- Users and groups
- Overview
- Permissions and ownership
- How to Manage Users and Groups on Ubuntu 22.04
- A Quick Overview
- 1. Create a new user
- 2. Understanding the /etc/passwd file
- 3. Change the login name of a user
- 4. Change the user ID of a user
- 5. Change the group of a user
- 6. Add a user to the sudoers group
- 7. Change the password of a user
- 8. Delete a user
- 9. Delete a home directory of a user
- 10. Add a new group
- 11. Understanding /etc/group file
- 12. Create a system group
- 13. Add a new group with specific GID
- 14. Remove a user from the group
- 15. Delete a group
- Conclusion
Users and groups
Users and groups are used on GNU/Linux for access control—that is, to control access to the system’s files, directories, and peripherals. Linux offers relatively simple/coarse access control mechanisms by default. For more advanced options, see ACL, Capabilities and PAM#Configuration How-Tos.
Overview
A user is anyone who uses a computer. In this case, we are describing the names which represent those users. It may be Mary or Bill, and they may use the names Dragonlady or Pirate in place of their real name. All that matters is that the computer has a name for each account it creates, and it is this name by which a person gains access to use the computer. Some system services also run using restricted or privileged user accounts.
Managing users is done for the purpose of security by limiting access in certain specific ways. The superuser (root) has complete access to the operating system and its configuration; it is intended for administrative use only. Unprivileged users can use several programs for controlled privilege elevation.
Any individual may have more than one account as long as they use a different name for each account they create. Further, there are some reserved names which may not be used such as «root».
Users may be grouped together into a «group», and users may be added to an existing group to utilize the privileged access it grants.
Note: The beginner should use these tools carefully and stay away from having anything to do with any other existing user account, other than their own.
Permissions and ownership
The UNIX operating system crystallizes a couple of unifying ideas and concepts that shaped its design, user interface, culture and evolution. One of the most important of these is probably the mantra: «everything is a file,» widely regarded as one of the defining points of UNIX. This key design principle consists of providing a unified paradigm for accessing a wide range of input/output resources: documents, directories, hard-drives, CD-ROMs, modems, keyboards, printers, monitors, terminals and even some inter-process and network communications. The trick is to provide a common abstraction for all of these resources, each of which the UNIX fathers called a «file.» Since every «file» is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device.
A fundamental and very powerful, consistent abstraction provided in UNIX and compatible operating systems is the file abstraction. Many OS services and device interfaces are implemented to provide a file or file system metaphor to applications. This enables new uses for, and greatly increases the power of, existing applications — simple tools designed with specific uses in mind can, with UNIX file abstractions, be used in novel ways. A simple tool, such as cat, designed to read one or more files and output the contents to standard output, can be used to read from I/O devices through special device files, typically found under the /dev directory. On many systems, audio recording and playback can be done simply with the commands, » cat /dev/audio > myfile » and » cat myfile > /dev/audio ,» respectively.
Every file on a GNU/Linux system is owned by a user and a group. In addition, there are three types of access permissions: read, write, and execute. Different access permissions can be applied to a file’s owning user, owning group, and others (those without ownership). One can determine a file’s owners and permissions by viewing the long listing format of the ls command:
total 13740 drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub -rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img -rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img -rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26 -rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux
The first column displays the file’s permissions (for example, the file initramfs-linux.img has permissions -rw-r—r— ). The third and fourth columns display the file’s owning user and group, respectively. In this example, all files are owned by the root user and the root group.
total 16 drwxrwx--- 1 root vboxsf 16384 Jan 29 11:02 sf_Shared
In this example, the sf_Shared directory is owned by the root user and the vboxsf group. It is also possible to determine a file’s owners and permissions using the stat command:
How to Manage Users and Groups on Ubuntu 22.04
Linux is a multi-user and multi-tasking operating system. User and group management are the two most important tasks to be performed by Linux administrators.
In Linux, each user has their own login name and a home directory. Every user belongs to a primary group, and users can be added to multiple secondary groups. All users in the group will have the same group permission on files and folders. This makes it easier to provide permission for multiple users.
