Linux manage users and groups

Users and groups

Users and groups are used on GNU/Linux for access control—that is, to control access to the system’s files, directories, and peripherals. Linux offers relatively simple/coarse access control mechanisms by default. For more advanced options, see ACL, Capabilities and PAM#Configuration How-Tos.

Overview

A user is anyone who uses a computer. In this case, we are describing the names which represent those users. It may be Mary or Bill, and they may use the names Dragonlady or Pirate in place of their real name. All that matters is that the computer has a name for each account it creates, and it is this name by which a person gains access to use the computer. Some system services also run using restricted or privileged user accounts.

Managing users is done for the purpose of security by limiting access in certain specific ways. The superuser (root) has complete access to the operating system and its configuration; it is intended for administrative use only. Unprivileged users can use several programs for controlled privilege elevation.

Any individual may have more than one account as long as they use a different name for each account they create. Further, there are some reserved names which may not be used such as «root».

Users may be grouped together into a «group», and users may be added to an existing group to utilize the privileged access it grants.

Note: The beginner should use these tools carefully and stay away from having anything to do with any other existing user account, other than their own.

Permissions and ownership

The UNIX operating system crystallizes a couple of unifying ideas and concepts that shaped its design, user interface, culture and evolution. One of the most important of these is probably the mantra: «everything is a file,» widely regarded as one of the defining points of UNIX. This key design principle consists of providing a unified paradigm for accessing a wide range of input/output resources: documents, directories, hard-drives, CD-ROMs, modems, keyboards, printers, monitors, terminals and even some inter-process and network communications. The trick is to provide a common abstraction for all of these resources, each of which the UNIX fathers called a «file.» Since every «file» is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device.

Читайте также:  High performance linux clusters

A fundamental and very powerful, consistent abstraction provided in UNIX and compatible operating systems is the file abstraction. Many OS services and device interfaces are implemented to provide a file or file system metaphor to applications. This enables new uses for, and greatly increases the power of, existing applications — simple tools designed with specific uses in mind can, with UNIX file abstractions, be used in novel ways. A simple tool, such as cat, designed to read one or more files and output the contents to standard output, can be used to read from I/O devices through special device files, typically found under the /dev directory. On many systems, audio recording and playback can be done simply with the commands, » cat /dev/audio > myfile » and » cat myfile > /dev/audio ,» respectively.

Every file on a GNU/Linux system is owned by a user and a group. In addition, there are three types of access permissions: read, write, and execute. Different access permissions can be applied to a file’s owning user, owning group, and others (those without ownership). One can determine a file’s owners and permissions by viewing the long listing format of the ls command:

total 13740 drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub -rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img -rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img -rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26 -rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux

The first column displays the file’s permissions (for example, the file initramfs-linux.img has permissions -rw-r—r— ). The third and fourth columns display the file’s owning user and group, respectively. In this example, all files are owned by the root user and the root group.

total 16 drwxrwx--- 1 root vboxsf 16384 Jan 29 11:02 sf_Shared

In this example, the sf_Shared directory is owned by the root user and the vboxsf group. It is also possible to determine a file’s owners and permissions using the stat command:

Источник

Managing Users and Groups in Linux

announcement - icon

The Kubernetes ecosystem is huge and quite complex, so it’s easy to forget about costs when trying out all of the exciting tools.

Читайте также:  Linux update package list

To avoid overspending on your Kubernetes cluster, definitely have a look at the free K8s cost monitoring tool from the automation platform CAST AI. You can view your costs in real time, allocate them, calculate burn rates for projects, spot anomalies or spikes, and get insightful reports you can share with your team.

Connect your cluster and start monitoring your K8s costs right away:

1. Overview

In this tutorial, we’re going to learn how to create, modify, and delete users and groups in Linux using the terminal. In addition, we’ll learn how to add a user to a group, how to remove one from a group, how to list all users, and how to get more information about the existing users on a Linux machine.

2. List All Users

The file /etc/passwd contains all registered users as well as information about them:

$ cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin . daemon. /var/run/pulse:/usr/sbin/nologin systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin baeldung:x:1000:1000. /home/baeldung:/bin/bash

/etc/passwd lists users in this format:

username:x:user id: group id: , , , :/home/username:/bin/bash

Each user has its own UID. 0 is root. 1 to 999 are system users, and from 1000 onward are local users.

