Managing Users and Groups in Linux: A Complete Guide for Beginners

Introduction

Linux is known for its stability, flexibility, and security. One of the primary functions of Linux is user management, which helps administrators to control access to resources and their security. In an era where the impact of technology is increasing, managing users is crucial for a secure and organized environment.

Users in Linux

To control the access and manage the security of the operating system user plays a fundamental role in this regard. A user is an entity (person, process or service) in Linux that logs in to the system and performs specific tasks. Every user has a unique User ID (UID that is associated with certain permissions, files and processes. A Linux system has several user accounts for different purposes. At the top is the root user, which has superuser privileges.

Types of Users

Linux supports different types of users, including system users, regular users, and the root user, which is the superuser.

Root User (Superuser)

The root user, with a UID of 0, has full control over the system, including software installation, deletion, user management, and editing system files.

System Users (Service Accounts)

System users are created automatically by the system during installation or when software packages are installed. System users are designed to run services and applications in the background. Their primary function is to manage and execute background services and processes with secure and limited privileges.  System users like mysql, www, mail and bin etc.  System users have user IDs starting from 0 up to 1000. System users are not logged in directly like a regular user and they lack login shell or restricted shell access. System users enhance the security of the system as in case of an attack, only that service is compromised rather than the whole system.

Regular Users

A regular user is non non-administrative user account created for different purposes and sometimes assigned a specific task to perform. Regular users have limited permissions as compared to the root user and regular users can create files, run scripts and access their files and directories. They are not able to install software without privileges and aren’t able to modify the system files as well. Regular users are assigned user IDs normally greater than 1000.

User Configuration Files

·         /etc/passwd – store the information about users

·         /etc/shadow – store user password hashes readable only by root

·         /etc/group – users group information

·         /etc/login.def – default parameters of user accounts

How to create a User

The useradd command is used to create a user in Linux. A user in Linux contains certain properties. First, create the user with the useradd command and will see the user properties in detail.

#useradd –u 1001 -d /home/seeklinux -s /bin/bash seeklinux

A Seeklinux user is created with uid (-u) 1001, home directory (-d) and /bin/bash (-s) the default shell for Seeklinux. To verify the newly created account commands is

#id seeklinux

This will display the user ID, group ID and group membership for the seeklinux user.

User Account Properties

Every account in Linux contains properties that define its characteristics and access privileges. Let's see these properties in detail.

1.    Username

Every user account in Linux is assigned a unique username by which this user is recognized, as the seeklinux username is seeklinux. 

2.    UID

Every user account is assigned a unique UID and this UID is a numerical value as the UID of seeklinux is 1001. UID is automatically assigned by the system to a user at the time of creation, or you can specify by yourself when you create a user.

3.    GID

GID is group ID, the primary group ID of the user seeklinux is 1001.

4.    Home Directory

Every user has an associated home directory where personal files, documents and settings reside. The home directory of seeklinux is /home/seeklinux.

5.    Default Shell

The default shell determines which interpreter the user will use after logging in. This is the associated interactive environment of the user as SeekLinux’s default shell is /bin/bash.

6.    Password

Every user should be secured by a strong password. A password is required to authenticate and to interact with the system. The password should be according to the password security policy.

7.    Group

The group membership determines the user's association with the group and access privileges to the resources.

The user information is saved in the /etc/passwd and to get this information, the command is

#grep seeklinux /etc/passwd

/etc/passwd contains the following fields.

Seeklinux – seeklinux is the user that we created by the useradd command.

X – Represents the encrypted password of the user account.

UID – 1001 is UID. A unique identifier for a user account that is assigned by the system automatically, or you can specify.

GID – 1001 GID group ID for user account representing primary group membership of user.

/home/seeklinux – home directory of the user account.

/bin/bash – the default shell for the user account

This is detailed information that is stored in /etc/passwd about the users.

How to set a user's Password

To create a user password, always follow the password policies to set a strong password. Avoid setting a common password that is easily guessable, especially in a production environment. To set the user password command is

#sudo passwd seeklinux

How to Delete a User Account

To delete a user account, the command is 

#usdo userdel seeklinux

This will delete the user's home directory and all associated files.

How to Lock and Unlock a User Account

There are different ways to lock or disable user accounts in Linux. We do this by using the following methods: passwd, usermod and by modifying the /etc/shadow file.

Lock user Using Passwd

To lock a user using the passwd command is

#sudo passwd –l seeklinux

Disable a User Account Using usermod

The usermod command is also a handy tool to modify users. To disable a user, with usermod -L or --lock option is used.

#sudo usermod -L seeklinux

How to Set a User Shell to nologin

In this method, set the user shell to no login. By doing this prevent the user from logging in to the system. Command is

#sudo usermod –s /sbin/nologin seeklinux

The user will get this message when they try to log in to the system.

Modify the Shadow File (/etc/shadow)

A simple method to disable a user account by modifying the /etc/shadow file. Open the shadow file with your favorite editor and search the user that you want to disable. Put the ! Or * at the start of that user to disable it.

#sudo vi /etc/shadow

The user will get an authentication failure error when try to log in to the system.

How to unlock the User Account

To unlock the user account, the -U option is used with the usermod command.

#sudo usermod –U seeklinux

By using passwd to unlock the user

#sudo passwd –u seeklinux

How to Check the User Status

To check the status of the user, whether it is locked or unlocked, the command is

#sudo passwd –S seeklinux

If the output shows the PS, it means the user is unlocked; otherwise, it indicates that the LK user's status is locked.

Group Management

Group management is a mandatory aspect in Linux for system administration, providing efficient control over file and resource access according to the user's role and granted permissions. Groups allow membership to users in their respective groups.

Group types

Primary Group

This group is created automatically at the time of user creation with the same name and ID. Every user has one primary group associated with it.

Secondary Group

Users belong to multiple or additional groups for the grant of access to resources related to those groups. A user can be a member of many secondary groups at a time.

/etc/group:

This is the main file for groups to store information about all groups and their associated members with group IDs (GIDs).

How to Create a New Group

To create a new group, for example developer, the command is 

#sudo groupadd developer

This group grants access and permissions to all development-related resources.

To view the group detail that is created with the name developer, go /etc/group file.

#cat /etc/group

This command returns all group details, and the newly created group will be at the bottom. You can sort the command to see only the information of a specific group. Command is 

#cat /etc/group | grep developer

How to Assign a User to a Group

Users can be assigned to a group after it has been created. To assign the user to the group developer command is 

#sudo usermod -aG developer seeklinux

As Seeklinux is a member of the developer group and he has access to the resources of this group.

How to Delete a Group

To delete the group command is

#sudo groupdel developer

That’s all about users and group management. Keep visiting seeklinux for more updates and information.