Navigating Linux OS users & group Management.

Navigating  Linux OS users & group Management.

What user & Group means in Linux operating system?

User A user is an entity, in a Linux operating system, that can manipulate files and perform several other operations. Each user is assigned an ID that is unique for each user in the operating system

Group A group is a collection of users. The main purpose of the groups is to define a set of privileges like read, write, or execute permission for a given resource that can be shared among the users within the group.

A Note on Superuser Permissions

Adding a new user involves dealing with an account other than your own which requires superuser (aka root) privileges. The same applies to other user or group management tasks, such as deleting an account, updating accounts and creating/removing groups.

These operations are performed using the following commands:

  • adduser: add a user to the system.
  • userdel: delete a user account and related files.
  • addgroup: add a group to the system.
  • delgroup: remove a group from the system.
  • usermod: modify a users account.
  • sudo: run one or more commands as another user (typically with superuser permissions).Superuser permissions can be gained either by changing to the root user with the su command or using sudo.

User & groups management Linux operating system 1.adding/deleting users and assigning password

use " sudo useradd/( useradd -m) [user-ID] " to add a user and "sudo passwd [user-ID] " to create a password for the user.

 sudo useradd frank 
[sudo] password for root: 
~ sudo passwd frank 
New password: 
Retype new password: 
passwd: password updated successfully
 sudo userdel frank
 

2.adding & deleting groups use " sudo groupadd [group-ID] " to add a group and "sudo delgroup [group-ID] " to delete a group.

  sudo groupadd students
  sudo delgroup teacher
Removing group `teacher' ...
Done.

Assigning users to groups

use " sudo usermod -a -G [group-ID] [user-ID] "

  sudo usermod -a -G teacher divine 

3.File permission Management

The superuser do command allows a user/owner using root permission to grant or denial certain users access to files/folder.

File permission in Linux OS can be done two(2) ways;

  1. Using chown(Change file ownership) & chmod(Change file modification)

2.Using file Access control lists(FACL)

NB: For each of the above methods to grant permissions to user, a target file/folder must be available.

  • using chown & chmod *
     sudo chown -R :teacher results    
     ls -l                         
    total 8
    drwxrwxr-x  3 root    1019 4096 Apr  2 04:12 assignment
    drwxrwxr-x+ 3 root teacher 4096 Jul 22 09:53 results
     
    

To grant specific accesiblity rights to a file/folder(r|w|x r= read ;w=write; x=execute).

 sudo chown -R :student assignment 

sudo chmod -R g+rwx assignment

ls -l total 8 drwxrwxr-x 3 root student 4096 Apr 2 04:12 assignment drwxrwxr-x+ 3 root teacher 4096 Jul 22 09:53 results

using file Access control lists(FACL)

 sudo setfacl -m g:women:rwx -R /results
setfacl: /results: No such file or directory
 sudo setfacl -m g:women:rwx -R results 
 sudo getfacl results
# file: results
# owner: root
# group: 1013
user::rwx
group::rwx
group:women:rwx
group:1019:rwx
mask::rwx
other::r-x

To set permision to null "rwx" is set as "---"

 sudo setfacl -m g:women:--- -R results
 sudo getfacl results                   
# file: results
# owner: root
# group: 1013
user::rwx
group::rwx
group:women:---
group:1019:rwx
mask::rwx
other::r-x

conclusion

Since Linux is a multi-user operating system, several people may be logged in and actively working on a given machine at the same time. Security-wise, it is never a good idea to allow users to share the credentials of the same account. In fact, best practices dictate the use of as many user accounts as people needing access to the machine,Hence ability to manage users is key.

Did you find this article valuable?

Support Ikeh Chidimma by becoming a sponsor. Any amount is appreciated!