Академический Документы
Профессиональный Документы
Культура Документы
The concept of Groups and Users is pretty straight forward. Everything (or better say,
every process) in Linux runs under specific user and uses that users permissions for
its proper execution. To further extend the permissions of a group (or collection) of
users, the User Group concept was introduced. We know that each file, should be
owned by a User. Now, another user may or may not be able to read/edit/execute that
file, depending on that files permissions and the group of the user.
In simpler words, if we want to run a process, then it has to run under some user. Any
user should be a part of a group or a set of groups. For example, when first install
Linux and create the primary user, then we give a username, which becomes the
Users login. A group with same name as the username is created and is assigned as
the primary group of the user. The user is also assigned to other groups depending on
what the user is supposed to do.
My user name is swashata and my primary group is swashata. Other than that, I
might be added to the following groups as well.
Therefore, I can also apply sudo command, have administrator rights, can use
sambashare and so on.
What a group can do, solely depends on the model of an application. Most of the
system applications like, Apache, SambaShare etc creates groups and allows user only
their own group to execute them.
Everything in Linux is stored in a file, Groups and Users are no exceptions. We can
view the following file to quickly view the current status of users and groups:
1 group_name:x:group_id:users
user_login:x:user_id:user_primary_group_id:comment_or_user_name:home
1
_directory_path:default_login_shell
The shadow file holds the password of the user and other login credentials. It has 8
columns delimited by colon(:) which holds the following information.
Please read this article from cyberciti to understand (although not required) more
about the shadow file.
The very basic of the user management system includes the concept of whether the
user account is being used by programs or by people.
That being said, the usage is not actually limited. In practice, an application can use a
normal account, whereas one may assign password to a system user and can login
through the shell.
It is upto the us and the program to properly create system users when necessary. Also,
on a modern Linux Distro, we will not see system users listed in the login window.
The same concept holds true for System Groups as well. Typically, all users under a
System Group should be System users.
Simple Command:
1 groupadd mygroup
Now, if we do a
1 cat /etc/group
1 utempter:x:121:
2 rtkit:x:122:
3 saned:x:123:
4 swashata:x:1000:
5 sambashare:x:124:swashata
6 winbindd_priv:x:125:
7 gdm:x:126:
8 mygroup:x:1001:
Where we can see our group. Note that the group ID 1001 is automatically assigned to
the group. There are a few useful parameters as well.
Parameters:
?
Used to define the group ID of the
-g groupadd -g 2000
group we are creating. 1
mygroupgid
?
-r Creates a system group. groupadd -r
1
mysystemgroup
In Ubuntu, the GID range for System group is generally from 1 to 999 and that of
normal group is above 1000. The GID 1000 is usually the primary group of the
primary user account.
In this tutorial, we shall not talk about the second operation. You can always do a man
useradd to learn more about its features.
Simple Command:
Now let us see what are the possible parameters for the command and also what the
parameters above did.
Parameters:
?
Primary group ID or name. If
not specified, a new group is 1 useradd -g 100 myuser
-g created with same name as the
login name of the user and the The GID 100 corresponds to a group
corresponding ID is assigned. named users. myuser will be
assigned to that group.
?
useradd -d
The path of skeleton directory "/var/www/wordpress" -k
from where the files and 1
"/public_html/wordpress" -c
-k directories will be copied to "WP User" -m
the home directory. Should be
used with -m.
A possible way to run your
WordPress site with a new user and
copy all files from old users at once.
?
Creates the users home
directory if it is not present. 1 useradd -m -c "My User" myuser
-m
Also, copies everything from
skeleton if it is specified. The simplest way to create users with
all default settings.
Creates a system user with
following three
characteristic:
So, uptil now, we have created an account for a new user, assigned primary group and
supplementary groups etc. All of these are sufficient to create system users, as by
default we do not want system users to have passwords. But, in case of normal users,
in order to login to the account, we will need to specify the password as well. Let us
see how we can do this.
Simple Command:
To change the password of the user myuser we shall use the following command:
1 passwd myuser
It will then prompt for password. Enter it and you are done.
Parameters:
There are a few interesting things which we can do with passwd as well. Basically
with all the parameters, we properly modify the /etc/shadow file.
Parameter Usage Example
?
Locks the password of an account, so that the user passwd -l
can not be logged in using password 1
-l root
authentication system. But, other authentication
methods, such as SSH key can be used.
Locks the
root user.
?
Shows the status of a user. (All information from
-S passwd -S
/etc/shadow file) 1
myuser
?
Shows status for all users. Can only be used with
-a passwd -S
-S parameter. 1
-a
We shall be needing the concepts of passwd for our upcoming series of VPS setup.
Simple Command:
The only new parameter introduced here is -n. It defines the new name. All of the
other parameters of groupadd holds true.
Simple Command:
To change the login of myuser to youruser and name to Your User and ID to
3000 and also append to the adm group we would use this:
Parameters:
Simple Command:
groupdel mygroup
Note that, if the group is a primary group of a user, then we need to delete the user
first before deleting the group. If the group is a supplementary group of some users,
then the group will be deleted safely (ie, it will also remove users from the group
automatically).
#3.2: Deleting existing Users (userdel):
Simple Command:
1 userdel myuser
This will delete the user but will not remove its home directory and other files. Also,
user will not be deleted and a warning will be shown if s/he is currently logged in.
Parameters:
?
All files and directories inside the users home
-r
directory will be removed along with mail spool. 1 userdel
-r myuser
Although useradd and userdel will work for Ubuntu or other debian system, but it is
recommended to use the following commands instead.
It is also recommended to add the user to the administrative group adm to use full
advantage of administration. So, the proper command will be:
1 login myuser
It will prompt for the password. Once entered correctly, it will login to the
corresponding user. Once done, we can simply execute logout to exit the login shell.
1 groups myuser
So, that was all about users and management. The next in this series will be about File
and Directory permission and related commands. So stay tuned, and if you have any
trouble, feel free to ask through the comments.
Series Navigation