User management
User management in Linux is the process of creating, modifying, and deleting user accounts on a Linux system. This is typically done by system administrators to control access to the system and its resources.
Here are the basic steps for user management in Linux:
Creating a user account:
To create a user account, use the "useradd" command followed by the username. You can also specify additional options such as the user's home directory and shell.
useradd <username>#create a user account:
Setting a password:
After creating a user account, set a password using the "passwd" command followed by the username. You will be prompted to enter the new password twice.
passwd <username> #create a user account password
Modifying user accounts:
To modify a user account, use the "usermod" command followed by the username. You can use this command to change the user's home directory, shell, and other account settings.
Change the user's home directory: To change the home directory for a user, use the
-d
option followed by the new directory path. For example, to change the home directory for the user "john" to "/home/john/newhome", use the following command:sudo usermod -d /home/john/newhome john
Change the user's login shell: To change the default login shell for a user, use the
-s
option followed by the path to the new shell. For example, to change the default shell for the user "john" to "/bin/bash", use the following command:sudo usermod -s /bin/bash john
Lock or unlock a user account: To lock a user account, preventing them from logging in, use the
-L
option followed by the username. To unlock a locked account, use the-U
option. For example, to lock the user "john", use the following command:sudo usermod -L john
Change the user's group: To change the primary group for a user, use the
-g
option followed by the name or ID of the new group. For example, to change the primary group for the user "john" to "sales", use the following command:sudo usermod -g sales john
Add the user to a secondary group: To add a user to a secondary group, use the
-aG
option followed by the name or ID of the group. For example, to add the user "john" to the group "developers", use the following command:sudo usermod -aG developers john
Deleting user accounts:
To delete a user account, use the "userdel" command followed by the username. You can also choose to delete the user's home directory and files using the "-r" option.
Here are the basic steps to delete a user account:
Log in to your Linux system as a user with root or sudo privileges.
Open a terminal window and type the following command to delete the user account:
sudo userdel username #only deletes the user account and its home directory. sudo userdel -r username #delete all files owned by the user
Confirm the deletion of the user account by typing "Y" when prompted.
Do you really want to remove the user? [Y/n] #Confirm the deletion of the user account by typing "Y" when prompted. sudo userdel -f username #If you don't want to be prompted for confirmation, use the -f option
After the user account has been deleted, you can verify that it has been removed by typing the following command:
id username
In addition to these basic steps, Linux provides several tools and utilities for managing user accounts and access to the system. These include:
Groups: Linux allows users to be grouped together to simplify access control. You can use the "groupadd" command to create a new group and the "usermod" command to add or remove users from a group.
Permissions: Linux uses a permission system to control access to files and directories. You can use the "chmod" command to modify file permissions and the "chown" command to change the owner and group of a file.
sudo: The "sudo" command allows users to perform administrative tasks on a Linux system. By default, only the root user can perform these tasks, but you can grant sudo access to other users.
Group Management
In Linux, you can manage groups using several commands. Here are some of the commonly used commands:
groupadd
: This command is used to create a new group. The syntax is as follows:sudo groupadd groupname
Replace "groupname" with the name of the new group.
groupdel
: This command is used to delete an existing group. The syntax is as follows:sudo groupdel groupname #delete group account
Replace "groupname" with the name of the group to be deleted.
gpasswd
: It is a Linux command that is used to manage group passwords. It can be used to create, modify, and delete groups as well as to add or remove users from a group.sudo gpasswd -a username groupname #add single memeber in group sudo gpasswd -M username1,username2,username3 groupname #add multiple member in group sudo gpasswd -d username groupname #remove member in group sudo gpasswd -r groupname #Removes the password for a group sudo gpasswd -R groupname # restrict the access to the named group sudo gpasswd -R root# Changes the root directory for the group to root sudo gpasswd -A username groupname #make member admin
groupmod
: This command is used to modify an existing group. Some of the common options are:-n
: This option is used to change the name of a group. The syntax is as follows:sudo groupmod -n newgroupname oldgroupname
Replace "newgroupname" with the new name of the group, and "oldgroupname" with the old name of the group.
-g
: This option is used to change the GID (group ID) of a group. The syntax is as follows:sudo groupmod -g newgid groupname
Replace "newgid" with the new GID, and "groupname" with the name of the group.
groups
: This command is used to display the groups a user belongs to. The syntax is as follows:groups username
Replace "username" with the name of the user.
usermod
: This command is used to modify the groups a user belongs to. The-a
option ensures that the user is added to the group without removing them from any other groups, and the-G
option specifies the group to add the user to.sudo usermod -a -G groupname username sudo usermod -G group1,group2,... username
Replace "groupname" with the name of the group to add, and "group1,group2,..." with the list of groups (including the one to be removed) separated by commas. Replace "username" with the name of the user.
These are some of the commonly used commands for group management in Linux. Remember to use sudo
before the commands to run them with root privileges.
File Permission
In Linux, file permissions determine who can access, read, write, or execute files. There are three types of permissions: read (r), write (w), and execute (x). File permissions are represented by three groups of characters: the user permissions, the group permissions, and the others permissions.
