Skip to content

Managing users

Managing users in Linux is an essential task for system administrators. It involves creating, modifying, and deleting user accounts, managing user permissions, and configuring user environments. Here’s an in-depth discussion:

1. User Management Overview

Linux systems are multi-user environments where multiple users can share the same system resources. Each user has a unique identifier and specific permissions that control their access to files, directories, and other system resources.

2. User Account Components

  1. Username: Unique name identifying the user.
  2. User ID (UID): Numeric ID associated with the user.
  3. Group ID (GID): Numeric ID of the primary group the user belongs to.
  4. Home Directory: Default directory assigned to the user.
  5. Shell: Command-line interface provided to the user (e.g., Bash, Zsh).
  6. Password: Stored in an encrypted format in /etc/shadow.

3. Files for User Management

  1. /etc/passwd:
    1. Contains user account information (excluding passwords).
    1. Format:

username:x:UID:GID:comment:home_directory:shell

  • Example entry:

alice:x:1001:1001:Alice:/home/alice:/bin/bash

  • /etc/shadow:
    • Stores encrypted passwords and password policies.
    • Accessible only by the root user.
  • /etc/group:
    • Defines groups and their members.
    • Format:

group_name:x:GID:user_list

  • /etc/skel:
    • Template directory containing default files for new users.

4. Commands for Managing Users

4.1 Adding Users

useradd Command:

  • Creates a new user.
  • Syntax:

sudo useradd -m -s /bin/bash alice

  • -m: Creates a home directory.
  • -s: Specifies the shell.

Set a Password:

  • Command:

sudo passwd alice

4.2 Modifying Users

usermod Command:

  • Modify user details.
  • Examples:
    • Change the shell:

sudo usermod -s /bin/zsh alice

  • Change the home directory:

sudo usermod -d /new/home alice

  • Add the user to a group:

sudo usermod -aG sudo alice

4.3 Deleting Users

userdel Command:

  • Remove a user.
  • Syntax:

sudo userdel alice

  • To remove the home directory:

sudo userdel -r alice

5. Group Management

5.1 Adding Groups

  • Command:

sudo groupadd developers

5.2 Modifying Groups

  • Add a user to a group:

sudo gpasswd -a alice developers

  • Remove a user from a group:

sudo gpasswd -d alice developers

5.3 Deleting Groups

  • Command:

sudo groupdel developers

6. Managing User Permissions

6.1 File Permissions

  • File permissions determine which users can read, write, or execute files.
  • Permissions are displayed using the ls -l command:

-rw-r–r– 1 alice alice 1024 Nov 30 14:00 file.txt

  • First column: File type and permissions.
  • rw-: Read and write permission for the owner.
  • r–: Read-only for group and others.

Change Permissions:

  • chmod Command:

chmod 755 file.txt

Change Ownership:

  • chown Command:

sudo chown alice:developers file.txt

6.2 Special Permissions

  • Setuid: Allows a file to run with the permissions of its owner.

chmod u+s file

  • Setgid: Sets group ID on execution.

chmod g+s directory

  • Sticky Bit: Prevents deletion of files by users other than the owner.

chmod +t directory

7. Configuring Password Policies

Password policies enhance system security by enforcing rules for user passwords.

  1. Modify /etc/login.defs:
    1. Example configurations:

PASS_MAX_DAYS   90

PASS_MIN_DAYS   7

PASS_WARN_AGE   14

  • Use chage Command:
    • Change password expiration settings:

sudo chage -M 90 -m 7 -W 14 alice

  • Password Locking/Unlocking:
    • Lock a user:

sudo passwd -l alice

  • Unlock a user:

sudo passwd -u alice

8. Monitoring Users

8.1 Check Logged-In Users

  • Command:

who

  • Displays active users and their sessions.

8.2 View User Activity

  • Command:

w

  • Provides details about user processes and system load.

8.3 Audit User Logins

  • Review the /var/log/secure or /var/log/auth.log file.

9. Best Practices for User Management

  1. Use strong passwords and enforce password policies.
  2. Disable root login and use sudo for administrative tasks.
  3. Regularly review and clean up unused accounts.
  4. Assign appropriate permissions and avoid using chmod 777 recklessly.
  5. Use groups to simplify permission management.

10. Conclusion

Effective user management in Linux is crucial for maintaining system security and ensuring smooth operation. Linux provides robust tools and commands for administrators to manage users, groups, and their permissions. Following best practices and monitoring user activity can help mitigate security risks and maintain system integrity.