Manage users and groups on Linux It will allow you to keep the information you save on your computer safe. It will also make the OS work properly. This is due to the limits that you will exert on the operators.
For this reason, It is important to know how to manage users and groups in Linux, but first you must understand what is the difference between these terms.
This information can be found in the paragraphs of this article. Also, we will talk about which are the most important files and you will know the step by step that you must do to carry out a correct management.
Why is it important to manage users and groups in Linux?
Given the Linux is a multi-user OS there must be a logical order for the proper use of resources and proper operation. From this it arises that each user, or group, must have their space and their role within the system. So each user will be able to execute actions within the OS without putting its operation and the data of third parties at risk.
You should not forget that in a multi-user OS, in order to be well managed and protect the data, an account (consisting of the password and the user ID) must be granted to generate a specific path within Linux. In this route, all the user’s files will be safely stored, including their emails and their profile, thus preventing the intrusion of people outside the environment. Only the main administrator, or user root, you can set which files each user is allowed to run or read.
Also, thanks to Super user is established what modifications are allowed, for example, change your password when necessary or read a archive. Having these limits is a great long-term benefit for information protection. With the use of a UID or GID (identification number for users and groups) the administrator can even know if a file that should not be manipulated was altered.
What are the differences between users and groups in this OS?
An important part of doing good management is clearly understanding what a group is and what a user is in Linux. As a user you will have some limit (physical or virtual) to access the OS. This access is related to the username and password assigned by the main administrator. Many people think that a user account It is only intended for the use of natural persons. However, some of this type also grant access to certain virtual programs or applications.
On the other hand, groups within the OS work to bring together a set of users for the same purpose. No matter what role they play within a company or organization, the manager will group them together if they have a common goal. The latter means that a user can belong to more than one group, but must always be part of a main group that identifies them.
Among the vast expanse of files in Linux special files exist that facilitate the management of groups and users.
We show you the most important ones below:
/ etc / passwd
If you use the / etc / passwd file you will see all user account data.
These have contents in lines that include:
- Name user.
- The password encrypted.
- The UID which refers to the user’s identification number.
- The GID or identification number of the group to which the user belongs.
- The comments that complement the information or finger of the user.
- Directory starting point of a certain ID.
- The Shell which is used by each participant.
Each of these fields can be distinguished by two points “:”. Usually you will see the encrypted key symbolized by a “X” for standard users. If you want to expand this data you will have to go to the file “/ etc / shadow /”.
/ etc / group
It is a file that stores information concerning all groups in the system.
It will visually show you a series of lines that contain:
- Name of the group.
- The key encrypted if you have it.
- The GID or group identification number.
- Name of all the users that make up the group.
All this data will be separated by a colon “:”. And for usernames, these will be differentiated by commas “,”. If you want to view them you must have superuser privileges in the OS.
/ etc / shadow
In the File / etc / shadow I know saves information related to the passwords of users and groups, mentioned in the other file / etc / passwd. In order to work with this tool you must have root access.
There you will find:
- The login or username.
- The key encrypted.
- Time what happened since the last password change.
- The days remaining to change the password.
- The maximum time in which the OS will give the user to modify the key.
- A warning time in which the user will be alerted to change the password.
- Weather expiration date.
If in the key space you find an exclamation mark “!” it means that it is a blocked account. It can also be an account that has not yet been assigned a key class.
User and group management commands What are the most important?
We will show you in this section the most important commands that you should use to perform proper user and group management in Linux.
- sudo: it is the primary command to make any changes as administrator, superuser or root user. It means “Superuser does” and it almost always must precede any other argument that requires special permissions.
- useradd: makes it easy to create a new user from the console. You will also be able to use in the same way adduser, depending on the OS configuration. In FreeBSD, for example, it includes a wizard that simplifies management.
- usermod: provides an environment for editing user data. For example, your name, your group, lock the account and modify the maximum time to renew the key, among others.
- userdel: If you use this command, you will easily delete a user, whether or not they are logged into the system.
- groupadd: it is similar to useradd. With this argument you are going to create one or more new groups.
- groupdel: It is used to eradicate a group that does not have users as the main group within.
- groupmod: facilitates the management of changes or modifications within a certain group, works the same as usermod with users.
- passwd: This command allows the subsequent creation or change of the password of a certain user.
- id: if what you want is to see the identification number of a user or group, you will have to use this argument.
- finger: This argument is perfect for displaying data for a specific user. It will show you the login, his name in real life and the time he accessed the system, among other things.
- newusers– Generate multiple new users at once in multi-user mode.
- chpaswd: allows you to determine passwords or passwords in multi-user mode.
Learn step by step how to seamlessly manage Linux users
Next, you will find the step by step you must do to manage Linux OS users:
Create a user
For create a user you will have to access the terminal and enter the argument sudo (as root user) and then useradd in front of the new user’s name.
The command will be similar to:
- sudo useradd internet step step
If you want to assign a main group to that user you will have to use useradd -g, preceded by the group name and then the user name. This is done instead of using useradd.
Therefore, the command will be:
- sudo useradd -g namegroup internetstepstep
You will also be able to create a directory in /home with the user’s name. For this case, you are going to have to use sudo, useradd, username and -m. Next, you will have to create the password. For this you will have to use the command passwd which will also serve to modify it in the future.
The command will be:
- sudo passwd internet step, after that you will have to write the password twice for confirmation.
Delete users and groups
Thanks to the command userdel you will be able delete a user placing it followed by the corresponding name and its primary group.
- sudo userdel internetstep namegroup
In this case the working directory and internal files will not be deleted. If you want these to be permanently deleted, you must write userdel -r. Always preceded by sudo and before the name.
You will be left with this syntax:
- sudo userdel -r internetstep
In this way you are going to delete directories, files and even their emails. When you need to delete groups, you will have to enter the terminal groupdel, after sudo and before the group name.
An example of this is:
Remember that this group will only disappear if you do not have users who use the group as primary.
Change a user who owns a file
Using the argument chown, preceded by sudo, you are going to change the owner of a specific directory or file. That is, you will change a user who owns a file if you put sudo chown, then the new name of the owner user and finally the title of the corresponding file.
The syntax of the command will be:
- sudo chown ipap internet step, where Pap would be the new owner of the file internet step.
Edit users and groups
After having created some users you may want edit your data, for that there is the argument usermod. That is, if you want to enter a new comment for a user, you will have to use the argument sudo usermod -c and place the comment.
Giving way to:
- sudo usermod -c ipap comments
As in all commands there are variables, for example, with -l you lock an account, while with -g you will renew the primary group the user is in. If we use -s or -d you will change the Shell or the working directory, respectively. You should not forget that all these commands must be preceded by sudo usermod. Whereas, to modify data of a certain group you can use the command groupmod. Keep in mind that with groupmod –n you will change the name of the group and with groupmod –g you will modify its GID.
You will have a result similar to:
- sudo groupmod -n namegroupnew, for renew your name.
- sudo groupmod -g gidgroupnew for change your GID.
If you have any questions, leave them in the comments, we will answer you as soon as possible, and it will also be of great help to more members of the community. Thank you! 😉