User Management in Linux | Complete Guide

linux user management

Overview

Sometimes we need to give the same permission to multiple users, such as editing and viewing a file. One way is to authorize file access for multiple users separately. If there are 10 users, authorization is required 10 times. What if there are 1000, 10000 or more users?

Obviously, this method is not reasonable. The best way is to create a group, let this group have the permission to view and modify this file, and then put all users who need to access this file into this group. Then, all users have the same permissions as the group, which is the user group. User Management in Linux is very important and it can avoid manual work.

If there are 4 users on a Linux server, namely root, www, FTP, and MySQL. At the same time, the root user may be viewing system logs, managing and maintaining the system; www users may be modifying their own web programs; FTP user may be uploading software to the server; the MySQL user may be executing his own SQL query, each user does not interfere with each other, and conducts his own work in an orderly manner.

At the same time, unauthorized access is not allowed between users. For example, www users cannot perform SQL query operations of MySQL users, and FTP users cannot modify the web programs of www users.

Different users have independent permissions, and each user completes different tasks within the scope of permissions. It is through this division and management of permissions that Linux realizes a multi-user and multi-task operation mechanism.

Therefore, if you want to use the resources of the Linux system, you must apply for an account from the system administrator, and then enter the system through this account (account and user are the same concepts). By establishing users with different attributes, on the one hand, system resources can be reasonably used and controlled, and on the other hand, users can organize files and provide security protection for user files.

Each user has a unique user name and password. When logging in to the system, only the correct user name and password can enter the system and your home directory.

USER ID and GROUP ID

When you log in to Linux System using username and password then Linux does not recognize user name. It only recognizes the ID number that is mapped to the user name in /etc/passwd file. The user name has no practical effect, it is just for user easiness.

Then reader may ask if Linux does not recognize the user name then how does the file distinguish its owner name and group name?

Each file has its own owner ID and group ID when displaying file attributes.

USER AND GROUP DATA

There are 4 main files for user and group information:

FileDescription
/etc/passwdIt is a password file containing basic user information. All users can perform read operations on this file.
/etc/shadowIt is a shadow password file containing encrypted passwords.
/etc/groupIt is a group file that contains basic information about the group and which users belong to them.
/etc/gshadowIs the shadow group file containing the encrypted group passwords.

The passwd and group files are readable by all users but encrypted passwords are not readable by all users. Therefore shadow files are encrypted and are only readable by the root user.

1. /etc/passwd content explanation

user management in linux

As you can see /etc/passwd the content in the file is very regular, and each line of record corresponds to a user. Above vast majority of users are system users and they cannot be used to log in to the system. They cannot be deleted because once if the system user is deleted then services may stop working.

Each Line of the user is divided into 7 fields with “:” as the separator and meaning are as follow.

rootx00root/root/bin/bash
User NamePassword PlaceholderUser UIDGroup GIDComment InformationUser Home DirectoryLogin Shell

User Name: It is the string representing the identity of the user.

Password Placeholder: x indicates that the password is associated with the user in /etc/shadow.If x is deleted then the password is removed for the user and the user can log in with just a username.

UID: It is a unique UID that is given to each user and Linux uses this UID to identify each user. 0 – Root User, 1-499 – System User, 500-65535 – General user.

GID: It represents the group ID number of the user’s initial group.

Comment Information: This field has no important purpose, just to explain the meaning of this user.

User Home Directory: It is the access directory for which the user has operation authority after logging in, usually called the user’s home directory.

Login Shell: Shell is the command interpreter of Linux and the bridge between users and the Linux kernel. The system only recognizes machine language so in order to interpret the Linux command Shell is used.

2. /etc/shadow content explanation

user management in linux

As you can see /etc/shadow the content in the file is very regular, and each line of record corresponds to a user. Each Line of the user is divided into 9 fields with “:” as the separator and meaning are as follow.

root*187470999997
User name Encrypted PasswordLast Modification TimeMinimum Modification IntervalPassword Validity PeriodNumber of warning days before the password needs to be changedGrace time after password expirationAccount expiration timereserved field

User name: It is the string representing the identity of the user.

