The control of users and groups is a core element of Red Hat Enterprise Linux system administration. The user of the system is either a human being or an account used by specific application. Users within a group can have read permissions, write permissions, execute permissions or any combination of read, write or execute permissions for files owned by that group. A group is an organization unit typing users together for a common purpose, which can be reading permissions, writing permission, or executing permission for files owned by that group.
Linux Users:
A user or account of a system is uniquely identified by a numerical number called User ID (UID). There are two types of user = the root or Superuser and Normal user. A root or Superuser can access all the files, while the normal user has limited access to files. A superuser can add, delete and modify a user account. In RHEL7 the new users assign the first free UID number available in the range starting from UID 1000 or above. UID 0 is always assigned to the Superuser account, root. UID 1-200 is a range of “System Users” assigned statically to system processes by Red Hat. UID 201-999 is a range of “System Users” used by system processes that
do not own files on the file system. UID 1000+ is the range available for assignment to Regular Users. The full account information is stored in /etc/passwd file and a hash password and account expiration information is stored in the file /etc/shadow.
Linux Group:
Linux group is a mechanism to organize a collection of users. Like the User ID, each group is also associated with a unique ID called the GID (group ID). There are two types of groups – a primary group and a supplementary group.
Primary Group:
By default, whenever we create user account a new group with the same user name will be created. This group is called primary group of the user. You can associate the user with extra groups using the usermod command. Every user has exactly one primary group. The primary group is used by default when creating new files of directories, modifying files, or executing commands. Primary Group information is specified in the /etc/passwd file.
Supplementary group
Supplementary group or Secondary Group are groups you are a member of beyond your primary group. Each user is a member of a primary group and of zero or ‘more than zero’ supplementary groups. The group information is stored in the last field of the group’s entry /etc/group and the respective password are stored in the /etc/gshadow file.
su command:
The su command stands for Super User. It executes with no additional options. The user just needs to add root account password. In the terminal, su also lets you access any other user account using the required password. That’s why su also stands for substitute user or Switch User. Simply type su followed by the user account name.
Sudo command:
sudo runs a single commands with root permission. It stands for “Super User Do” The sudo command allows a user to be permitted to run a command as root, or as another user, based on setting in the /etc/sudoers file. The best and safest way to edit this file is by using the visudo command. Sudo is much better than logging in as root, or using the su “Switch User” command.
GUI Tool to Manage Users and Groups:
The user Manager application allows you to view, modify, add and delete local users and groups in the graphical user interface. To start the user Manager application.
Application> Sundry> User and Groups. or, type system-config-users at the shell prompt.
| simple add user account [root@asim ~]# adduser abc1 |
| Add user with caption name [root@asim ~]# adduser -c normal-user abc2 |
| Add user with password [root@asim ~]# adduser -p 12345678 abc3 |
| To see user default details root@asim ~]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes |
| add user with password and caption [root@asim ~]# adduser -p 12345678 -c normal-user2 abc4 |
| Creating username with user id [root@asim ~]# useradd abc6 -u 1010 |
| Modified user account caption [root@asim ~]# usermod -c first-user abc1 |
| Modified user account password [root@asim ~]# usermod -p 12345678 abc2 |
| Lock user account [root@asim ~]# usermod -L abc3 |
| Unlock user account [root@asim ~]# usermod -U abc3 |
| Modified user ID [root@asim ~]# usermod -u 1011 abc4 |
| Set password on user abc1 [root@asim ~]# passwd abc1 |
| Lock password of user account [root@asim ~]# passwd -l abc1 |
| Unlock user account password [root@asim ~]# passwd -u abc1 |
| Delete user account password [root@asim ~]# passwd -d abc1 |
| To see the ID of the user [root@asim ~]# id abc1 uid=1001(abc1) gid=1001(abc1) groups=1001(abc1) [root@asim ~]# id abc2 uid=1002(abc2) gid=1002(abc2) groups=1002(abc2) |
| Show last logins of users [root@asim ~]#last |
| Add group to the system [root@asim ~]# groupadd xyz1 |
| Delete a group to the system [root@asim ~]# groupdel xyz1 |
| To modify groups [root@asim ~]# groupmod xyz1 |
| To rename the group name [root@asim ~]# groupmod -n xyz2 xyz1 |
| Change Group ID [root@asim ~]# groupmod -g 1021 xyz2 |
| Add user to group member [root@asim ~]# groupmems -a abc1 -g xyz1 |
| List the member of the group [root@asim ~]# groupmems -l -g xyz1 |
| Delete user from member of group [root@asim ~]# groupmems -d abc1 -g xyz1 |
| User account details location [root@asim ~]# tail /etc/passwd postfix:x:89:89::/var/spool/postfix:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin cms:x:1000:1000:cms:/home/cms:/bin/bash apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin abc1:x:1001:1001:first-user:/home/abc1:/bin/bash abc2:x:1002:1002:normal-user:/home/abc2:/bin/bash abc3:x:1003:1003::/home/abc3:/bin/bash abc4:x:1011:1004:normal-user2:/home/abc4:/bin/bash abc5:x:1005:1005::/home/abc5:/bin/bash abc6:x:1010:1010::/home/abc6:/bin/bash |
| Password database location [root@asim ~]# tail /etc/shadow postfix:!!:18059:::::: tcpdump:!!:18059:::::: cms:$6$GOHH.OxaaMk93f7L$qnoTmCDuXbuuBhCqy3eRYlIjqPovG8zraTwt.5wC/070bV7gSqoHk8VNPkmD020Rkd/lTt6Ee3ohinnUoQo2p1::0:99999:7::: apache:!!:18073:::::: abc1::18075:0:99999:7::: abc2:12345678:18075:0:99999:7::: abc3:12345678:18075:0:99999:7::: abc4:12345678:18075:0:99999:7::: abc5:!!:18075:0:99999:7::: abc6:!!:18075:0:99999:7::: |
| Group database location [root@asim ~]# tail /etc/group cms:x:1000:cms apache:x:48: abc1:x:1001: abc2:x:1002: abc3:x:1003: abc4:x:1004: abc5:x:1005: abc6:x:1010: xyz2:x:1021: xyz1:x:1022: |
| Group password database location [root@asim ~]# tail /etc/gshadow cms:!!::cms apache:!:: abc1:!:: abc2:!:: abc3:!:: abc4:!:: abc5:!:: abc6:!:: xyz2:!:: xyz1:!:: |
| Install GUI user and group management [root@asim ~]# yum install system-config-user |
| Graphical users and group management [root@asim ~]#system-config-users |
