Linux Commands

Chapter Four

Users And Groups

Linux Commands

• In this chaper, you will learn about

 Understanding linux users and groups

 Managing linux user accounts
 Managing linux group accounts
Linux Commands

• One of the great things about Linux is the fact that it is a

true multiuser operating system. A single Linux system
can be configured with one, two, five, ten or more user
accounts. Each user on the system is provided with his or
her own computing environment that is unique to that
user. For example, in Figure 9-1, the current user is
named ksanders.
Linux Commands
Linux Commands

• Notice that ksanders has her own directory in /home named

ksanders. Within her home directory:
– Desktop Contains the files and icons displayed on ksanders’s
desktop
– Documents Contains ksanders’s documents
– public_html Contains ksanders’s personal Web pages
– bin Contains executable files and scripts that ksanders may need
to run. This directory is automatically added to the PATH
environment variable for the ksanders user, so she doesn’t need
to specify the full path to any executable stored here
– Downloads Contains files downloaded from the Internet by
ksanders’s web browser
– Music Contains ksanders’s music files
– Pictures Contains ksanders’s image files
– Videos Contains ksanders’s video files
Linux Commands

• . If the system has been configured to work on a computer network,

then users can log in to the system remotely and access their
desktop and home directory as if they were sitting in front of the
computer. In this scenario, multiple users can be logged in and
using the same computer at the same time.
• Because Linux is a multiuser operating system, we need some way
to control who has access to what in the system. For example,
suppose you have a Linux system with five user accounts:
– ksanders
– mohamed
– ahmed
– adnan
– naima
Linux Commands

Understanding Linux Users and Groups

• To control access to a Linux system and the data it

contains, we need to do two things:
• We need to require users to supply a set of credentials
before they will be granted access to the system.
• We need access controls that specify what individual
users can do with files and directories in the file
system after they have logged in.
Linux Commands

• In this part, we’re going to discuss how to do this.

Specifically, we’re going to cover the followings:
– Linux user accounts
– Linux groups
• Let’s begin by discussing how Linux user accounts
work
Linux Commands

• Linux in particular performs this function

very well. In this part of this chapter,
we’re going to discuss the following:
– How Linux user accounts work
– Where Linux user accounts are stored
– Creating and managing user accounts from
the command line Let’s begin by discussing
how Linux user accounts work.
Linux Commands

How Linux User Accounts Work

Notice that finger displays the following information about the ksanders
account:
– Login This is the username that is used to authenticate to the
system.
– Name This is the user’s full name.
– Directory This is the user’s home directory.
– Shell This is the default shell that will be started by the user.
• Last Login This displays the last time the user logged in and where
from
Linux Commands

In addition to having a home directory and default shell

assigned, each user account is also assigned a unique user ID
(UID) number when they are created. No two user accounts on
the system will have the same UID. To view the UID for a given
user account, you can use the id username command from the
shell prompt. For example, to view information about our Tux
user account, we can enter “id tux” at the shell prompt. Here is
the output from this command:

ws1:~/Desktop # id tux
uid=1000(tux) gid=100(users)groups=100(users),33(video)
Linux Commands

Notice that on this system, the tux user account has been assigned
a UID of 1000. On a SUSE Linux system, the first regular user
account created on the system is always as- signed a UID of
1000. and Ubuntu linux has been assigned a UID starting from
500 The next user account will be assigned a UID 501
• Other distributions may use a different numbering scheme for
the UID, however.
• For example, UIDs on a Fedora system start at 500 instead of
1000. Next, you can see that the Tracy user on this Fedora
system has a UID of 500 because it was the first standard user
account created:
ID of 1001, and so on.
Linux Commands

Where Linux User Accounts Are Stored

• For our purposes here, we’re going to focus on the

Local option. This option stores user and group
information in the following files in the file system:
– /etc/passwd This file contains the user account
information for your system.
– /etc/shadow This file contains passwords for your
user accounts.
– /etc/group This file contains your system’s groups.
(We’ll discuss groups later in this chapter.)
Linux Commands

Let’s look at the /etc/passwd file first.

