What user & Group means in Linux operating system?
User A user is an entity, in a Linux operating system, that can manipulate files and perform several other operations. Each user is assigned an ID that is unique for each user in the operating system
Group A group is a collection of users. The main purpose of the groups is to define a set of privileges like read, write, or execute permission for a given resource that can be shared among the users within the group.
A Note on Superuser Permissions
Adding a new user involves dealing with an account other than your own which requires superuser (aka root) privileges. The same applies to other user or group management tasks, such as deleting an account, updating accounts and creating/removing groups.
These operations are performed using the following commands:
- adduser: add a user to the system.
- userdel: delete a user account and related files.
- addgroup: add a group to the system.
- delgroup: remove a group from the system.
- usermod: modify a users account.
- sudo: run one or more commands as another user (typically with superuser permissions).Superuser permissions can be gained either by changing to the root user with the su command or using sudo.
User & groups management Linux operating system 1.adding/deleting users and assigning password
use " sudo useradd/( useradd -m) [user-ID] " to add a user and "sudo passwd [user-ID] " to create a password for the user.
➜ sudo useradd frank [sudo] password for root: ➜ ~ sudo passwd frank New password: Retype new password: passwd: password updated successfully ➜ sudo userdel frank
2.adding & deleting groups use " sudo groupadd [group-ID] " to add a group and "sudo delgroup [group-ID] " to delete a group.
➜ sudo groupadd students ➜ sudo delgroup teacher Removing group `teacher' ... Done.
Assigning users to groups
use " sudo usermod -a -G [group-ID] [user-ID] "
➜ sudo usermod -a -G teacher divine
3.File permission Management
The superuser do command allows a user/owner using root permission to grant or denial certain users access to files/folder.
File permission in Linux OS can be done two(2) ways;
- Using chown(Change file ownership) & chmod(Change file modification)
2.Using file Access control lists(FACL)
NB: For each of the above methods to grant permissions to user, a target file/folder must be available.
- using chown & chmod *
➜ sudo chown -R :teacher results ➜ ls -l total 8 drwxrwxr-x 3 root 1019 4096 Apr 2 04:12 assignment drwxrwxr-x+ 3 root teacher 4096 Jul 22 09:53 results
To grant specific accesiblity rights to a file/folder(r|w|x r= read ;w=write; x=execute).
➜ sudo chown -R :student assignment➜ sudo chmod -R g+rwx assignment
➜ ls -l total 8 drwxrwxr-x 3 root student 4096 Apr 2 04:12 assignment drwxrwxr-x+ 3 root teacher 4096 Jul 22 09:53 results
using file Access control lists(FACL)
➜ sudo setfacl -m g:women:rwx -R /results setfacl: /results: No such file or directory ➜ sudo setfacl -m g:women:rwx -R results ➜ sudo getfacl results # file: results # owner: root # group: 1013 user::rwx group::rwx group:women:rwx group:1019:rwx mask::rwx other::r-x
To set permision to null "rwx" is set as "---"
➜ sudo setfacl -m g:women:--- -R results ➜ sudo getfacl results # file: results # owner: root # group: 1013 user::rwx group::rwx group:women:--- group:1019:rwx mask::rwx other::r-x
conclusion
Since Linux is a multi-user operating system, several people may be logged in and actively working on a given machine at the same time. Security-wise, it is never a good idea to allow users to share the credentials of the same account. In fact, best practices dictate the use of as many user accounts as people needing access to the machine,Hence ability to manage users is key.