In this lesson you're going to learn how to create, manage and delete users and groups. You will also learn how to manage permissions on files and directories.
In Linux the /etc/passwd file contains information about your system's users. The file contains all the properties of the user accounts in a colon separated text file.
Each line in the file represents a single user, and the properties, or fields, are in a specific order outlined below.
The /etc/passwd file can be viewed by regular users. The /etc/shadow file, which contains the encrypted passwords, can only be viewed by root .
Two ways you can add users to the system are the useradd command and the adduser script. The useradd command uses options and arguments to add a user to the system. The adduser script steps you through the creation of a user account asking you questions as it goes.
The useradd command has many options that can be used to specify the properties of the new user.
The command sudo useradd -d /home/msmith -m -s /bin/bash msmith will create the Mike Smith account with a home directory.
The adduser script will step you through the process asking you questions as you go. If you type in sudo adduser bdover it will start the process.
After you create an account using the useradd command you'll need to assign a password. You can use the passwd command as root to set the password of another user. The command sudo passwd msmith will let you set a password for msmith. You can use the passwd command without an argument to change your password.
You can switch to the newly created user accounts using the su command. Use Ctrl + D to logout and return to your account.
There are some commands you can use to gather information about user accounts in Linux. The id command will show you the ID's of accounts, and the groups they are members of. You can check other accounts by using the username as an argument.
The finger command will show you other information about the user. It will display the username, name, home directory, default shell, as well as other information.
The who command can be used to display all the users logged into the system. You may see yourself logged in multiple times. If you want to know what session you are using you can use the who command with the "am i" arguments. There is also a command, whoami, that will show you your current username. This can be handy when using the su command and you can't remember who you're logged in as.
The usermod command can be used to modify the properties of a user account. This can help you change users home directories, or default shell, as well as other properties of the user account. In the image below we are using the usermod command to change the default shell for msmith. The finger command is used to show the value before and after the change.
If you need to disable a user's account you can use the usermod or passwd commands. When you disable an account an explanation point is added to the front of the encrypted password in /etc/shadow. This prevents the user from logging into the system. If you need to enable the account the usermod and passwd commands can be used to remove the explanation point. You can also use a text editor and add/remove the explanation point yourself to enable/disable accounts.
You can delete user accounts using the userdel command. If you use the userdel command with the -r option it will attempt to remove the home and mail directories.
In Linux the /etc/group file contains a list of all the groups on the system. Each line represents a single group with a comma separated list of member's usernames at the end.
A user account can be a member of multiple groups, and a group can contain multiple members. If you want to see what groups your account is a member of you can use the groups command.
Groups are used for assigning permissions. For example, if you want to enable another account to use the sudo command then add them to the sudo group. In the screenshot we can see that only the mhull group is in the sudo group.
You can add users to groups using the usermod command. In the screenshot below we are adding msmith to the sudo group.
The groupadd command will let you add your own groups to the system. In the screenshot below we use the groupadd command to create the Sales group.
If you want to change or modify a group you can use the groupmod command. In the screenshot below the groupmod command is used to change the name of the Sales group to NorthernSales.
If you no longer need a group you can delete it with the groupdel command.
Each file and directory in Linux is owned by a user account and a group. You can control the permissions for the user and group, as well as the permissions for everyone else, or other. Each of the three entities, User, Group, and Other, can have Read, Write, or Execute permissions. In the screenshot we can see the the user and group that has access to the Documents directory as well as their permissions. We also see the permissions that everyone else has in the other section.
The permissions are grouped together in a nine character string that represents the user, group, and other. The first three characters represent the account's permissions followed by the group, then other. The order of the three characters are r for read, w for write, and x for execute. If the entity has the permission the letter is displayed, if not a dash is displayed. In the screenshot below we can see the account that owns the directory has read, write and execute. The group that owns the directory has read and execute, and everyone else has read and execute.
When you display a long list of files using the -l option you'll see more information than normal. In the listing there is one line per file and the columns of data are clearly defined. They are outlined below.
If we take the string rwxr-xr-x and convert it to binary where a 1 means the permission is applied, and 0 means it's not applied we end up with 111101101. We can split it into three sections for user, group and other and convert each section into decimal.
This leaves us with the decimal number 755. The number 755 is used to represent the permissions of the directory.
You can also also use another syntax with the chmod command. Using the numbers will update the permissions for users, groups and others all at once. You may find yourself wanting to change a single permission. You can do this with the letter method. The letter method let's you define what entity will get what permission. In the screenshot below we remove the read and execute permission from other on the Documents directory. The syntax for the letter method is chmod [ugo][+-][rwx] path.
You can change who owns data with the chown command. chown newuser path
You can change the group that owns the data with the chgrp command. chgrp newuser path chmod, chown and chgrp can use the -R to recursively change the permission on everything in a directory.