- System Users and Human Users in Linux Explained with Examples
- System Users and Human Users in Linux Explained with Examples
- Human Users
- System Users
- How to Find UID and GID of a user
- Create System User
- Create System group
- Good To Know
- Unix / Linux — User Administration
- Root account
- System accounts
- User accounts
- Managing Users and Groups
- Create a Group
- Modify a Group
- Delete a Group
- Create an Account
- Modify an Account
- Delete an Account
System Users and Human Users in Linux Explained with Examples
In this article, we will look into two types of user in Linux — System Users and Human Users. As you probably know, every Linux System has an entity called User which performs a range of system management tasks. Each user will have a unique ID called UID(User ID) and GID(Group ID). Similarly, there is another entity available called groups which is nothing but collection of users has its own role to play. User Management and Groups is an integral part of Linux System Administration which needs to be understood in detail. Here we will look into different types of users in detail with examples.
System Users and Human Users in Linux Explained with Examples
There are basically two types of users in Linux:-
Human Users
Each user has unique UID(User ID) and GID(Group ID) . Whenever a user is created, it owns a home directory where all personal files and folders can be stored.
Switch to home directory. Then create a new user. We will notice that whenever a new user is created, its home directory also gets created.
[root@cyberithub home]# pwd /home [root@cyberithub home]# useradd cyberithub [root@cyberithub home]# ls cyberithub
Human users are further of two types:-
- Root user -> also known as superuser which has all the privileges and has all the control to do anything on the system.
- Common user -> also known as unprivileged users has limited rights to perform operation on their owned files and directory. Normal users can be given different level of privileges or complete root privilege totally based on the need and requirement.
System Users
System Users mostly run system services and processes in the background also known as non-interactive processes. System Users doesn’t own home directory. We can find all the created users details in /etc/passwd file and all active groups details in /etc/group file.
Root user has the privileges to add, delete, update any users and groups. Below are the useful command to perform any operations on users and groups.
a) useradd -> to create a new user
[root@cyberithub home]# useradd cyberithub [root@cyberithub home]# grep cyberithub /etc/passwd cyberithub:x:1003:1003::/home/ cyberithub:/bin/bash
b) userdel -> to delete an existing user
[root@cyberithub home]# userdel cyberithub c) groupadd -> to create a new group
[root@cyberithub home]# groupadd cyberithub [root@cyberithub home]# grep cyberithub /etc/group cyberithub:x:1003:
d) groupdel -> to delete an existing group
[root@cyberithub home]# groupdel cyberithub e) usermod -> make changes to existing users. There are many operations that can be performed once the user is created like adding the comment, changing the password, changing the home dir etc. One such example is given below. We are changing the home directory of user cyberithub from /home/cyberithub to /home/gpuser . More about usermod command.
[root@cyberithub home]# grep cyberithub /etc/passwd cyberithub:x:1003:1003::/home/ cyberithub:/bin/bash [root@cyberithub home]# usermod -d /home/gpuser cyberithub [root@cyberithub home]# grep cyberithub /etc/passwd cyberithub:x:1003:1003::/home/gpuser:/bin/bash
f) passwd -> create or change password for any user
[root@cyberithub home]# passwd cyberithub Changing password for user cyberithub. New password: Retype new password: passwd: all authentication tokens updated successfully. How to Find UID and GID of a user
To find the UID or GID of any user simply execute below command.
a) id -> to view the UID and GID of current user
[root@cyberithub home]# id uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 b) id user_name -> to view UID and GID of a particular user
[root@cyberithub home]# id cyberithub uid=1003(cyberithub) gid=1003(cyberithub) groups=1003(cyberithub) Create System User
System users can also be created using useradd command but with some extra flags in the command. Below we are creating a system user called ‘cyberuser’ where
r -> create a system user with a real ID in the correct numerical range for system users
s -> specifies the login shell
/bin/false -> dummy command that prevents the user from logging into the system.
[root@cyberithub home]# useradd -rs /bin/false cyberuser [root@cyberithub home]# grep cyberuser /etc/passwd cyberuser:x:997:993::/home/cyberuser:/bin/false
Create System group
System user can be created using the same command but with -r flag.
[root@cyberithub home]# groupadd -r cyberuser [root@cyberithub home]# grep cyberuser /etc/group cyberuser:x:993:
Good To Know
Human users differ from Group users in terms of UID and GID range that are assigned to them. This setting can be found in /etc/login.defs file. Notice the below section of the file where UID and GID range is different for system and human users.
