Linux User Administration - Basics

In this post, I will be discussing about Linux User Account and its administrations covering creating user accounts, adding the user to user's groups and granting permissions.

If you have just setup your Linux system, you may still be using root account to log in. The root account has superuser access which other users don't have and therefore, it gives you complete control over the system. This is not a good practice to use root account for everyday use as a small  mistake can render the system completely unusable or a compromised root account can grant superuser access to a hacker. Hence, it is not advisable to continue using the system using root account for everyday job regardless of whether or not you are the only user in the system.

Linux is a robust multi-user system but users are not automatically added. However, some accounts are created during Linux installation apart from root account and are meant to be used by system only. It is also highly advised not to touch those user accounts meant for system use. Using user accounts automatically created at the time of installation for the system use might cause serious problem if those accounts are altered.

So now lets get started and learn how to create User Account in Linux system using Terminal/console and some basic administrative jobs such as setting permissions and user's group.

 

USER ADMINISTRATION


In order to create a user account in Linux using console, you only need two programs
1. useradd  - is used to setup the basic account
2. passwd  - is used to set password for that account.

Syntax:
useradd [options] LOGIN
useradd -D
useradd -D [options]

 

STEPS:


1. Open the Terminal if your are using GUI in Linux. If you are configuring or setting up Linux Server, you may already be in command line prompt.
 
2. Type useradd rakesh and hit Enter  :  Although, the useradd command has lot of options but the username is only mandatory. After this command is run, rakesh will have a home directory in /home/rakesh, will be assigned to rakesh group by default and gets the next available user ID number. The home directory is the place where a user starts immediately after successful log in and stores his/her files. Every user has full permission to write, modify or delete any files in his own home directory and other users can only read files from other user's home directory by default.
 
3. useradd -d /home/rkhome rakesh  :  This command will create /home/rkhome as the home directory for rakesh user account. As you can see, I have used -d in this case to change the default home directory. You must remember that all options have to be passed before the username is entered as shown in the example.
 
4. useradd -s shellname rakesh  :  This command is used to change the default shell. In most cases, you don't need to change this. Shell is program that provides communication between a user and the Linux/Unix Kernel. By default, /bin/bash is used in Linux.

 

GROUP ADMINISTRATION


Group administration is the major part if you are administering Linux system. Groups allow for permission to be set on files so that different type of access is permitted on different files. By default, every user in a Linux system is a member of at least one group. But any user can be member of more than one groups.

Checking File's User and Group  Details-
Type the following in the terminal and press Enter -

#ls -al readme
-rw-r--r-- 1 rakesh rakesh 1024 May 23 18:55 Readme
 
In the above example, the owner of the readme file is rakesh who is member of group rakesh which was created by the system at the time when user rakesh was created.

Understanding File Permissions -
There are total ten characters in the beginning. It is very important to understand them which eventually tells us permission details of the file. The most important one is the very first character - in this case, it is just a "-" which tells us that it is just a file. It can also read - d for directory, b for block device, c for character device and l for link.

The remaining nine (9) characters are grouped as a set of three (3) each.
1. First set of three(3) characters shows the permission for user,
2. Next three(3) for group permission and
3. Last three(3) characters are for every other user on the system.

Now, lets discuss each bit of the three(3) characters. It reads like this - r for read, w for write and x for executable. The x means - file would be executable (program or script of some sort).

 

ADD/REMOVE PERMISSION OF FILE


As you can see in the above example - being owner of the file, user has permission to write. This means user can change the permission of this file and grant any other user permission to write. You can achieve this by chmod command.
 
The syntax of this command is -
chmod {a, u, g, o} {+, -} {r, w, x} filename

chmod requires four(4) arguments-

Argument 1: Who will be affected by the new permission - a stands for all users; u for current user; g for group; o for other users who is not member of the user's group.

Argument 2: + adds access and - removes access
 
Argument 3: r stands for read access; w for write access; and x for execute access for programs or scripts file.
 
Argument 4: This is the name of the file which you want to change permission for.

Example:
 
# chmod a+w readme
 
Lets verify the permission of file "readme" after you have implemented the permission on the file:
 
#ls -al readme
-rw-rw-rw- 1 rakesh rakesh 1024 May 23 19:15 Readme
 
You can in the above example that write permission has been added to the group's user and every other users in the system.

 

NUMERICALLY ASSIGN PERMISSION


It is also possible to use numeric value to change the permission on the file. It done by using four(4) digit numeric code.
 
- First number: is always zero so there is no need to include this.
- Last three (3) digits corresponds to User, Group and everybody else respectively.
 
Each digit can have value of 0 - 7 and is derived from adding the numbers 0, 1, 2 and 4.
- 0 adds no permission
- 1 adds executable permission (x)
- 2 adds write permission (w)
- 4 adds read permission (r)
 
These numbers are added together to set the permission of a file.
Lets analyze -
4 (read) + 1 (executable)  = 5 which means file will have read and execute permission.
1 (executable) + 2 (write) + 4 (read) = 7 which means file will have read, write and execute permission.

Example:
#chmod 755 readme   : readme file in this example will be readable, writable and executable by the owner of the file and readable and executable by group members and any other user on the system.

 

NOTES:


- root group only has one member in its group - root account. However, there are some other group such as bin, daemon, sys, and adm which are used by system processes and should not be touched in any case.
 
- Using asterisk (*) in password field disables any other user becoming a member of the root group -
Original -  root::0:root     changed - root:*:0:root   - This disable any other user becoming member of root group.
 
- A user can be member of more than one group.

- Every user in the system has unique User ID number and the system keep track of each users by their respective ID number not by name. If you have only one Linux system, this doesn't matter but if you are operating more than one Linux system, it is good to keep each user's ID same on all the machines across the network to keep the networking aspects easier to configure.
 
- Want to create multiple user account and place certain files in each user's home directory -
use -m flag. The file to be copied should be located in the /etc/skel directory but the -m flag should be followed by a -k flag if files are located at different location.
 
- Want to setup an account with password and with expiry limit which forces the user to change password frequently. Failure to do so will lock the account permanently : - Use -f flag followed by 0 to enable immediately and -1 to disable this feature. This is disabled by default.
 
- Create user account for pre-defined period of time: use -e flag followed by expiry date (MM/DD/YY)

- Create User account with password : - use -p flag followed by desired password

- Important thing to remember is that a user created without password cannot login to the system -  passwd command is used to change password. The root user has to type passwd followed by username to change the password for that user otherwise it changes the password for current user.
 
- passwd command changes the password in the password file in /etc/passwd and details of /etc/passwd file are as follows: -
  • Username
  • encrypted password
  • User ID number
  • Group ID number which should match the ID number written in /etc/group. If it doesn't match, there is something wrong and you need to look into it.
  • Name of the user: It can added at the time of user creation or later on by the system administrator.
  • User's home directory
  • Default Shell - it is usually /bin/bash. Other choices could be /bin/tcsh or /bin/csh
- File Name: /etc/group will have following information -
  • Name of the group
  • Place for password
  • Group ID (GID)
  • Members in each group

No comments:

Post a Comment

Commonly Used Abbreviations Used Daily

Although, we tend to use short form of long words in daily life but there are many abbreviations which we don't remember. Below is the l...