User administration is the process of creating and managing different types of user accounts on a linux operating system and their respective permissions in an operating system.
In this tutorial we will learn about user administration on linux based operating system.
User Accounts
In Linux, there are three types of user accounts:
- Root/Super User
- System User
- Normal User
Root/Super Account: This user account is also known as the root account. It has all the permissions and can run all the commands without any restrictions.When you install operating system the root account is created.
System Account: System users mostly run system services and processes in the background. System user does not own home directory. We user this account to run a daemon, service, or other system software, rather than an account for interactive use.
Normal Account: Normal user accounts are created by root user so that user can login and perform different tasks on a server. Root user can also assign or restrict their access to some file or directories.
How to login using user account?
Normally, when root user creates normal user account they have username and password. You need to know which server this account is created for.
To login you need server ip address, username and a password. You can use terminal or putty software to login to linux machine. Use following command to login:
# login to server using user account ssh user@127.0.0.1
It will ask you to enter password and then you would be able to see home directory once you are logged in.
Important user administration files
- /etc/passwd - when root user creates a new user it will add entry for this newly created user in this file. This file holds user account related information.
- /etc/shadow - this file holds encrypted password for the entry in /etc/passwd file for the user. Not all system supports this file.
- /etc/group - this file keeps info regarding user group for each account.
- /etc/gshadow - this file contains secure group account information
How to create normal user in linux?
To create a normal user in linux you first need to login as a root user to your linux server and then run following command to create new user.
# create a normal user useradd john # assign passwod to john user passwd john # check user entry in /etc/passwd file cat /etc/passwd | grep -i john
What happens when user is created:
- system will create unique user id for newly created user
- it will also create a group name same as your username with unique group id
- a new record related to user will be added to /etc/passwd and /etc/shadow files
Followings are some other ways of creating user accounts using diff options:
| Command | Description |
|---|---|
| useradd <user> | creates a user with home directory /home/<username> |
| useradd -d <dir-location> <user> | creates user with different home directory |
| useradd -u <id> <user> | creates user with user id provided |
| useradd -u <id> -g <group-name> <user> | creates user with user id and user group provided |
| id -gn <user> | displays current users group name |
| usermod -a -G <groups seperated by comma> <user> | adds existing user to multiple groups |
| id <user> | shows current user group and user id |
| useradd -M <user> | add user without home directory |
| useradd -e <YYYY-MM-DD> <user> | creates user with expiry date of the account |
| chage -l <user> | verify age of the user account |
| useradd -e <YYYY-MM-DD> -f <days> <user> | creates user with expiry date and days to expire his password |
| useradd -c <comment> <user> | adds user with some comments |
| useradd -s <shell-location> <user> | creates user with login shell assigned |
| userdel <user> | delete a user |
| useradd -g <primary-group> -G <secondary-group> <user> | creates user with primary and secondary group |
| passwd -l <user> | lock user's password |
| passwd -u <user> | unlock the user password |
| usermod -l <new-name> <existing-name> | change name of the user |
| usermod -d <dir-loc> <user> | change user's home directory |
| usermod -L <user> | lock user's account |
| usermod -U <user> | unlock the user account |
User groups
In linux groups are created in order to organize and administer user accounts. The primary purpose of the group is to define set of permissions such as read, write and execute for a given resource.
There are two types of groups:
- The Primary Group - usually name of the group is same as the name of the user. When user is created group with same name as user is also created.
- Secondary Group - this group is useful when you want to grant certain file or folder permissions to set of users.
Each user can belong to exactly one primary group and zero or more secondary groups.
How to create a group in linux?
There are different commands that you can use in order to create groups. Followings are some of thw ways you can create a new group or add user to group.
| Command | Summary |
|---|---|
| groupadd <group> | creates a group with name provided |
| usermod -a -G <group> <user> | adds an existing user to a secondary group |
| usermod -a -G <group1, group2> <user> | add user to multiple groups |
| groupdel <group> | delete a group |
| usermod -g <group> <user> | changing users primary group |
| groups <user> | shows user's seconday groups |
In next tutorial we will learn about user permissions or access control.