[root@cyberithub home]# view /etc/login.defs # Min/max values for automatic uid selection in useradd # UID_MIN 1000 UID_MAX 60000 # System accounts SYS_UID_MIN 201 SYS_UID_MAX 999 # # Min/max values for automatic gid selection in groupadd # GID_MIN 1000 GID_MAX 60000 # System accounts SYS_GID_MIN 201 SYS_GID_MAX 999 # Unix / Linux — User Administration
In this chapter, we will discuss in detail about user administration in Unix.
There are three types of accounts on a Unix system −
Root account
This is also called superuser and would have complete and unfettered control of the system. A superuser can run any commands without any restriction. This user should be assumed as a system administrator.
System accounts
System accounts are those needed for the operation of system-specific components for example mail accounts and the sshd accounts. These accounts are usually needed for some specific function on your system, and any modifications to them could adversely affect the system.
User accounts
User accounts provide interactive access to the system for users and groups of users. General users are typically assigned to these accounts and usually have limited access to critical system files and directories.
Unix supports a concept of Group Account which logically groups a number of accounts. Every account would be a part of another group account. A Unix group plays important role in handling file permissions and process management.
Managing Users and Groups
There are four main user administration files −
- /etc/passwd − Keeps the user account and password information. This file holds the majority of information about accounts on the Unix system.
- /etc/shadow − Holds the encrypted password of the corresponding account. Not all the systems support this file.
- /etc/group − This file contains the group information for each account.
- /etc/gshadow − This file contains secure group account information.
Check all the above files using the cat command.
The following table lists out commands that are available on majority of Unix systems to create and manage accounts and groups −
Adds accounts to the system
Modifies account attributes
Deletes accounts from the system
Adds groups to the system
Modifies group attributes
Removes groups from the system
You can use Manpage Help to check complete syntax for each command mentioned here.
Create a Group
We will now understand how to create a group. For this, we need to create groups before creating any account otherwise, we can make use of the existing groups in our system. We have all the groups listed in /etc/groups file.
All the default groups are system account specific groups and it is not recommended to use them for ordinary accounts. So, following is the syntax to create a new group account −
groupadd [-g gid [-o]] [-r] [-f] groupname
The following table lists out the parameters −
The numerical value of the group’s ID
This option permits to add group with non-unique GID
This flag instructs groupadd to add a system account
This option causes to just exit with success status, if the specified group already exists. With -g, if the specified GID already exists, other (unique) GID is chosen
Actual group name to be created
If you do not specify any parameter, then the system makes use of the default values.
Following example creates a developers group with default values, which is very much acceptable for most of the administrators.
Modify a Group
To modify a group, use the groupmod syntax −
$ groupmod -n new_modified_group_name old_group_name
To change the developers_2 group name to developer, type −
$ groupmod -n developer developer_2
Here is how you will change the financial GID to 545 −
Delete a Group
We will now understand how to delete a group. To delete an existing group, all you need is the groupdel command and the group name. To delete the financial group, the command is −
This removes only the group, not the files associated with that group. The files are still accessible by their owners.
Create an Account
Let us see how to create a new account on your Unix system. Following is the syntax to create a user’s account −
useradd -d homedir -g groupname -m -s shell -u userid accountname
The following table lists out the parameters −
Specifies home directory for the account
Specifies a group account for this account
Creates the home directory if it doesn’t exist
Specifies the default shell for this account
You can specify a user id for this account
Actual account name to be created
If you do not specify any parameter, then the system makes use of the default values. The useradd command modifies the /etc/passwd, /etc/shadow, and /etc/group files and creates a home directory.
Following is the example that creates an account mcmohd, setting its home directory to /home/mcmohd and the group as developers. This user would have Korn Shell assigned to it.
$ useradd -d /home/mcmohd -g developers -s /bin/ksh mcmohd
Before issuing the above command, make sure you already have the developers group created using the groupadd command.
Once an account is created you can set its password using the passwd command as follows −
$ passwd mcmohd20 Changing password for user mcmohd20. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
When you type passwd accountname, it gives you an option to change the password, provided you are a superuser. Otherwise, you can change just your password using the same command but without specifying your account name.
Modify an Account
The usermod command enables you to make changes to an existing account from the command line. It uses the same arguments as the useradd command, plus the -l argument, which allows you to change the account name.
For example, to change the account name mcmohd to mcmohd20 and to change home directory accordingly, you will need to issue the following command −
$ usermod -d /home/mcmohd20 -m -l mcmohd mcmohd20
Delete an Account
The userdel command can be used to delete an existing user. This is a very dangerous command if not used with caution.
There is only one argument or option available for the command .r, for removing the account’s home directory and mail file.
For example, to remove account mcmohd20, issue the following command −
If you want to keep the home directory for backup purposes, omit the -r option. You can remove the home directory as needed at a later time.