Users, Groups, and Permissions

  • There are three main types of users: superuser, system users and regular users.
    • superuser is called root user and it has UID number zero 0. Full access user
    • systems user – runs process such as Daemon (these process don’ts require as superuser). This account is assigned non-privilege account that allow them to secure their file and other resources from each other and from regular users on the system. With this account, users do not login using user account
    • regular user – standard user account
  • To view process information use PS command
    • -a option view all processes with a terminal
    • -u to view user associated with a process
The file location for /etc/passwd:
Bash
 1       2  3    4       5                       6             7
userName:x:1000:1000:userName_first_and_last:/home/userName:/bin/bash
  1. userName – user name to log in to the console
  2. x The password used to be stored in this space. Now, the password is located in /etc/shadow file.
  3. The UID number for this user account (1000)
  4. The GID number is used for the user’s primary group account (1000).
  5. The real name of the user. Usually, it is omitted in taping, and the user ID is used instead.
  6. User home directory
  7. The default shell to run terminal login is (/bin/bash).
Bash
sudo su -  # will take regular user to root and root folder
sudo root # will take regualr user account to root account

Managing Local User Accounts

There are three main command lines for managing user accounts:

  • useradd username – command crates a new username. It configures the home directory and account information. It also creates a private group called username. Once the account is created, user must validate password prior to be able to login.
  • useradd –help
  • usermod –help – basic options to modify existing account.
  • some defaults information about UID and deafalut password aging rules can be found in /etc/login.defs
  • userdel -r username {This flag will remove user account along with any folders tide to this accoount}
  • userdel username – only account is disabled.
  • passwd username – you can assinged new password if you are root user.

usermod command options:

Flag Description
-a Appends the user to the supplementary group(s).
-b Allows names that do not conform to standards.
-c Updates the comment field of the user in /etc/passwd.
-d Changes the login directory for the user.
-e Sets the expiration date for the user account.
-f Sets the minimum number of days between password changes.
-g Changes the primary group for the user.
-G Adds the user to the specified supplementary groups.
-l Changes the login name for the user.
-L Locks the user account.
-m Moves the contents of the user’s home directory to the new home directory.
-p Sets the password for the user.
-s Changes the shell for the user.
-u Changes the user ID (UID) for the user.
-U Unlocks the user account.

UID ranges are a way to organize user account. By Linux design, user accounts are assigned to different ranges based on their purpose. This helps to manage user accounts. The following table shows the typical UID ranges used on Linux systems:

UID range Purpose
0-99 System accounts
100-999 Reserved for dynamic allocation by system administrators and post-install scripts
1000-65533 Regular user accounts
65534-4294967294 Reserved for special use

System accounts are used by system services and daemons. They typically have elevated privileges and should not be used for regular user accounts.

The reserved range of 100-999 is typically used for application users. These are users that are created by software applications, such as web servers and database servers.

Regular user accounts are used by humans to log in to the system. These accounts should have the least amount of privileges necessary for the user to perform their tasks.

The reserved range of 65534-4294967294 is used for special purposes, such as the nobody user. The nobody user is used to run processes that do not need to be associated with a specific user account.

List local users:

Bash
# look up local users:
cat /etc/passwd
# or show last 4
tail -n 4 /ets/passwd

List local groups:

Bash
# show all groups
cat /etc/group
# Shows last 5 groups
tail -n 5 /etc/group

Assigning groups to users:

Bash
#add group
sudo groupadd -g 40043 testgroup
# list groups
tail -n 1 /etc/group
# testgroup:x:40043:
# add users
sudo useradd JoeDoe
# Show user
tail -n 1 /etc/passwd
# JoeDoe:x:1008:1008::/home/JoeDoe:/bin/bash
# modify user groups | adding group:testgroup to user:JoeDoe
sudo usermod -G testgroup JoeDoe
# check if group was added
id JoeDoe
# uid=1008(JoeDoe) gid=1008(JoeDoe) groups=1008(JoeDoe),40043(testgroup)

Password:

Bash
# add password to user account
sudo passwd JoeDoe
# type new password

Permissions:

Bash
$ ls -l 

$ drwxr-xr-x. 1 user1 user1  26 Oct 22 23:52  Documents

File permissions:

[drwxr-xr-x.] d – directory rwx – user r-x – group r-x – others

  • d – directory or - file
  • rwx – user permissions
  • r-x – group permissions
  • r-x – all other user permissions

The 9th bit:

[drwxr-xr-x.]

d– is the 9th bit where file can be:

  • - regular file
  • d directory
  • l links
  • b, c, p and s – special purpose files | hardware

CHOMD – Change mode

Command to change files and directory permissions. When changing permissions, we are changing bits.

Symbolic Permissions Representation:

u, g, o, a – in order: users, group, other, and all

Bash
# remove read and write on file filename
chomd go-rw filename

# adding to all execute on file filename
chomd a+x filename
Numerical Permissions Representation:

-|rwx|r-x|r-x = rwx = 7 | r-x = 5 | r-x = 5

Bash
chmod 755 filename 
# user rwx(7)
# group r-w(5)
# all others r-w(5)

Close Bitnami banner
Bitnami