- Linux Users & Groups, Types and How to Setup Linux Users and Groups?
- Linux users and files accessing privileges:
- What are groups in Linux?
- Types of groups in the Linux & Unix
- Read, Write, and Execute Permissions in Linux:
- View file Permission:
- Adding User in Linux:
- Deleting Linux users from a group:
- Creating a group in Linux:
- Adding an Existing User in the Group:
- Adding an Existing User to different Groups at a time:
- Remove a User from a Group:
- Users and groups
- Overview
- Permissions and ownership
Linux Users & Groups, Types and How to Setup Linux Users and Groups?
User groups play a significant role in managing the Linux users and the entire system. If you are new to Linux and Unix, this concept might seem a bit complicated. But this article will provide an easy way to understand each of the topics and concepts in detail. User groups help in selecting the group of users so that they can share files easily.
This concept of Linux also helps in managing user privileges since assign privileges to groups is important rather than individual users. Let us now first understand, what Linux users are and what are group?
Linux users and files accessing privileges:
All Linux & Unix platforms allow multitasking like most of the operating systems. However, there is a slight distinction between Linux and other operating systems. It comes under the concept of multiple users. As we all know, Linux allows accessing and using its systems resources to various users concurrently.
These are Linux users. Accessing multiple resources by different users brings some security concerns to Linux users. So, to keep the files secure and put security in its position, it is essential to understand groups and protection privileges.
What are groups in Linux?
Groups are nothing but a cluster of different Linux users. The system administrator will define the group to set the privileges like reading, writing, or executing permission on an assigned file that users can share among themselves elected within the group.
Almost every Linux and Unix comes with a GUI tool or graphical application that allows the system administrator to manage these groups. Experienced system administrators prefer command-line tools over graphical tools.
Types of groups in the Linux & Unix
There are two different varieties of groups available in Linux.
- The Primary Group: When any user creates a file, the group assigned to it by default is the primary group. When a primary group is formed, the group name becomes the same as the username. It contains all the relevant file data in the /etc/passwd file.
- The Secondary Group: This is a particular group for users who wishes to share explicitly defined files that are granted explicit permissions by the admins. The system admin can provide specific permissions and rights to any files for the users residing within such groups.
Read, Write, and Execute Permissions in Linux:
Every file in the Linux systems comes with specific permission that is access and usage rights given to a particular file or directory. There are three different types of file and directory permissions. These are
- Read permission: When a file contains read permission, it permits its users to open files for readable purposes only. This permission makes the users capable to view the data only without altering anything. When the directory has read permission, the user gets the power to see and list the directory content.
- Write permission: When a file gets the write permission, it permits its user to alter or reconstruct any content from within the file. Once the admin provides this same permission for a directory, it will authorize the user to update or change the directory path and its content.
- Execute permission: This is powerful permission that allows users to run any script or program. This right allows the user to run or operate any script or program within the OS. When this permission is given to the directory, users can shift to different directories and can make any directory his/her current directory.
View file Permission:
Now, before setting up Linux Users and Groups in your system, it is essential to know how to view file permissions. For a system admin, it is necessary to check the file or directory’s permission mode in Linux. To view or check the directory or file’s permission, the admin should use the command:
Adding User in Linux:
Here are the steps you can follow to setup or add any Linux user to a group.
- Log in to your account as root user.
- Use the useradd command followed by the «name of the user». For example, useradd karlos
- Use «su» (super user) along with the name of the user you added just now to log on.
- Finally, use the «Exit» command. It will log you out from your current account.
Deleting Linux users from a group:
To delete a Linux user from any group, perform the following steps.
- Use the command userdel followed by the “name of the user”. For example, userdel karlos).
- Next, we have to use the command -d for setting the home directory for the user (by default it is the /home/”user name”). The -d will set the home directory for the user but will not create any new user.
- Then, we have to use the -m command for creating the home directory.
- For adding the user only, the default directory is the /home/“user name” directory. The -m will help in creating one.
- Finally, we can apply the command -r in conjunction with the userdel command for deleting the user & the home directory.
Creating a group in Linux:
It is very simple to create a new group in Linux. We have to apply the ‘groupadd’ command with the name of the group.
Syntax:
Adding an Existing User in the Group:
There might be a circumstance where you need to add a user to a secondary group. Usually, the admin adds existing users to make the group work on a project that requires team collaboration. To add an existing user in a group, you have to implement the command ‘usermod -a -G’, and specify the group and username in which you want to add that user.
