Built in linux users

How to Add, Remove and Modify Users in Linux

As a Linux administrator, it is essential to know how to add users, modify users and delete users in a Linux system. It is a good practice to have different accounts for different users and set permissions, for security purposes.

In this article, we will see how to manage users in Linux by adding new users, modifying existing users and delete user accounts which are not required.

To execute most of the commands in this article, you need root access. The distribution we’re using to show these examples supports sudo , so we’ll add sudo before the command to execute the command as root. If you don’t have sudo installed, then you may either log in as the root user into your system, or you may run su and enter the root password to gain root access.

The commands we’ve discussed here work across all Linux distributions, including Debian, Ubuntu, CentOS and RHEL.

Add a user in Linux

To add users, run the useradd command, like so:

For example, if you want to add the user named john , then the command will be like:

By default, useradd creates a user without creating a home directory. So, to make useradd create a home folder, we’ve used the -m switch.

If the command is successful, it won’t have any output, like so:

Adding a user in Linux

Behind the scenes, it automatically creates the user john by assigning a unique user ID for the user, and adding the user’s details to the /etc/passwd file. It also creates a home directory for the user under /home (so the full path is /home/john ).

At this point, the user has been created, but they don’t have a password and can’t log in. So, to assign a password to the newly created user, run the passwd command like so:

The command will ask for the new password, and ask you to confirm it:

Creating a password for a Linux user using passwd.

This command adds the user’s password in /etc/shadow in an encrypted format. After running this command, the new user should be able to login as usual.

You can view the new user’s ID by using id -u . In our case, john was given an ID of 1001:

User Groups in Linux

Before we move on creating and managing “groups”, let us review what a group is.

In Linux, groups are a collection of users. A group can have zero or more users assigned to it. Just like users, each group has its own “group name” and a unique “group ID”. Groups are used to assign users to a set of permissions, access or privileges.

There are two types of groups:

  1. Primary Group: When a Linux user is created, it is automatically assigned to a single, default group, known as the “primary group”. Usually, the name of the primary group is the same as the user’s username, although you can change this if you want.
  2. Supplementary Group: Apart from the primary group, you can add a user to other groups. These other groups to which a user belongs are called supplementary groups.

Let us understand this with an example. Previously, when we created the user john , a group named john was automatically created as well. This group is the primary group, and the user john was added to the group john .

Читайте также:  Linux remove all files in current directory

Later, you can add john to another group, such as sales . Now, with respect to the user john , sales is a supplementary group.

Information about all groups on your system is stored in /etc/group . Groups can also have passwords, although they’re rarely used because it requires everyone in the group to know a common password. If a group has a password, it is stored in /etc/gshadow .

Create a new Group

To create a new group in Linux, run the groupadd command, like so:

For example, to add a group named sales to your system, use the command:

Just like the useradd command groupadd also doesn’t show any output if the user was successfully created:

If you want to verify that the group was indeed created, you can view the file /etc/groups .

Previously, we’ve mentioned that group passwords are rarely ever used. However, if you do want to assign a group password, you can use the gpasswd command:

Enter the group password and confirm it by typing it again. The group password is set once you complete this process.

View a user’s groups and user ID

To see a user’s information, such as a user’s ID and the groups they belong to, you can use the id command. To see your own user’s information, simply type:

The output shows your user’s ID ( uid ) and primary group’s ID ( gid ), as well as a list of primary and supplementary groups you belong to. For example, in the output below, the user booleanworld belongs to the groups booleanworld and wheel .

Viewing the user information of your own user account.

On the other hand, if you want to view the information for a different user, use the following command:

It lists the user ID, primary group ID, as well as the associated names of the groups and their IDs:

Viewing a different user

Otherwise, if you only want to see the groups to which a user belongs, you can use the groups command. It’s similar to id , and by default it lists your own groups by default. For example, once again we can see that the current user, booleanworld belongs to the groups booleanworld and wheel .

Viewing groups with the

If you want to see the group of another user, use:

In the example below, we’re using it to list the groups john belongs to:

Viewing a different user

Add a User to a Group

Now that you have an idea about groups, we can now modify a user and assign them to groups. To add a user to a group, use the following command:

For example, to assign the user John to the group sales , you should run:

sudo usermod -a -G sales john

Here, the -a flag “adds” the user to the group and the -G signifies that we’re adding them to a supplementary group (as opposed to changing their primary group).

If you want to change the user’s primary group instead, you can use the -g flag like so:

In the above command, notice that we aren’t using the -a append flag. This is because, we want to simply change the primary group of the user, and we’re not adding the user to a group. By its very definition, a primary group can only have one user.

Change Password of a User

Previously, when we created a new user, we’ve used the passwd command to assign a password to the new user. You can also use this to change passwords. If you want to change your own password, simply run:

When you change your own password, it’ll ask you for your current password. Once you enter it correctly, you will be asked to enter your new password twice.

Читайте также:  Подключение usb to com linux

Changing your own password using passwd.

