RLG : User Management in Linux

We used AI while writing this content.

1. Adding Users

To add a new user, use the useradd command:

sudo useradd <username>

By default a primary private group with the same name is created to house the new user. That is, the newly created user Alice would be part of the Alice group.

To create a user and set their password:

sudo useradd <username>
sudo passwd <username>

2. Modifying Users

To modify an existing user, use the usermod command. For example, to change a user's home directory:

sudo usermod -d /new/home/directory <username>

To add a user to a group:

sudo usermod -aG <groupname> <username>

3. Deleting Users

To delete a user:

sudo userdel <username>

To delete a user and their home directory:

sudo userdel -r <username>

4. Viewing User Information

To view information about a user:

id <username>

To list all users:

cat /etc/passwd

5. Managing Groups

To create a new group:

sudo groupadd <groupname>

To delete a group:

sudo groupdel <groupname>

To view all groups:

group

6. Switching Users

To switch to another user:

su - <username> # - opens a log-in shell so /etc/profile and other config files are correctly loaded.

7. Locking and Unlocking Users

To lock a user account:

sudo usermod -L <username>

To unlock a user account:

sudo usermod -U <username>

8. Checking Login History

To view login history:

last

9. Managing Sudo Access

To give a user sudo privileges, add them to the sudo group:

sudo usermod -aG sudo <username>

10. Best Practices

• Regularly review user accounts and remove unused ones.
• Use strong passwords and enforce password policies.
• Limit sudo access to trusted users.

By mastering these commands and practices, you can effectively manage users in a Linux environment.

11. Managing File Permissions

File permissions control who can read, write or execute a file or traverse a directory. Use chmod, chown and chgrp for basic permissions, and setfacl/getfacl for finer-grained ACLs.

Reading permissions

A quick way to inspect permissions is ls -la. Example output:

drwxr-xr-x 11 midiverse-user midiverse-user 4096 Dec  4 15:24 midiverse

• d: file type — d = directory, - = regular file, l = symbolic link, c/b = device file.
• rwxr-xr-x: the permission string split into three triads:
  • first triad (rwx) = owner permissions (read, write, execute).
  • second triad (r-x) = group permissions (read, no write, execute).
  • third triad (r-x) = others/world permissions (read, no write, execute).
• 11: link count — for directories, the number of subdirectories (including ./..) or hard links.
• midiverse-user midiverse-user: owner and group names.
• 4096: size in bytes (for, directories, the size unintuitively does not reflect the size of its content but only the size of the file table ).
• Dec 4 15:24: modification timestamp.
• midiverse: the file or directory name.

Notes and corner cases:

• If you see an s or S in the owner/group execute position (e.g. rws or rwS), that indicates setuid/setgid bits; lowercase s means execute bit + special bit set, uppercase S means special bit set but execute not set.
• A t or T at the others' execute position indicates the sticky bit (common on shared dirs like /tmp) — lowercase t means executable + sticky, uppercase T means sticky without execute.
• ACLs can add extra per-user rules; ls -l may show a trailing + after the mode (e.g. -rw-r--r--+) — use getfacl <file> to inspect ACL entries.

Common quick checks:

• See mode in numeric form: stat -c %a <file> (outputs e.g. 755).
• See full detailed stat: stat <file>.

Changing permissions

Basic ownership change:

sudo chown <owner>:<group> <file_or_directory>

Basic permission changes (symbolic):

# add write for owner
sudo chmod u+w <file>
# remove execute for group
sudo chmod g-x <script>

Basic permission changes (numeric):

# rw- for owner, r-- for group, --- for others
sudo chmod 640 <file>
# rwxr-xr-x (common for executables/directories)
sudo chmod 755 <file_or_directory>

For more info on the numeric form of file permissions, see this link

Directories need the execute (x) bit to be set to allow entering/traversal. For recursive updates:

sudo chmod -R 750 /path/to/project

Using ACLs for per-user permissions:

# give user alice rwx on a file
sudo setfacl -m u:alice:rwx <file>
# view ACLs
getfacl <file>

Special bits and considerations:

• suid/sgid: used for binaries and shared directories; use sparingly (e.g. chmod u+s <binary>).
• setgid on directories (chmod g+s dir) makes new files inherit the directory group.
• sticky bit on shared directories (chmod +t /tmp) prevents users from deleting others' files.

Copyleft Statement

Renoncé du droit d'auteur

Much of our content is freely available under the Creative Commons BY-NC-ND 4.0 licence, which allows free distribution and republishing of our content for non-commercial purposes, as long as Ronzz.org is appropriately credited and the content is not being modified materially to express a different meaning than it is originally intended for. It must be noted that some images on Ronzz.org are the intellectual property of third parties. Our permission to use those images may not cover your reproduction. This does not affect your statutory rights.

Nous mettons la plupart de nos contenus disponibles gratuitement sous la licence Creative Commons By-NC-ND 4.0, qui permet une distribution et une republication gratuites de notre contenu à des fins non commerciales, tant que Ronzz.org est correctement crédité et que le contenu n'est pas modifié matériellement pour exprimer un sens différent que prévu à l'origine.Il faut noter que certaines images sur Ronzz.org sont des propriétés intellectuelles de tiers. Notre autorisation d'utiliser ces images peut ne pas couvrir votre reproduction. Cela n'affecte pas vos droits statutaires.