Syntax:
$ sudo usermod -a -G sec_group_name user-name
Example:
$ sudo usermod -a -G pentestProject karlosray
Adding an Existing User to different Groups at a time:
Linux admin can face a circumstance where they might have to include a specific user in some secondary groups. It is possible using a single command. To implement this, the ‘usermod’ command along with the -G option/attribute is used. Along with this command, the admin has to serve the group names separated by commas.
Syntax:
$ sudo usermod -a -G group1, group2, group3 user_name
Example:
$ sudo usermod -a -G pentest, sudo, jenkins karlosRay
Remove a User from a Group:
When a project ends, Linux users are removed from groups to keep the data safe. To remove any user from the secondary group, the Linux user uses the ‘gpasswd’ command along with the -d option.
Syntax:
$ sudo gpasswd -d username group
Example:
$ sudo gpasswd -d karlos Jenkins
Conclusion:
Linux users and groups are two different concepts that intersect at some point. Linux is secure because of the access privileges. Setting the rights and access privileges requires proper knowledge of creating and removing users & groups. Almost all Linux distributions support the above commands mentioned in the article.
Users and groups
Users and groups are used on GNU/Linux for access control—that is, to control access to the system’s files, directories, and peripherals. Linux offers relatively simple/coarse access control mechanisms by default. For more advanced options, see ACL, Capabilities and PAM#Configuration How-Tos.
Overview
A user is anyone who uses a computer. In this case, we are describing the names which represent those users. It may be Mary or Bill, and they may use the names Dragonlady or Pirate in place of their real name. All that matters is that the computer has a name for each account it creates, and it is this name by which a person gains access to use the computer. Some system services also run using restricted or privileged user accounts.
Managing users is done for the purpose of security by limiting access in certain specific ways. The superuser (root) has complete access to the operating system and its configuration; it is intended for administrative use only. Unprivileged users can use several programs for controlled privilege elevation.
Any individual may have more than one account as long as they use a different name for each account they create. Further, there are some reserved names which may not be used such as «root».
Users may be grouped together into a «group», and users may be added to an existing group to utilize the privileged access it grants.
Note: The beginner should use these tools carefully and stay away from having anything to do with any other existing user account, other than their own.
Permissions and ownership
The UNIX operating system crystallizes a couple of unifying ideas and concepts that shaped its design, user interface, culture and evolution. One of the most important of these is probably the mantra: «everything is a file,» widely regarded as one of the defining points of UNIX. This key design principle consists of providing a unified paradigm for accessing a wide range of input/output resources: documents, directories, hard-drives, CD-ROMs, modems, keyboards, printers, monitors, terminals and even some inter-process and network communications. The trick is to provide a common abstraction for all of these resources, each of which the UNIX fathers called a «file.» Since every «file» is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device.
A fundamental and very powerful, consistent abstraction provided in UNIX and compatible operating systems is the file abstraction. Many OS services and device interfaces are implemented to provide a file or file system metaphor to applications. This enables new uses for, and greatly increases the power of, existing applications — simple tools designed with specific uses in mind can, with UNIX file abstractions, be used in novel ways. A simple tool, such as cat, designed to read one or more files and output the contents to standard output, can be used to read from I/O devices through special device files, typically found under the /dev directory. On many systems, audio recording and playback can be done simply with the commands, » cat /dev/audio > myfile » and » cat myfile > /dev/audio ,» respectively.
Every file on a GNU/Linux system is owned by a user and a group. In addition, there are three types of access permissions: read, write, and execute. Different access permissions can be applied to a file’s owning user, owning group, and others (those without ownership). One can determine a file’s owners and permissions by viewing the long listing format of the ls command:
total 13740 drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub -rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img -rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img -rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26 -rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux
The first column displays the file’s permissions (for example, the file initramfs-linux.img has permissions -rw-r—r— ). The third and fourth columns display the file’s owning user and group, respectively. In this example, all files are owned by the root user and the root group.
total 16 drwxrwx--- 1 root vboxsf 16384 Jan 29 11:02 sf_Shared
In this example, the sf_Shared directory is owned by the root user and the vboxsf group. It is also possible to determine a file’s owners and permissions using the stat command: