How to Manage Users and Groups in Linux

Originally posted on Thursday, July 27, 2023 by Joshua James
Last Updated on Thursday, August 24, 2023
Estimated reading time: 8 minutes
How to Manage Users and Groups in Linux

In any Linux system, understanding the management of users and groups is fundamental. It’s a critical part of system administration, aiding in organizing and securing a system’s resources. The heart of this management revolves around the handling of system users and groups, making it possible to determine who has access to what resources and when.

What are Linux Users and Groups?

Linux is a multi-user system, meaning it’s designed to be used by many people at the same time. This can be individuals on their own system, or multiple people using a central server. Each individual who uses a system is known as a “user”. Each user has unique login credentials and a specific set of permissions that govern what they can or cannot do.

In contrast, “groups” are simply a collection of users. They make it easier to manage users with similar permission sets, as you can manage permissions for a group of users all at once instead of individually. For example, a group called ‘developers’ could contain all users who are allowed to access a particular development directory.

Managing Users in Linux

When managing users in Linux, a good grasp of certain files and concepts is required. These include:

Understanding the /etc/passwd File

The /etc/passwd file is a crucial file in Linux as it contains user account information. Each line in the file represents an account and is structured in a series of seven fields separated by colons. These fields contain information like username, user ID, group ID, home directory, shell, etc.

Example of /etc/passwd File

Let’s have a glance at a line from a /etc/passwd file:

johndoe:x:1001:1001:John Doe,,,:/home/johndoe:/bin/bash

This line provides information about the user ‘johndoe’. It shows that ‘johndoe’ has a user ID (UID) and group ID (GID) of 1001, their home directory is ‘/home/johndoe’, and their default shell is ‘/bin/bash’.

Understanding the /etc/shadow File

In contrast, the /etc/shadow file stores user password information in an encrypted format, as well as password aging information. It is only readable by the root user for security reasons.

Example of /etc/shadow File

A line from a /etc/shadow file might look like this:

johndoe:$6$KBvrdDvF$P1DhTPXbqyLKLuPx5GzaTOi6oJYG6A/r70n3F2CZePYVFXkdE0V/:17680:0:99999:7:::

Here, ‘johndoe’s password (in encrypted form) is stored along with details about password aging.

Creating, Modifying, and Deleting User Accounts

User accounts can be managed using the useradd, usermod, and userdel commands.

Example of Creating a User

To create a user:

sudo useradd -m -s /bin/bash johndoe

This command creates a new user ‘johndoe’ with a home directory (-m) and the default shell set to ‘/bin/bash’ (-s).

Example of Modifying a User

To modify an existing user:

sudo usermod -s /bin/zsh johndoe

This command changes ‘johndoe’s default shell to ‘/bin/zsh’.

Example of Deleting a User

To delete a user:

sudo userdel -r johndoe

This command deletes the ‘johndoe’ user and his home directory (-r).

Managing Password Requirements

Password security is crucial. The passwd command lets you update a user’s password. The /etc/login.defs file can be modified to set password policies.

Example of Changing a User Password

To change ‘johndoe’s password:

sudo passwd johndoe

This command prompts you to enter a new password for ‘johndoe’.

Example of Setting Password Policies

To set password policies, you might edit the /etc/login.defs file:

sudo nano /etc/login.defs

In the file, you can set policies like PASS_MAX_DAYS (the maximum number of days a password remains valid).

Managing Groups in Linux

Just like users, Linux groups also have associated management tasks.

Understanding the /etc/group File

The /etc/group file contains group information. Each line of the file represents a group and is divided into four fields separated by colons. These fields include the group name, password, group ID, and list of group members.

Example of /etc/group File

A line from a /etc/group file might look like this:

developers:x:1002:johndoe,janedoe

This line tells us there is a group named ‘developers’ with a group ID (GID) of 1002. The users ‘johndoe’ and ‘janedoe’ are members of this group.

Creating, Modifying, and Deleting Groups

Group management is performed using the groupadd, groupmod, and groupdel commands.

Example of Creating a Group

To create a group:

sudo groupadd developers

This command creates a new group named ‘developers’.

Example of Modifying a Group

To modify a group:

sudo groupmod -n dev developers

This command renames the ‘developers’ group to ‘dev’.

Example of Deleting a Group

To delete a group:

sudo groupdel developers

This command deletes the ‘developers’ group.

Managing Group Membership

You can add or remove users from a group with the usermod command.

Example of Adding a User to a Group

To add ‘johndoe’ to ‘developers’ group:

sudo usermod -a -G developers johndoe

This command adds ‘johndoe’ to the ‘developers’ group.

Example of Removing a User from a Group

To remove ‘johndoe’ from the ‘developers’ group:

sudo gpasswd -d johndoe developers

This command removes ‘johndoe’ from the ‘developers’ group.

Advanced Scenarios and Examples in Linux User and Group Management

In addition to the basics of creating, modifying, and deleting users and groups, Linux allows for more complex and flexible user and group management scenarios. Here, we will delve into five such scenarios, illustrating the power and versatility of Linux command-line tools in managing system access and security.

Example 1: Changing the Default Home Directory for New Users

When you create a new user, Linux typically sets their home directory as /home/username. However, you might want to change the default location for new users.

sudo useradd -m -d /var/employees/johndoe -s /bin/bash johndoe

This command creates a new user named ‘johndoe’, but instead of placing the home directory under ‘/home’, it places it under ‘/var/employees’. The -d option followed by the desired path is used to set the home directory.

Example 2: Creating a User with a Specific User and Group ID

Sometimes, for compatibility with an existing system or to meet security requirements, you might need to create a user with a specific user ID (UID) and group ID (GID).

sudo useradd -u 2001 -g 3001 johndoe

This command creates a user ‘johndoe’ with a UID of 2001 and a GID of 3001.

Example 3: Creating a Shared Group for a Project

Imagine you’re managing a Linux server for a team working on a project. Everyone needs access to the same set of files, so you decide to create a shared group.

sudo groupadd projectA
sudo mkdir /opt/projectA
sudo chgrp projectA /opt/projectA
sudo chmod 2775 /opt/projectA

First, we create a group called ‘projectA’. Next, we create a directory for projectA’s files in ‘/opt/projectA. Then we change the group of ‘/opt/projectA’ to ‘projectA’ with chgrp. Finally, we set the permissions for ‘/opt/projectA’ to 2775. This ensures that all new files created in the directory belong to the ‘projectA’ group (that’s what the ‘2’ at the beginning of the permissions does, it sets the setgid bit).

Example 4: Adding an Existing User to Multiple Groups

A user can be part of multiple groups in Linux. This can be useful if a user needs to access resources that belong to different groups.

sudo usermod -a -G projectA,projectB johndoe

This command adds the user ‘johndoe’ to both the ‘projectA’ and ‘projectB’ groups.

Example 5: Locking and Unlocking User Accounts

In some cases, you might need to lock a user’s account temporarily. For example, they might be on leave, and you want to ensure their account isn’t used in their absence.

sudo passwd -l johndoe

This command locks the user ‘johndoe’s account, preventing them from logging in. You can unlock it again using:

sudo passwd -u johndoe

Best Practices for User and Group Management

Here are a few best practices when managing users and groups in Linux:

  • Principle of Least Privilege: Always assign the minimum permissions necessary for a user to perform their duties.
  • Regular Audits: Regularly check and clean up inactive users and groups. This will help to maintain system security and resource efficiency.
  • Strong Password Policies: Implement and enforce robust password policies. This includes password complexity rules, expiration periods, and policies against password reuse.
  • Use Sudo: Instead of sharing the root password, use the sudo command to give users temporary escalated privileges. This ensures that all privileged activities are logged and auditable.
  • Separate System and Regular Users: Keep system and regular users separate. System accounts (those with UIDs below 1000 by default) are not meant for regular use.
  • Keep Group Membership Prudent: Carefully manage group membership. Unnecessary access can lead to unnecessary risk. For instance, not all users need to be in the sudo or admin groups.

Conclusion

Understanding how to manage users and groups in Linux is fundamental for effective system administration. It allows you to control who has access to what resources, ensuring both system security and efficiency. From understanding key files like /etc/passwd and /etc/group, to creating, modifying, and deleting users and groups, to managing password policies and group membership, this guide provides a comprehensive look at Linux user and group management. Always remember to follow best practices to maintain a secure and well-organized system.

bc Command in Linux with Examples

How to Install Android Studio on Pop!_OS

If you have any legitimate inquiries, such as article suggestions, don't hesitate to contact LinuxCapable. Kindly ensure that your message is written in the English language.

Contact Us
About Us Copyright Policy Disclaimer Privacy Policy Terms & Conditions Contact Us