Effective user and permission management is the cornerstone of Linux system security and administration. As a senior Linux engineer, understanding and implementing robust user management practices is crucial for maintaining system integrity and preventing unauthorized access. This guide provides practical examples using core Linux commands to manage users, groups, and file permissions.
User Account Management
Creating Users
To create a new user, you can use the useradd command . This command creates the user account, but typically doesn’t set a password or create a home directory by default.
sudo useradd newuserFor a more complete setup, including creating a home directory and prompting for a password, use the adduser command .
sudo adduser newuser2Output (example):
Adding user `newuser2' ...
Adding new group `newuser2' (1002) ...
Adding new user `newuser2' (1002) with group `newuser2' ...
Creating home directory `/home/newuser2' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for newuser2
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]Listing Users
You can list all users by examining the /etc/passwd file. Using awk is a common way to extract just the usernames .
awk -F: '{ print $1 }' /etc/passwdOutput (example):
root
daemon
bin
sys
sync
games
man
lp
mail
news
...
newuser
newuser2Alternatively, you can list users currently logged in:
usersOutput (example):
yourusernameModifying Users
The usermod command allows you to modify existing user accounts . For example, to add a user to a supplementary group:
# Create a test group first
sudo groupadd testgroup
# Add newuser to the testgroup
sudo usermod -aG testgroup newuser
# Verify group membership
groups newuserOutput:
newuser : newuser testgroupSetting/Changing Passwords
Use the passwd command to set or change a user’s password:
# Change password for the current user
passwd
# Change password for another user (requires sudo)
sudo passwd newuserDeleting Users
To delete a user account, use the userdel command. Adding the -r flag removes the user’s home directory and mail spool as well.
# Delete user account only
sudo userdel newuser
# Delete user account and home directory
sudo userdel -r newuser2Group Management
Creating Groups
Create new groups using the groupadd command .
sudo groupadd developers
sudo groupadd adminsAdding Users to Groups
As shown earlier, usermod -aG is used to add a user to a group .
sudo usermod -aG developers newuser
sudo usermod -aG admins newuserListing Groups
List all groups defined on the system:
getent group | cut -d: -f1Output (example):
root
daemon
bin
sys
adm
tty
disk
lp
mail
news
...
developers
admins
testgroupList groups for a specific user:
groups newuserOutput:
newuser : newuser developers adminsDeleting Groups
Remove a group using the groupdel command:
sudo groupdel testgroupFile and Directory Permissions
Linux file permissions control read, write, and execute access for the owner, the group associated with the file, and others (everyone else) .
Viewing Permissions
Use the ls -l command to view file and directory permissions.
ls -l example_file.txt
ls -ld example_directory/Output (example):
-rw-r--r-- 1 yourusername yourgroup 0 Jul 26 10:00 example_file.txt
drwxr-xr-x 2 yourusername yourgroup 4096 Jul 26 10:00 example_directory/-: Regular file (dfor directory)rw-: Owner permissions (read, write)r--: Group permissions (read only)r--: Other permissions (read only)
Changing Permissions with chmod
The chmod command changes file permissions . You can use either symbolic or numeric modes.
Symbolic Mode
u: User/Ownerg: Groupo: Othersa: All (user, group, others)+: Add permission-: Remove permission=: Set permission explicitlyr: Readw: Writex: Execute
Examples:
# Give the owner execute permission
chmod u+x example_file.txt
# Remove write permission for the group and others
chmod go-w example_file.txt
# Give read and execute permission to everyone
chmod a+rx example_directory
# Set permissions explicitly (owner: rwx, group: rx, others: rx)
chmod u=rwx,g=rx,o=rx example_directoryNumeric Mode
Permissions are represented by numbers:
- Read (r) = 4
- Write (w) = 2
- Execute (x) = 1
Permissions for user, group, and others are specified as a three-digit number (e.g., 755).
7= rwx (4+2+1)6= rw- (4+2)5= r-x (4+1)4= r— (4)0= --- (no permissions)
Examples:
# Set owner read/write, group read, others read (644)
chmod 644 example_file.txt
# Set owner full access, group/others read and execute (755)
chmod 755 example_directoryChanging Ownership with chown
The chown command changes the user and/or group ownership of a file .
# Change owner to 'newuser'
sudo chown newuser example_file.txt
# Change owner to 'newuser' and group to 'developers'
sudo chown newuser:developers example_file.txt
# Change only the group to 'admins'
sudo chown :admins example_file.txt
# Recursively change ownership of a directory
sudo chown -R newuser:developers example_directorySummary
Mastering user and permission management in Linux is essential for system security and efficient administration. The commands useradd, adduser, userdel, usermod, passwd, groupadd, groupdel, groups, getent, chmod, and chown provide the core toolkit for these tasks. By understanding and applying these commands effectively, you can control access to your systems and data with precision.