You can also use it to change a different by providing the username, although you need to be root to change passwords for others. The syntax for changing another user’s password is:

When you are the root user, passwd doesn’t ask you for your current password — it’ll just ask you for the new password.

You can also use passwd to prevent a user from logging in (aka “locking out the user”), using the -l switch. For example, if you want to prevent john from logging in, you can use:

Grant Sudo Permissions to Users

sudo is a utility to allow users to execute commands as another user, usually the root user. In most distributions, only a certain set of users can execute sudo .

For example, in Debian and its derivatives (like Ubuntu), users in the sudo group can use the sudo command. Similarly, CentOS or RHEL has a wheel group that does the same thing.

If you want a user (say john ) to be able to use sudo, you can use usermod to add them to the sudo group like so:

sudo usermod -a -G sudo john
sudo usermod -a -G wheel john

What if you don’t use something based on Debian or CentOS? Although the default sudo configuration can vary a lot between distributions, the steps below should help you get started.

First, you should create your own group, such as sysadmins and add users to it, just like we’ve done previously. Then, you can edit the file /etc/sudoers as a root user to allow anyone who belongs to sysadmins to have sudo access. To edit the file, you can use an editor like nano or vi by running:

sudo nano /etc/sudoders # if you have 'nano' installed sudo vi /etc/sudoers # if you have 'vi' installed

Now, go to the end of the file, and add the following text on its own line. This will allow anyone belonging to sysadmins to use sudo:

Save the file and exit the editor. After this, any users in sysadmins would be able to use sudo to run commands.

Delete a User in Linux

To delete a user in Linux, you can use userdel command, like so:

By default, this command preserves the home directory and some other special files, such as the user’s list of cron jobs. If you want to delete these files as well, you should use the —remove-all-files flag.

For example, if you want to delete the user john along with the home directory of john, use the following command:

If you liked this post, please share it 🙂

Источник

Users and groups

Users and groups are used on GNU/Linux for access control—that is, to control access to the system’s files, directories, and peripherals. Linux offers relatively simple/coarse access control mechanisms by default. For more advanced options, see ACL, Capabilities and PAM#Configuration How-Tos.

Overview

A user is anyone who uses a computer. In this case, we are describing the names which represent those users. It may be Mary or Bill, and they may use the names Dragonlady or Pirate in place of their real name. All that matters is that the computer has a name for each account it creates, and it is this name by which a person gains access to use the computer. Some system services also run using restricted or privileged user accounts.

Читайте также:  Sublime text alt linux

Managing users is done for the purpose of security by limiting access in certain specific ways. The superuser (root) has complete access to the operating system and its configuration; it is intended for administrative use only. Unprivileged users can use several programs for controlled privilege elevation.

Any individual may have more than one account as long as they use a different name for each account they create. Further, there are some reserved names which may not be used such as «root».

Users may be grouped together into a «group», and users may be added to an existing group to utilize the privileged access it grants.

Note: The beginner should use these tools carefully and stay away from having anything to do with any other existing user account, other than their own.

Permissions and ownership

The UNIX operating system crystallizes a couple of unifying ideas and concepts that shaped its design, user interface, culture and evolution. One of the most important of these is probably the mantra: «everything is a file,» widely regarded as one of the defining points of UNIX. This key design principle consists of providing a unified paradigm for accessing a wide range of input/output resources: documents, directories, hard-drives, CD-ROMs, modems, keyboards, printers, monitors, terminals and even some inter-process and network communications. The trick is to provide a common abstraction for all of these resources, each of which the UNIX fathers called a «file.» Since every «file» is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device.

A fundamental and very powerful, consistent abstraction provided in UNIX and compatible operating systems is the file abstraction. Many OS services and device interfaces are implemented to provide a file or file system metaphor to applications. This enables new uses for, and greatly increases the power of, existing applications — simple tools designed with specific uses in mind can, with UNIX file abstractions, be used in novel ways. A simple tool, such as cat, designed to read one or more files and output the contents to standard output, can be used to read from I/O devices through special device files, typically found under the /dev directory. On many systems, audio recording and playback can be done simply with the commands, » cat /dev/audio > myfile » and » cat myfile > /dev/audio ,» respectively.

Every file on a GNU/Linux system is owned by a user and a group. In addition, there are three types of access permissions: read, write, and execute. Different access permissions can be applied to a file’s owning user, owning group, and others (those without ownership). One can determine a file’s owners and permissions by viewing the long listing format of the ls command:

total 13740 drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub -rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img -rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img -rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26 -rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux

The first column displays the file’s permissions (for example, the file initramfs-linux.img has permissions -rw-r—r— ). The third and fourth columns display the file’s owning user and group, respectively. In this example, all files are owned by the root user and the root group.

total 16 drwxrwx--- 1 root vboxsf 16384 Jan 29 11:02 sf_Shared

In this example, the sf_Shared directory is owned by the root user and the vboxsf group. It is also possible to determine a file’s owners and permissions using the stat command:

Источник

Оцените статью
Adblock
detector