As a system administrator, managing users and groups is a crucial task. It allows you to control who has access to your system and what they can do on it. In this blog, we will explore how to manage users and groups in Debian-based distros such as Ubuntu, Linux Mint, and others.
Basics of User and Group Management
In a Linux system, every user belongs to a group. The group can be the primary group of the user, or the user can be a member of multiple secondary groups. When a user creates a new file or directory, they are the owner of that file, and the group ownership is set to the user’s primary group.
Most people know that the adduser command is used to add a new user to the system. But did you know that you can also specify the user’s primary group using the --gid option? For example:
sudo adduser --gid sudo newuser
This command will create a new user newuser and set their primary group to sudo, which is a group that has superuser privileges.
Another important thing to keep in mind when managing users and groups is file permissions. File permissions determine who can read, write, and execute a file. By default, the owner of a file has read and write permissions, and the group and others have only read permission. You can use the chmod command to change the file permissions. For example:
chmod 755 file.txt
This command will give read, write, and execute permissions to the owner, and read and execute permissions to the group and others.
5 Tips
- Use
sudoinstead of logging in as the root user. The root user has unlimited access to the system, and any mistake can cause serious damage. By usingsudo, you can execute commands as the root user without logging in as the root user. - Use the
sudogroup to grant superuser privileges to selected users. Instead of adding thesudocapability to individual users, you can create asudogroup and add users to that group. This allows you to easily manage superuser access for multiple users. - Use the
visudocommand to edit thesudoersfile. Thesudoersfile determines who can use thesudocommand and what they can do with it. Editing this file directly can be risky, as any mistake can prevent you from usingsudoaltogether. Thevisudocommand edits the file in a safe way and checks for syntax errors. - Use the
chowncommand to change the owner and group of a file or directory. This is useful when you want to transfer ownership of a file to another user or group. - Use the
chgrpcommand to change the group of a file or directory. This is useful when you want to change the group ownership of a file without changing the owner.
Examples
# Add a user
adduser <username>
# Add a group
addgroup <groupname>
# Create a user
useradd <username>
# Create a group
groupadd <groupname>
# Add a user to a group
usermod -a -G <groupname> <username>
# Delete a user
userdel <username>
# Delete a group
groupdel <groupname>
# Change the password for a user
passwd <username>
# Rename a user
usermod -l <newusername> <oldusername>
# Change the home directory for a user and move their content
usermod -d /home/<newhomedir> -m <username>
# Add a user to a group
gpasswd -a <username> <groupname>
# Remove a user from a group
gpasswd -d <username> <groupname>
# Show the user and group information for a user
id <username>
# Show the groups a user is in
groups <username>
# Change the owner of a file
chown <username>:<groupname> <file>
# Change the group of a file
chgrp <groupname> <file>
Challenge
Try creating a new user and adding them to the sudo group. Then, use the visudo command to allow the user to execute any command as the root user. Test that the user can use the sudo command by running a command that requires superuser privileges, such as apt update.