The /etc/passwd File If configured to use local authentication, your
/etc/passwd file contains your system’s user accounts. Each user
account on your system is represented by a single line in the file, as
shown in this example:
• ws1:~ # cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
sshd:x:100:102:SSH daemon:/var/lib/sshd:/bin/false uucp:x:10:14:Unix-
to-Unix CoPy system:/etc/uucp:/bin/bash wwwrun:x:30:8:WWW daemon
apache:/var/lib/wwwrun:/bin/false ksanders:x:1001:100:Kimberly
Sanders:/home/ksanders:/bin/bash tux:x:1000:100:Tux
Penguin:/home/tux:/bin/bash
Linux Commands
For example:
•ksanders:x:1001:100:Kimberly Sanders:/home/ksanders:/bin/bash
Here’s what these fields contain:
•Username The Username field simply identifies the username the
user will supply when logging in to the system. In this example, it is
ksanders.
•Password This is a legacy field. At one time, the user’s password was
stored in encrypted form in this field in the passwd file. However, for
security reasons, the password has been moved from /etc/passwd to
/etc/shadow. (We’ll look at this file in more detail later.) Therefore, only
the character x is shown in this field.
•UID This is the user ID for the user account. We discussed the UID
earlier in this chapter. In this example, the UID for the ksanders
account is 1001.
•GID This field references the group ID number of the user’s default
group. In this example, the GID for the ksanders account is 100. As
we’ll see later in this chapter, this references the users group.
Linux Commands

• Full_Name This field contains the user’s full name. In

this example, it’s Kimberly Sanders.
• Home_Directory This field contains the path to the
user’s home directory. In this case, the home directory
is /home/ksanders.
• Default_Shell This field specifies the shell that will be
used by default. For ksanders, this is /bin/bash (the
Bourne-Again SHell).
Linux Commands

The /etc/shadow File With most Linux distributions that use local authentication,
your users’ passwords will be stored in encrypted format in the /etc/shadow
file. This file is linked to the /etc/passwd file we discussed previously. Each of
the user ac- counts listed in /etc/passwd has a corresponding entry in
/etc/shadow, as shown in this example:
• ws1:~ # cat /etc/shadow
• root:
$2a$05$h03HfGFSi2i8GlotOYgreeBelUlHc.z/2KxyQQF7RSo./TdLOrDJa:1503
5:::::: sshd:*:14796:0:99999:7:::
• uucp:*:14796::::::
• wwwrun:*:14796::::::

ksanders:
$2a$05$KL1DbTBqpSEMiL.2FoI3ue4bdyR.eL6GMKs7MU6.nZl5SCC7/
REUS:15043:0:99999:7:::
Linux Commands

• As with /etc/passwd, each user account is represented by a

single line in the /etc/ shadow file. Each record is composed of
the following fields, each separated by a colon:

• Username:Password:Last_Modified:Min_Days:Max_Days:Days
_Warn:Disabled_Days:Expire

• For example, the record for ksanders is as follows:

• ksanders:
$2a$05$KL1DbTBqpSEMiL.2FoI3ue4bdyR.eL6GMKs7MU6.nZl
5SCC7/ REUS:15043:0:99999:7:::
Linux Commands

• Here’s what each of these fields contains:

– Username This is the user’s login name from /etc/passwd.
• Password This is the user’s password in encrypted format
• Last_Modified This field displays the number of days since
January 1, 1970, that the password was last changed. In this
example, it’s been 15,043 days.
• Min_Days This field displays the minimum number of days
required before a password can be changed. In this example, it is
set to 0 days.
• Max_Days This field displays the maximum number of days before
a password must be changed. In this example, it is set to 99,999
days. Effectively, this means a password change isn’t required.
Linux Commands

• Days_Warn This field displays the number of days

prior to password expiration that the user will be
warned of the pending expiration. In this case, it’s set
to 7 days.
• Disabled_Days This field displays the number of days
to wait after a password has expired to disable the
account. In this example, it’s set to a null value.
• Expire This field displays the number of days since
January 1, 1970, after which the account will be
disabled. In this example, it is set to a null value,
indicating the account never expires.
Linux Commands
Creating and Managing User Accounts from the
Command Line

• you can manage user accounts on your Linux system

with either graphical utilities or from the command line.
For example, open SUSE includes the YaST User and
Group Management module, shown in Figure 9-5, to
manage user accounts.

