🐧Unlocking the power of Linux User Account Management
Skills in user management and permissions are key to managing Linux systems. From creating users to setting permissions on files, each process plays an important role in maintaining system integrity and security. In this article, we will walk through various user roles and permissions.
💻Creating users:
Starting with the basics. To create a user, we use the useradd command followed by the desired user name. For example, to create a user named John and Gordan, we do:
[root@alpha1 home]# useradd john
[root@alpha1 home]# useradd gordan
To verify that user information, including user IDs (UIDs), group IDs (GIDs), and group memberships, we can use the id command. Example:
[root@alpha1 home]# id john
[root@alpha1 home]# id gordan
💻Creating users Additional :
To add a user to a specific group, configure a login shell, add entries, create a user's home directory, and direct the home directory, we can use the below syntax :
[root@alpha1 home]# useradd -g cloud_team -s /bin/bash -c "cloud team contractor" -m -d /home/rakesh rakesh
This will add a user named "rakesh" to the "cloud_team" group, set the login shell to /bin/bash, add the comment "cloud team contractor", create the user's home directory (-m), and set the home directory to /home/rakesh (-d /home/rakesh).
💻Creating Groups:
Teams play an important role in user management. We can create a group using the groupadd command. However, we need to ensure that the group name follows the Linux naming convention.
We can verify the group by entering the group information using the getent command.
[root@alpha1 home]# groupadd "cloud team"
[root@alpha1 home]# getent group "cloud team"
💻Assigning Users to Groups:
Once the group is created, we can assign the usermod command to the users. For example, to add "Gordon" to the "hosting" group and changing primary group of "nick" to "hosting" group.
[root@alpha1 home]# usermod -G hosting gordan
#adds the user "gordan" to the supplementary group "hosting".
#In Linux, each user account can belong to one primary group and zero or
#more supplementary groups. The -G option is used to add supplementary groups.
[root@alpha1 home]# usermod -g hosting nick
#changes the primary group of the user "nick" to "hosting".
#Unlike supplementary groups, which a user can belong to multiple,
#a user can have only one primary group. The -g option is used to set the
#primary group.
💻Modifying User Attributes:
We can use the usermod command to change user attributes. For example, if we change a user's home directory and verify the changes by checking the user's home directory with the ls command.
This command modifies user "gordan" by setting their home directory to "/home/gordan_directory". The -m option ensures that the user's home directory, if it already exists, is moved to a new location with all its contents, and -d specifies a new home directory.
[root@alpha1 home]# usermod -m -d /home/gordan_directory gordan
[root@alpha1 home]# ls -ld /home/gordan_directory
💻Changing User Passwords:
Passwords are managed to protect user accounts. Using the passwd command we can change the user password.
[root@alpha1 home]# passwd gordan
Changing password for user gordan.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
💻Locking and Unlocking User Accounts:
To enhance security and as per need we can lock and unlock user accounts by using usermod with the -L and -U options, respectively.
[root@alpha1 home]# usermod -L username
[root@alpha1 home]# usermod -U username
It's visible in the image that there is an authentication failure after locking Rakesh and being able to log in after unlocking. We have used root or superuser privileges to lock or unlock the account.
💻Changing File Ownership:
The chown command can be used to change the ownership of files. For example, changing the owner and group of a file.
#####chown owner:group filename######
[root@alpha1 mike]# chown rakesh:cloud_team file2.py
[root@alpha1 mike]# ls -l file2.py
-rw-rw-r--. 1 rakesh cloud_team 0 Apr 22 07:19 file2.py
Alternatively there is also a case in which we can add or remove some permission without changing the existing permission.
Below we have removed the write permission for groups for "testfile1".
[ajeet@alpha1 ~]$ touch testfile1
[ajeet@alpha1 ~]$ ls
Desktop Documents Downloads Music Pictures Public Templates testfile1 Videos
[ajeet@alpha1 ~]$ ls -l testfile1
-rw-rw-r--. 1 ajeet ajeet 0 Apr 22 09:11 testfile1
[ajeet@alpha1 ~]$ sudo chmod g-w testfile1
[sudo] password for ajeet:
[ajeet@alpha1 ~]$ ls -l testfile1
-rw-r--r--. 1 ajeet ajeet 0 Apr 22 09:11 testfile1
[ajeet@alpha1 ~]$
Below we have provided read write execute permission to user , read and write permission to group and execute permission to others.
[root@alpha1 mike]# chmod u+rwx,g+rx,o+r file2.txt
[root@alpha1 mike]# ls -l file2.txt
-rwxrwxr--. 1 mike mike 0 Apr 22 07:19 file2.txt
| Symbol | Meaning | Example | Explanation |
| u | User | chmod u+x file | Specifies permissions for the file owner. |
| g | Group | chmod g-w file | Specifies permissions for the group to which the file belongs. |
| o | Others | chmod o+r file | Specify permissions for users outside the owner or group. |
| + | Addition | chmod u+x file | Adds the specified permissions to the specified user/group/others. |
| - | Removal | chmod g-w file | Remove the specified permissions from/elsewhere for the specified user/group. |
💻Setting File Permissions:
File permission means that anyone can read, write, or create a file. We can set the permissions using the chmod command. For example, execute permissions for the owner and group.
#####chmod [options] mode file(s)######
[mike@alpha1 ~]$ ls -l file2.py
-rw-rw-r--. 1 mike mike 0 Apr 22 07:19 file2.py
#After
[root@alpha1 mike]# chmod 755 file2.py
[mike@alpha1 ~]$ ls -l file2.py
-rwxr-xr-x. 1 rakesh cloud_team 0 Apr 22 07:19 file2.py
| Permission | Symbol | Numeric Value | Explanation |
| Read | r | 4 | Allows reading of the file |
| Write | w | 2 | Allows writing to the file |
| Execute | x | 1 | Allows executing the file (or accessing directories) |
| No Permission | - | 0 | No permission granted |
Owner - The first digit represents the path of the owner of the file.
Group: The second digit represents the license of the group to which the group file belongs.
Others: The third digit represents access to users other than the owner or group.
We use this numeric value to configure permissions and chmod. For example, a chmod 755 filename gives the owner read and write execution permissions (4 + 2 + 1 = 7), and the group and others read and execute permissions (4 + 1 = 5).
💻Summary :
| Task | Syntax | Example |
| Create new user accounts | adduser newuser | adduser john |
| Delete user accounts | deluser olduser | deluser john |
| Modify user account details | usermod -l newname oldname | usermod -l johnny john |
| Reset user passwords | passwd username | passwd johnny |
| Disable user accounts | usermod -L username | usermod -L johnny |
| Enable user accounts | usermod -U username | usermod -U johnny |
| Manage user groups | addgroup groupnamedelgroup groupname | addgroup teamAdelgroup teamB |
| Assign permissions to users/groups | chown user:group filechmod permissions file | chown john:teamA file.txtchmod 755 file.txt |
| Monitor user activity (login/logout) | lastwho | lastwho |
| Alter | usermod -G groupname username | usermod -G teamB johnny |
🐧Thank you for joining me on this journey through Linux User Account Management. I truly appreciate your passion and dedication to learning. Keep exploring, stay curious, and happy coding!