Linux User and Group Management Guide
Following our previous guide on Linux file permissions, understanding user and group management is crucial for effective system administration. This comprehensive guide will walk you through the essential concepts and commands for managing users and groups in Linux.
User Management Basics
Viewing User Information
The system stores user information in several key files:
# View user information
$ cat /etc/passwd
john:x:1000:1000:John Doe:/home/john:/bin/bash
# View encrypted passwords
$ sudo cat /etc/shadow
john:$6$xyz...:18962:0:99999:7:::
Creating Users
# Create a new user
$ sudo useradd -m -s /bin/bash newuser
# Create user with additional information
$ sudo useradd -m -s /bin/bash -c "Full Name" -G sudo,developers newuser
# Set/change password
$ sudo passwd newuser
Common useradd options:
-m
: Create home directory-s
: Specify login shell-c
: Add comment/full name-G
: Add to supplementary groups-e
: Set account expiry date
Modifying Users
# Change username
$ sudo usermod -l newname oldname
# Change home directory
$ sudo usermod -d /newhome/user user
# Add to additional groups
$ sudo usermod -aG docker,developers user
# Lock/unlock account
$ sudo passwd -l user # Lock
$ sudo passwd -u user # Unlock
Deleting Users
# Remove user
$ sudo userdel username
# Remove user and home directory
$ sudo userdel -r username
# Backup home directory before removal
$ sudo tar -czf username-backup.tar.gz /home/username
$ sudo userdel -r username
Group Management
Viewing Groups
# List all groups
$ cat /etc/group
# View user's groups
$ groups username
# View current user's groups
$ groups
Creating and Modifying Groups
# Create new group
$ sudo groupadd developers
# Add user to group
$ sudo gpasswd -a username developers
# Remove user from group
$ sudo gpasswd -d username developers
# Change group ownership
$ sudo chgrp developers /path/to/directory
Primary vs Supplementary Groups
# Change primary group
$ sudo usermod -g newgroup username
# Add supplementary groups
$ sudo usermod -aG group1,group2 username
Advanced User Management
User Limits and Restrictions
Using /etc/security/limits.conf
:
# Set maximum processes
username hard nproc 100
# Set maximum file size
@developers soft fsize 1000000
Setting Up User Templates
The /etc/skel
directory contains template files:
# Add default files for new users
$ sudo cp .bashrc /etc/skel/
$ sudo cp .vimrc /etc/skel/
Best Practices
-
User Creation
- Use strong passwords
- Set appropriate shell and home directory
- Add users only to necessary groups
-
Security
- Regularly audit user accounts
- Remove unused accounts
- Lock system accounts
-
Group Management
- Use descriptive group names
- Maintain clear group purposes
- Regular group membership audits
Practical Examples
Setting Up Development Team
# Create development group
$ sudo groupadd developers
# Create user accounts
$ sudo useradd -m -s /bin/bash -G developers dev1
$ sudo useradd -m -s /bin/bash -G developers dev2
# Set up project directory
$ sudo mkdir /opt/project
$ sudo chown :developers /opt/project
$ sudo chmod 2775 /opt/project
Temporary Access Management
# Create temporary user
$ sudo useradd -m -e $(date -d "+30 days" +%Y-%m-%d) tempuser
# Add to specific group
$ sudo usermod -aG project_team tempuser
# Set password expiry
$ sudo chage -M 30 tempuser
Troubleshooting
-
Access Denied Issues
# Check user groups $ groups username # Verify file ownership $ ls -l /path/to/file # Check effective permissions $ sudo -u username ls -l /path/to/file
-
Group Permission Issues
# Fix group ownership $ sudo chgrp -R groupname /path/to/directory # Set SGID for group inheritance $ sudo chmod g+s /path/to/directory
Conclusion
Effective user and group management is fundamental to Linux system administration and security. Combined with proper file permissions (as discussed in our previous article), these skills form the backbone of system access control.
In our next guide, we’ll explore Linux file system security, building upon the concepts we’ve covered in both file permissions and user management.