3. See User and Group IDs

Linux has a command, id, that prints user and group IDs for the specified user:

$ id baeldung uid=1000(baeldung) gid=1000(baeldung) groups=1000(baeldung),27(sudo)

We can see what groups the specified user is in.

4. Create a New User

To create a new user in Linux, we can use the useradd command:

$ sudo useradd --create-home new_user

In addition, we can add the –create-home option to create a home directory for the new user.

5. Add/Change User Password

We can use passwd to make a new password for a user or to change a user’s password:

$ sudo passwd new_user [sudo] password for baeldung: New password: Retype new password: passwd: password updated successfully

The new user that we created didn’t have a password. As a result, passwd made one for it.

6. Modify User

usermod can modify a user account.

6.1. Change Primary Group

We can add the -g option to change the main group of a user account:

$ id new_user uid=2027(new_user) gid=2027(new_user) groups=2027(new_user) $ sudo usermod -g baeldung new_user $ id new_user uid=2027(new_user) gid=1000(baeldung) groups=1000(baeldung)

The new group replaces the previous group.

6.2. Change UID

We can add the -u option to change the user ID of an existing user account:

$ id new_user uid=2027(new_user) gid=1000(baeldung) groups=1000(baeldung) $ sudo usermod -u 2030 new_user $ id new_user uid=2030(new_user) gid=1000(baeldung) groups=1000(baeldung)

The command has changed the UID from 2027 to 2030.

Читайте также:  Linux make system user

6.3. Change Login Name

The -l option helps us change the login name of an existing user account:

$ id new_user uid=2030(new_user) gid=1000(baeldung) groups=1000(baeldung) $ sudo usermod -l new_name new_user $ id new_name uid=2030(new_name) gid=1000(baeldung) groups=1000(baeldung)

The command has changed the login name from new_user to new_name.

7. Delete a User

We can use userdel to delete an existing user. Adding the -r option will make userdel delete the user’s home directory along with its contents, as well as the user’s mail spool:

$ sudo userdel -r new_user [sudo] password for baeldung: userdel: new_user mail spool (/var/mail/new_user) not found userdel: new_user home directory (/home/new_user) not found

This user didn’t have a mail spool or a home directory defined for it. So, -r was unnecessary.

8. Add User to Group

To add a user to a group, we can use gpasswd -a:

$ id new_user uid=2027(new_user) gid=2027(new_user) groups=2027(new_user) $ sudo gpasswd -a new_user baeldung Adding user new_user to group baeldung $ id new_user uid=2027(new_user) gid=2027(new_user) groups=2027(new_user),1000(baeldung)

The command has appended the specified group to new_user‘s groups.

9. Remove User From Group

We can use gpasswd -d to remove a user from a group:

$ id new_user uid=2027(new_user) gid=2027(new_user) groups=2027(new_user),1000(baeldung) $ sudo gpasswd -d new_user baeldung Removing user new_user from group baeldung $ id new_user uid=2027(new_user) gid=2027(new_user) groups=2027(new_user)

The command has removed new_user from the specified group.

10. Create a New Group

We can use groupadd to create a new group:

$ sudo groupadd new_group $ cat /etc/group | grep new_group new_group:x:2028:

The command has created a new group, and its group ID is 2028.

11. Modify Group

We can use groupmod to modify a group.

11.1. Change GID

We can add the -g option to change the group ID of an existing group:

$ cat /etc/group | grep new_group new_group:x:2028: $ sudo groupmod -g 2040 new_group $ cat /etc/group | grep new_group new_group:x:2040:

The command has changed the group ID from 2028 to 2040.

11.2. Change Group Name

To change a group’s name, we can add the -n option:

$ cat /etc/group | grep new_group new_group:x:2040: $ sudo groupmod -n new_name new_group $ cat /etc/group | grep new_name new_name:x:2040:

The command has changed the group’s name from new_group to new_name.

12. Delete a Group

To remove an existing group, we can use groupdel:

13. Conclusion

To sum up, we learned how to manage users and groups, as well as how to get more information about users on a Linux machine.

Источник

Оцените статью
Adblock
detector