5. User and Group Management and Permissions

Creating Users

Users are a entity in Linux system that are provided certain permissions to access resources. Users can be service accounts as well.

Let's create a user in the wheel group, so he/she can use that with sudo.

  • Usually, useradd is used in Red Hat systems for creating users.

useradd -c "the friend" -G wheel amit; passwd -e amit

  • Usually, adduser username is used for Debian (or Ubuntu) based systems.

Adding Groups

Note:

If you are setting up user environment for users, and

  • If you know in advance that these people need to be member of certain groups, start by creating groups first and it is easier to assign to users to the group.

  • If you create the users first then you need to modify the users to assign to those groups which involves a little more work.

# groupadd groupname
‚Äč
groupadd marketing
groupadd sales

Adding a user to a supplementary (secondary) group:

  • -a => appends to

  • -G => a new list of groups

Getting more info about a user

Understanding Default to New User

When creating a new user, default settings are applied that come from different sources:

  • useradd -D can be used from the command line

  • /etc/login.defs is used as the default configuration file

  • /etc/skel contents is copied to user home directory upon user creation

    • So, if you create a new file company-policy.pdf in this directory, every subsequent users created afterwards will get the company-policy.pdf along with other files in the users home directory.

  • Linux does not offer an easy solution to apply new defaults to previously created users. (but it is possible using some scripting)

useradd -D shows the default settings:

It is kind of an old method and sometimes gives unreliable information. The best way to check the setting is to check /etc/login.defs.

The useradd -D comes from /etc/default/useradd:

You can change this file as per your requirement:

Looking at the /etc/login.defs file

Below we have PASS_MAX_DAYS 99999 to 99:

Now you can see the setting applied as I created a new user:

Notice 99
  • Also notice that !! means no password set yet.

Managing Password

echo password | passwd --stdin username

LAB

LAB SOLUTION

Let's tackle the Lab in a different order. Let's start by 1. setting their passwords to expire after 60 days in: vim /etc/login.defs

  • Changing the password from 99 days to 60 days

2. Ensuring all these users get a home directory in /home.

  • By default, /home directory is set for new users.

  • If it is not set, please change it here: sudo vim /etc/default/useradd

3. Adding three groups namely sales, accounts, and users. Ignore in my case the groups already exist:

Adding groups

4. Creating users and adding to the groups:

Setting a password as password

However, there is a fancier way of doing the same for many users at once: