Linux: How to Manage Users & Groups in Linux

Users and Groups

File access and ownership in Linux, like any other operating system, is permission-based. The distribution allows to create of different users and all the data related to a user is stored located in the Linux File System as /home/username generally. But it can be different depending on the linux distribution. This method, Linux ensures that a certain file can only be edited by a specific user. There are two forms of identification: user id (UID) and group ID (GID).

Users include not just people but also other system daemons that do various tasks in order for a program to run. The most essential and powerful user in Linux is superuser, commonly known as root. It has complete power over everything and can modify or stop anything. This raises the possibility of destroying system files. This is why operating as root is not recommended all of the time. When root access is required, Linux provides the sudo (superuser do) command.

To explore user and permissions settings in linux, we may try to read to protected file and see what the system says about it. 

$ cat /etc/shadow

As a result, the system displays that the user does not have permission to view the file. After that, we may look at the file’s permissions.

$ ls -la /etc/shadow

We can see that, permission is reserved for root. So, to read the file, you need to operate as superuser by using sudo command. Let’s try this.

$ sudo cat /etc/shadow

Following the sudo command, the system will prompt for the superuser password. You can read the file after providing the password.

Another option is to use the ‘su’ command to run the terminal as a superuser. If you supply the root password, the user’s terminal will be substituted by superuser.

$ su

As a result, you have root access. Any command you type in the terminal will be run as root. However, there is a significant danger of system corruption. It’s best not to use terminal as root unless absolutely necessary.

/etc/passwd

In linux, a user has user name and user id (UID) or password. Only username is not sufficient enough for identification. All the user’s information are stored in the /etc/passwd folder. 

$ cat /etc/passwd

This shows long list of users and other information about the users separated by colons.  The first user depicted here is root. Let’s see what other information it tells.

• Username: inital name of each line is the username such as root, daemon, bin.
• User’s password: The user’s password is indicated by the letter x. However, passwords are not stored here, but in the /etc/shadow file Instead. A “*” and a blank box can also be seen here, indicating that the user does not have login privileges and that the user has no password respectively.
• User ID (UID): An ID is attached to every user such as  user has id of 0.
• The group ID
• GECOS field: 
• User’s home directory
• User’s shell 

/etc/shadow

As we saw earlier, it needs superuser permissions to read the file. Because, it stores sensitive data like the passwords of users. Let’s try to read the file again and try to understand the pieces of information it contains. 

$ sudo cat /etc/shadow

From the result, we can see that pieces of information are separated by colons just like the /etc/passwd file. The stored data are discussed below:

• Username: It starts with username like root, daemon,bin.
• Password: The passwords are encrypted here. 
• Date of last password changed
• Minimum and Maximum password age: Minimum and maximum times a user has to wait before changing their password again.
• Account expiration date: After this date user will lose it’s login privileges. 

/etc/group

This is another important file that contains  data about the different groups with their permissions. Let’s try to read this with ‘cat’ command.

$ cat /etc/group

The informations are listed below:

• Group name: The initial name is the group name.
• Group password: ‘x’ refers to the group password. However, a group password is not always necessary.
• Group ID (GID): A group ID like 0,1,2 is set for all the groups available.
• List of users: Users that belong to the group. You may do this manually with proper authentications. 

User Management Tools

Managing users requires root-level access. With the proper authentications, there are ways to add or remove users to the machine. In this section, we will explore these kinds of operations.

To add a new user, one need to use ‘useradd’ or ‘adduser’ command. Run the following command.

$ sudo adduser Dalton

As you can see in the figure, the system will ask you about the new user’s data such as Name, phone number, and password. If the data are correct, it will create a new user. You can see these pieces of information by looking into the /etc/passwd and /etc/shadow files.

You can also change the password for an user. You must need superuser access. To accomplish this, you need to run the following command.

$ sudo passwd dalton

You can also remove an user. For this, the ‘userdel’ command is used. And of course, you need superuser or root access to do this. 

$ sudo userdel dalton

Running this command will delete the dalton user from the system.