• Likewise, Fedora includes the User Manager utility,

which can also be used to manage user accounts
graphically. This utility is shown in Figure 9-6.
Linux Commands
Linux Commands

• Therefore, we’re going to focus on command-line tools

in this chapter. Once you’re comfortable with them,
feel free to experiment with their graphical equivalents.
• In this section, we’re going to cover the following tools:
– useradd
– passwd
– usermod
– userdel
Linux Commands

• You can add any files and directories to this directory that you want each
and every user to have by default when their account is created on the
system.
• You can override these defaults when running useradd by specifying a
list of options in the command line. You can use the following:
• –c Includes the user’s full name
• –e Specifies the date when the user account will be disabled. Format the
date as yyyy-mm-dd.
• –f Specifies the number of days after password expiration before the
account is disabled.
• –g Specifies the user’s default group
• –G Specifies additional groups that the user is to be made a member of
• –M Specifies that the user account be created without a home directory
• –m Specifies the user’s home directory
Linux Commands

• –n Used only on Red Hat or Fedora systems. By

default, these distributions create a new group with the
same name as the user every time an account is
created.
• –r Specifies that the user being created is a system user
• –s Specifies the default shell for the user
• –u Manually specifies a UID for the user
Linux Commands

• When working with passwd, you can also use the following options:
– –l Locks the user’s account. This option invalidates the user’s
password.
– –u Unlocks a user’s account
– –d Removes a user’s password
– –n Sets the minimum number of days required before a password
can be changed
– –x Sets the maximum number of days before a password must be
changed
– –w Sets the number of days prior to password expiration when
the user will be warned of the pending expiration
– –i Sets the number of days to wait after a password has expired
to disable the account
Linux Commands

Now that you know how to create a new user and how to
set a user’s password, let’s next review how you go
about modifying an existing user account.
Linux Commands

usermod
usermod From time to time, you will need to modify an existing user
account. This can be done from the command line using the usermod
utility. The syntax for usermod is very similar to that used by useradd.
You enter usermod options username at the shell prompt. The options
for usermod are likewise similar to those used by useradd. They include
the following:
• –c Edits the user’s full name
• –e Sets the date when the user account will be disabled. Format the date
as yyyy-mm-dd.
• –f Sets the number of days after password expiration before the account
is disabled. Use a value of –1 to disable this functionality.
• –g Sets the user’s default group
• –G Specifies additional groups that the user is to be made a member of
• –l Changes the username
Linux Commands

• –L Locks the user’s account. This option invalidates the user’s

password.
• –m Sets the user’s home directory
• –s Specifies the default shell for the user
• –u Sets the UID for the user
• –U Unlocks a user’s account that has been locked
Linux Commands

• For example, suppose my jmcarthur user has recently married and

changed her last name to Sanders. I could update her user account
to reflect this change by entering usermod –l jsanders –c "Jackie
Sanders" jmcarthur at the shell prompt. When I do, the user’s
account information is updated in /etc/passwd, as shown here:
• ws1:/ # usermod -l jsanders -c "Jackie Sanders" jmcarthur ws1:/ #
cat /etc/passwd
• ...
• jsanders:x:1003:100:Jackie Sanders:/home/jmcarthur:/bin/bash
ws1:/ #
Linux Commands

Linux Groups

• Linux Groups
• Like other operating systems, Linux uses groups to
make managing the system easier. In this part of this
chapter, we’re going to discuss the following:
• How Linux groups work
• Managing groups from the command line
Linux Commands

Group

• A group is a collection of users which makes easy for

administration to perform the task of administration level.
• When they need to apply permissions and restrictions with
the same level to many users, the such permissions an
restricions can be applied to related groups.
• Users are assigned to groups.
• Every user is a member of at least one group and possibly
more.
• Each group is assigned a unique group ID number (GID)_
Linux Commands

Group

• Each group is given their own private group (perimary

group, usually the same name of the user).
• Users can be added to other groups.
• User’s primary group is defined in the etc/passwd file.
• User’s secondary group is defined in the etc/group file.
• All users in a group can share files that belong to that
user.
Linux Commands

How Linux Groups Work

• Groups make our lives as system administrators easier!.

