Mastering Linux User Account Management: Essential Tips and Techniques
Table of contents
- User Account Management in Linux
- Creating a User
- Identifying if a User is Created
- Creating a User with Specific Options
- Deleting a User
- Modifying a User
- Group Management
- Understanding User and Group Info
- File Permissions with ACL (Access Control List)
- File Permissions - Types and Levels
- Understanding Permission Scores
- Switching Users
- Understanding Sudo
- Conclusion
User Account Management in Linux
Managing user accounts in Linux is a crucial task for administrators. This comprehensive guide covers handling user and group accounts, and managing file permissions using Access Control Lists (ACLs).
Creating a User
To create a new user:
useradd <username>
Identifying if a User is Created
To check if a user exists:
id <username>
Creating a User with Specific Options
To add a user to an existing group, specify the user shell type, add a comment, and define the user’s home directory:
useradd -g <existing group name> -s /bin/bash -c "comment" -m -d /home/username <username>
Example:
useradd -g QA -s /bin/bash -c "For testing only" -m -d /home/victor victor
This command adds the user victor to the existing group QA, sets the shell type to /bin/bash, adds a comment, and defines the home directory as /home/victor.
Deleting a User
To delete a user:
userdel <username>
To delete a user and their home directory:
userdel -r <username>
To force delete a user, even if they are logged in:
userdel -f <username>
Modifying a User
To add a user to a new group without changing the default group:
usermod -G <group name> <username>
To change the default group of a user:
usermod -g <group name> <username>
To move the content of the home folder to a new folder:
usermod -m -d /home/newfolder <username>
To lock or unlock a user:
usermod -L <username> # Lock user
usermod -U <username> # Unlock user
Group Management
Creating a Group
To create a new group:
groupadd <group name>
Deleting a Group
To delete a group:
groupdel <group name>
Checking Group Information
Check the /etc/group file for group details.
Understanding User and Group Info
User information is stored in the /etc/passwd file. Passwords and related details are stored in the /etc/shadow file.
File Permissions with ACL (Access Control List)
ACLs allow you to set more specific permissions for files or directories without changing the base ownership and permissions.
Commands
setfacl: Set file ACLgetfacl: Get file ACL
Adding Permissions for a User
To add permissions for a user:
setfacl -m u:<username>:rwx <target_file>
Example:
setfacl -m u:shan:rw- package-lock.json
Adding Permissions for a Group
To add permissions for a group:
setfacl -m g:<group_name>:rwx <target_file>
Removing Permissions
To remove a specific entry:
setfacl -x u:<username> <target_file>
To remove all entries:
setfacl -b <target_file>
Adding Permissions for a User in All Files Inside a Folder
To recursively add permissions for a user in all files within a folder:
setfacl -Rm u:<username>:rw <folder_name>
Viewing File Permissions
To see file permissions:
ls -l
File Permissions - Types and Levels
Permission Types
r: Readw: Writex: Execute
Permission Levels
u: User (owner)g: Groupo: Othersa: All
Changing Permissions
To add or remove permissions:
chmod u+r <file_name> # Add read permission for the user
chmod u-r <file_name> # Remove read permission for the user
chmod ugo+r <file_name> # Add read permission for all
chmod a+rwx <file_name> # Add read, write, and execute permissions for all
Changing Ownership
To change the owner:
chown <username> <file_name>
To change the group:
chown <username>:<group_name> <file_name>
Understanding Permission Scores
Each permission has a numerical value:
r = 4w = 2x = 1
Example:
chmod 774 <file_name>
rwxfor the user (7 = 4+2+1)rwxfor the group (7 = 4+2+1)r--for others (4)
Common Permissions:
644: File Baseline755: Directory Baseline
Switching Users
To switch users:
su - <username> # Switch to user and move to their home directory
su <username> # Switch to user but stay in the current directory
Note: su stands for Substitute User, not Switch User.
Understanding Sudo
sudo stands for "Super User Do". It temporarily grants a user administrative rights.
To grant sudo access to a user:
usermod -aG sudo <username>
Check the user’s groups with:
id <username>
You can also provide limited access to specific commands by editing the /etc/sudoers file using visudo.
Conclusion
By mastering the essential commands and techniques outlined in this guide, you can efficiently manage user accounts, groups, and file permissions in Linux. These skills are crucial for maintaining a secure and well-organized system. Whether you are creating new users, modifying existing ones, or setting precise file permissions with ACLs, these practices will help you ensure that your Linux environment is both functional and secure. Happy administering!