ sudo groupdel group0022
Changing Group Membership from the Command Line
- The membership of a group is controlled with user management. Use the usermod -g command to change a user's primary group.
$ id user02
$ sudo usermod -g group01 user02
$ id user02
- Use the usermod -aG command to add a user to a supplementary group.
$ id user03
$ sudo usermod -aG group01 user03
$ id user03
Top comments (0)