To understand why, let’s take a look at a scenario. Suppose you
have seven users on a Linux system. Of these users, five of them
need almost the same level of access to files in the file system.
Without groups, you would need to assign the necessary
permissions separately to each of the five user accounts. That
means you would be doing the same exact task five times over.

• but just suppose you had 100 users that all needed the same level
of access. What a waste of time
Linux Commands

• Instead, you can implement groups on your Linux

system. With groups, you assign permissions to the
group and then make all the users that need that same
level of access members of the group. That’s much
easier!
Linux Commands

• If your Linux system has been configured to use local

authentication, your groups are defined in the /etc/group
file. A sample of this file follows:

• ws1:~ # cat /etc/group

• ...
• mail:x:12: maildrop:!:59: man:x:62: messagebus:!:104: modem:x:43:
news:x:13: nobody:x:65533:
• nogroup:x:65534:nobody ntadmin:!:71:
• ntp:!:103: polkituser:!:111: postfix:!:51: public:x:32: pulse:!:108:
• pulse-access:!:109: root:x:0:
• rtkit:!:107: shadow:x:15
• video:x:33:ksanders,tux,lmorgan,jsanders,rtracy,dtracy :
Linux Commands

• As with the /etc/passwd and the /etc/shadow files, each line

in /etc/group is a single record that represents one group.
Each record is composed of the following four fields:

Group:Password:GID:Users

For example, in the preceding example the record for the

video group reads as follows:

video:x:33:ksanders,tux,lmorgan,jsanders,rtracy,dtracy
Linux Commands

video:x:33:ksanders,tux,lmorgan,jsanders,rtracy,dtracy

– Group Specifies the name of the group. In the example, the name of
the group is “video.”
– Password Specifies the group password, if one is assigned
– GID Specifies the group ID (GID) number of the group. In this
example, the GID of the video group is 33.
– Users Lists the members of the group. In this case, the ksanders,
tux, lmorgan, jsanders, rtracy, and dtracy users are members of the
video group

• As with /etc/shadow, each line in /etc/gshadow represents a record for a single

group. Each record is composed of the following fields:

• Group_Name:Password:Group_Admins:Group_Members
•
Linux Commands
Managing Groups from the Command Line

• As with users, you can also manage groups with either command-
line or graphical tools. For example, both YaST and User Manager
can be used to create, modify, and delete groups on your Linux
system as well as user accounts. However, for the reasons
specified earlier, we’re going to focus on managing groups from the
shell prompt in this chapter. We will review the following tools:

 groupadd
 groupmod
 groupdel
Linux Commands

• Groupadd

• As you can probably guess from its name, the groupadd utility is
used to add groups to your Linux system. The syntax for using
groupadd at the shell prompt is relatively simple. Just enter
groupadd options groupname. For example, if I wanted to add a
group named farah, I would enter groupadd farah at the shell
prompt. When I do, a group is added to /etc/group using default
parameters specified in /etc/ login.defs.
Linux Commands

When using groupadd, you can override the defaults in /etc/login.defs

and customize the way the group is created using the following
options:

–g Specifies a GID for the new group

–p Specifies a password for the group. Just as with the useradd
command, you must use the openssl passwd -crypt command to
first encrypt the password you want to use with the -p option of
groupadd.
–r Specifies that the group being created is a system group
Linux Commands

• groupmod

To modify a group, including adding users to the group membership, you

use the groupmod utility. The syntax for using groupmod is similar to that
used by usermod. Enter groupmod options group at the shell prompt.
You can use the following options with the command

• –g Changes the group’s GID number

• –p Changes the group’s password. Just as with the usermod command,
you must use the openssl passwd -crypt command to first encrypt the
password you want to use with the -p option of groupmod.
• –A Adds a user account to the group
• –R Removes a user account from the group
Linux Commands

• For example, if we wanted to add ksanders to the IT group,

we would enter groupmod –A "ksanders" IT at the shell
prompt.

• Using groupdel If, for some reason, you need to delete an

existing group from the system, you can do so using the
groupdel command at the shell prompt. For example, to
delete the IT group, you would enter groupdel IT.
END