This tutorial will demonstrate how to manage users and groups in the Linux system.
A Quick Overview
The command-line tools to manage the users and groups in Linux are:
adduser / useradd : To add a user
addgroup / groupadd : To add a group
usermod : To modify a user account
deluser / userdel : To delete a user
delgroup / groupdel : To delete a group
passwd : To change the user’s password
We will cover the practical examples of all commands in this article. To follow the tutorial, you will need to switch to the root user or any user with sudo privileges.
1. Create a new user
You can add a new user to the system using the adduser command. The following command creates a new user henry in the system.
It will prompt you to enter the password for the new user and other user details.
To verify the user, you can try to log in as a new user.
2. Understanding the /etc/passwd file
The /etc/passwd is a plain text file that stores the user account information in Linux. You can use the cat command to view the content of /etc/passwd .
Each user has one entry per line. The fields are separated by a colon : symbol and contains the following information.
username:password:UID:GID:GECOS:home_directory:shell
The new entries are saved at the end of a file. To find a user henry , you can see the last entries. Alternatively, you can use the grep command.
3. Change the login name of a user
You can use the usermod command to change a user’s login name in Linux. This command renames the user henry to james .
$ sudo usermod -l james henry
As you can see, the username is changed to james .
4. Change the user ID of a user
By default, the system automatically sets the next available UID when creating a user. The usermod command with -u flag can be used to change the UID of a user.
The following command changes the user ID of james to 4567 .
$ sudo usermod -u 4567 james
5. Change the group of a user
The -g option with usermod command changes the primary group of a user. For example, to change the primary group of a user james to linuxwizardry , you can run this command.
$ sudo usermod -g linuxwizardry james
The specified group must already exist in the system.
In Linux, a user can have only one primary group. But you can assign a user to multiple secondary groups. The -G flag allows you to specify the secondary group for a user.
The following command adds a user james to the group ubuntu .
$ sudo usermod -G ubuntu james
6. Add a user to the sudoers group
You can add a user to the sudoers group and provide sudo privileges to that user. This command adds a user james to the sudo group.
$ sudo usermod -aG sudo james
The -a option adds a user to the group without removing the current group.
Next, log in as a user james and run the sudo command to confirm.
7. Change the password of a user
The passwd command is used to change the user’s password in Linux. The following command changes the password of a user james .
8. Delete a user
When the user account is not needed, you might want to delete it from the system. The userdel command helps to remove a user in Linux.
The below command deletes a user james from the system.
9. Delete a home directory of a user
The usedel command without any flags only removes a user. It does not delete the home directory of a user in the /home directory.
To delete a user along with its home directory, you can use:
10. Add a new group
You can add a new group to the system using the groupadd or addgroup command. The following example creates a new group computer on the system.
11. Understanding /etc/group file
The /etc/group file stores the group details in a list. Each entry contains the following group information for each group.
group_name:group_pwd:group_id:group_list
You can display the entries in /etc/group file with the cat command.
12. Create a system group
If you need to add a new system group, you can use the -r flag with the groupadd command. This command creates a new system group sysmin .
Output:
13. Add a new group with specific GID
When creating a new group, the system assigns the next available group ID by default. You can change this behavior and specify a GID for a new group with the -g flag.
The following command creates a new group bank with a custom group ID 644 .
Output:
14. Remove a user from the group
Sometimes you might need to remove a user from the secondary groups. You can do it by specifying the username and group to the deluser command.
The below command removes a user rohan from the group ubuntu .
$ sudo deluser rohan ubuntu
Output:
15. Delete a group
You can remove a group from the system using the delgroup or groupdel command.
To delete a group ubuntu , run the following command.
Output:
If the specified group is the primary group of any user, it cannot be deleted. You must first change the primary group of a user.
Conclusion
Managing users and groups is one of the essential skills for every Linux administrator. You have learned the different examples of user and group management commands in Linux. Now you know how to perform the tasks like creating new users and groups, adding users to groups, changing the username and password, deleting users and groups, and much more.
We hope you found this article helpful. Please let us know if you have any confusion about any examples in the comment section below.