1. Users
Let us consider two users of a system namely Phanee and Gopi.
Phanee may have some set of privileges and Gopi may have some set of privileges, which may or may not be equal. Every user has their own home directories where the users specific files are stored.
Linux uses the UID to recognise the user who is currently using the system.
It uses GID to recognise the group. Every group may have different set of permissions.
Example : Phanee, Gopi are different users.
Example : Web developers, Devops, DBMS are different groups.
There can be more users in the system other than you as a user, now these users make sure that every process in the system is running perfectly fine.
Example : Some of the users are responsible for showing GUI, likewise there can be different users for different processes in the system.
Most powerful user in the system is root user, also known as Super user.
- It can access any file in the system.
- It can start/stop any process of the system.
There may be some files which cannot be accessed by a normal user. To access these kind of files you can use sudo command. Sudo stands for Superuser do.
cat /etc/shadow
sudo cat /etc/shadow
To make current user as a superuser use following command :
sudo su
exit
exit command is used to exit from being a superuser and become a normal user.
To know who are the users can use sudo command use below command.
sudo cat /etc/sudoers
It's not a good practice to use sudo command all the time because if you have root privileges then you might delete some files in the system and end up with system crash or some other issues. So use it only if it's needed.
Downsides of being superuser
- You might delete critical files and end up crashing your OS.
- History will not be saved when you are running any commands as superuser.
If you wish to see all the users details in the system use below command :
sudo cat /etc/passwd
or
cat /etc/passwd
Details of a user.
To see the content in this file use:
cat /etc/passwd
Let's consider the first user in /etc/passwd file and try to understand.
root:x:0:0:root:/root:/bin/bash
This can be divided into 7 fields:
1 -
root(Username).2 -
x
Password ('x' represents that password will be stored in/etc/shadow).3 -
0
UserID4 -
0
GroupID the user belong to.5 -
root
Additional user info.6 -
/root
User home directory.7 -
/bin/bash
User's shell.
More about /etc/shadow password file.
This file actually contains encrypted passwords of the user's account.
To see the content in this file use:
sudo cat /etc/shadow
root:!:19129:0:99999:7:::
Let's consider the numbering as below:
1 -
root(Username)2 -
!
Password, '!' represents that password is encrypted.3 -
19129
Date of last password changed i.e., no of days since Jan 1 1970.4 -
0
Minimum password age, in this case user can change the password after 0 days.5 -
99999
Maximum password age, here 99999 represent that after these many days user should change the password.6 -
7
Warning period for a password (Before 7 days to expire it warns the user to change the password).7 -
Password expiry period. Blank represents no expiry for password.8 -
Account expiration date. Lets say if its value is 3 then after 3 days user account will be expired. Blank represents no expiry for account.9 -
Reserved field, even developers have not figured out for what purpose this field is used. This is something that may be useful for future generations.
If you observe the previous command which is cat /etc/passwd we may or may not use sudo to access passwd file but here to access shadow file which contains encrypted passwords in it we should use sudo command. This is more of user permissions which we will be learning in next blog.
chage
A user can check password expiration details using chage command
chage -l user_name
To see the root user password expiration details.
sudo chage -l root
I have used sudo because as a normal user I have no permissions to access the root files.
2. Groups
Group is a collection of users. The purpose of creating group is to define set of privileges for a given resource that is shared among users in the group.
To view the groups in the system :
cat /etc/group
Details of a group.
root:x:0:
This is divided into 4 parts :
1 -
root
Group name.2 -
x
Group password.3 -
0
GroupID.4 - List of Users in group.
Create, Delete Users & Groups
Create user :
sudo useradd user_name
You can confirm whether user created or not by using this command:
id user_name
Or you can use cat /etc/passwd to verify whether user is created or not.
After creating user using above command , user directories have not been created inside /home directory. So new user cannot login into his/her account.
To create a new user with its directories :
sudo useradd -m -s /bin/bash user_name
Now, after executing the above command if you navigate to /home directroy you can observe new directory with mentioned username is created.
Now you need to set password to the newly created user using :
sudo passwd user_name
You can observe that creating user takes a lot of commands, there is one command that automates this entire process :
sudo adduser user_name
After setting up username and password you can login into your account in 2 ways:
- GUI.
- Execute
su - user_namein terminal.
In above picture after changing user using su command username has been changed from phanee to phaneetwts.
Delete user
Like creating a user, there are 2 commands for deleting a user
sudo userdel user_name
If you observe carefully the /home directory of new user have not been deleted, can be deleted using this command :
sudo deluser --remove-home user_name
Create group
sudo groupadd group_name
Add users to groups
sudo usermod -aG group_name1, group_name2 user_name
Delete users from group
sudo gpasswd -d user_name group_name
Delete group
sudo groupdel group_name
Change users primary group
sudo usermod -g group_name user_name
Create user and assign groups :
To add a user to a primary group use useradd followed by -g and -G to add secondary groups to user.
sudo useradd -g primary_group -G secondary_group1, group2 username
To check the information of user, including all the groups of which the user is member of use id command followed by username.
id phanee
Though you ignore username in the above command you will get details of current user.
More about user and group permissions in next blog :-)