Encrypted Password: If a password is present then the password string is in encrypted form. ! indicate no password associated with the user. The current Linux password uses the SHA512 hash encryption algorithm, which originally used the MD5 or DES encryption algorithm. The SHA512 hash encryption algorithm has a higher encryption level and is more secure.

Last Modification Time: How many days have passed since 1970 when the password was last changed.

Minimum Modification Interval: Minimum number of days to use the password. 0 means unlimited.

Password Validity Period: The maximum number of days to use the password. 9999 indicates the limit.

3. /etc/group content explanation

user management in linux

As you can see /etc/group the content in the file is very regular, and each line of record corresponds to a user group information. Each line of the file is divided into 4 fields with “:” as the separator and meaning are as follow.

rootx0
Name of User GroupPassword Placeholder for user groupGID of the user groupDisplay the user group as an additional group for which user, multiple separated by a comma.

Password Placeholder: x indicates that the password is associated with the user in /etc/gshadow.

Each user can join multiple additional groups, but can only belong to one initial group. So in our actual work, if we need to add users to other groups, we need to add them in the form of additional groups. For example, if we want infohubblog to join the root group, we only need to add infohubblog in the last field of the first row root:x:0:infohubblog

4. /etc/gshadow content explanation

user management in linux

As you can see /etc/gshadow the content in the file is very regular, and each line of record represent the password information of a group of users. Each line of the file is divided into 4 fields with “:” as the separator and meaning are as follow.

root*
Group NameGroup PasswordGroup AdministratorAdditional User in group

Group Name: The same /etc/group group in the name of the file corresponds.

Group Password: The password for the group. If no password is associated with the group then “!” the symbol is used.

Group Administrator: If the super administrator is busy and if some user wants to join the group then the group manager or group administrator can add the user to the group.

Additional User: This field displays the user group which additional users, and /etc/group the file group attached to display the same content.

User management in Linux Common Commands

1. Add a new system user

In the Linux system, you can use the useradd command to create a new user. The basic format of this command is as follows:

user management in linux

In fact, the system has provided us with a lot of default values, and users can be successfully created without using any options without special requirements.

useradd infohubblog

This line of command means to create a normal user of infohubblog.

2. Modify user password

Learning the useradd command, we know that when using this command to create a new user, the user password is not set, so it cannot be used to log in to the system, so passwd is the password configuration command.

user management in linux

For example, if we use the root account to modify the password of the ordinary user of infohubblog, we can use the following command:

passwd infohubblog

If you are already logged in to the user then you simply change the password without specifying a user name.

3. Modify user information usermod

user management in linux

In order to Lock the specific user(infohubblog) so that no one can log in except root then use the below command.

usermod -L infohubblog #Lock the infohubblog useraccount.
usermod -U infohubblog #UnLock the infohubblog useraccount.

In order to add users to a Particular group use the below command.

usermod -G root infohubblog #Add user infohubblog to root user

Similarly, you can use various options of usermod.

4. Check User Password Status

In order to check detail regarding passwords such as expiry date, last password change and many more than you can use passwd or chage command.

passwd -S infohubblog #Check Password Status of user infohubblog
chage -l infohubblog #Check Password Status of user infohubblog
user management in linux

5. Delete User

The function of the userdel command is very simple, that is, to delete the user’s related data.This command can only be used by the root user.

user management in linux
userdel -r infohubblog #Delete User infohubblog and -r specidy remove home directory

For Related to Group Command I have already covered it in GroupMod Blog.

Hope you like our “User management in Linux” blog. Please subscribe to our blog for getting the latest blog in your email inbox.

Happy Coding!

2 Comments on "User Management in Linux | Complete Guide"

  1. Write more, thats all I have to say. Literally, it seems as though you
    relied on the video to make your point. You definitely know what youre talking about, why throw away your intelligence on just posting videos to your weblog when you could be giving us something enlightening to read?

Leave a comment

Your email address will not be published.


*