Reading file permissions:
To view the file permissions of a file, you can use the
ls
command with the-l
option. This will display a long listing of the file, including its permissions, owner, group, size, and modification date.ls -l filename #check file permission ls -l mydir/ #
The output of this command will look something like this:
-rw-r--r-- 1 user group 1024 Mar 24 09:30 filename
The first character (
-
) represents the file type (in this case, a regular file), and the next nine characters represent the file permissions. The first three characters represent the user permissions, the next three represent the group permissions, and the last three represent the others permissions. In this example, the user has read and write permissions, and the group and others have only read permissions.Setting file permissions:
To set file permissions, you can use the
chmod
command. The basic syntax of thechmod
command is:chmod [permissions] filename
Replace
[permissions]
with the desired permissions, andfilename
with the name of the file you want to modify.Each of the three “rwx” characters refers to a different operation you can perform on the file.
The ‘r’ means you can “read” the file’s contents.
The ‘w’ means you can “write”, or modify, the file’s contents.
The ‘x’ means you can “execute” the file. This permission is given only if the file is a program.
If any of the “rwx” characters is replaced by a ‘-‘, then that permission has been revoked.--- --- --- rwx rwx rwx user group other
Here are some of the commonly used commands to manage file permissions in Linux:
chmod
: This command is used to change the permissions of a file or directory. The syntax is as follows:sudo chmod permissions filename/directoryname
Replace "permissions" with the new permissions you want to set, and "filename/directoryname" with the name of the file or directory you want to modify. Here are some examples of how to use the
chmod
command:To give the owner of a file read, write, and execute permissions, and remove all permissions for the group and others:
sudo chmod 700 filename
To give the owner of a file read and write permissions, and give the group and others read-only permissions:
sudo chmod 644 filename
To give the owner of a directory read, write, and execute permissions, and give the group and others read and execute permissions:
sudo chmod 755 directoryname
chown
: This command is used to change the owner and group of a file or directory. The syntax is as follows:sudo chown newowner:newgroup filename/directoryname
Replace "newowner" with the name of the new owner, "newgroup" with the name of the new group, and "filename/directoryname" with the name of the file or directory you want to modify.
chgrp
: This command is used to change the group of a file or directory. The syntax is as follows:sudo chgrp newgroup filename/directoryname
Replace "newgroup" with the name of the new group, and "filename/directoryname" with the name of the file or directory you want to modify.
These are some of the commonly used commands for file permission management in Linux. Remember to use
sudo
before the commands to run them with root privileges.
There are a few different ways to specify permissions:
Numeric mode: This method assigns a number to each permission. The numbers are calculated by adding up the values of the desired permissions. For example, read permission is 4, write permission is 2, and execute permission is 1. To assign read and write permissions to the user, and read-only permissions to the group and others, the command would be:
chmod 644 filename
Symbolic mode: This method uses letters to represent the permissions. The letters are
u
for user,g
for group, ando
for others. The lettersr
,w
, andx
represent read, write, and execute permissions, respectively. For example, to give the user read and write permissions, and remove execute permissions for the group and others, the command would be:chmod u+rw,g-x,o-x filename
Access control list (ACL)
In Linux, ACL (Access Control List) is a mechanism that allows you to set more fine-grained permissions on files and directories beyond the standard UNIX permission system. ACLs allow you to grant permissions to specific users or groups, as well as to set default permissions that apply to newly created files and directories.
To work with ACLs in Linux, you'll need to use the
setfacl
andgetfacl
commands. Here's how to use these commands:View ACLs for a file or directory:
To view the ACLs for a file or directory, you can use the
getfacl
command with the filename or directory name as the argument. For example:getfacl myfile.txt
The output of this command will show the current ACLs for the file, including any permissions that have been granted to specific users or groups.
Set ACLs for a file or directory:
To set ACLs for a file or directory, you can use the
setfacl
command with the appropriate options and arguments. The basic syntax of thesetfacl
command is:setfacl [options] filename
Replace
[options]
with the desired options andfilename
with the name of the file or directory you want to modify.Some commonly used options with the
setfacl
command are:-m
: Modify ACLs for the specified file or directory.-x
: Remove the specified ACL entry from the file or directory.-d
: Set the default ACLs for the specified directory.
For example, to grant read and write permissions to the user "jdoe" on a file named myfile.txt
, you would use the following command:
setfacl -m u:jdoe:rw myfile.txt
This command adds a new ACL entry that grants read and write permissions to the user "jdoe" on the file myfile.txt
.
To set default ACLs for a directory named mydir
, you would use the following command:
setfacl -d -m u:myuser:rwx mydir
This command sets the default ACLs for the mydir
directory to grant read, write, and execute permissions to the user "myuser".
Remove ACL permission from a file or directory
To remove ACL (Access Control List) permission from a file or directory in Linux, you can use the
setfacl
command with the-x
option followed by the user or group for which you want to remove permissions.setfacl -x u:user filename
Replace
filename
with the name of the file or directory from which you want to remove all ACL permissions.For example, if you want to remove the read and write permission for a user named
jdoe
from a file namedmyfile.txt
, you can use the following command.setfacl -x u:jdoe myfile.txt
This command removes the specified ACL entry for the user
jdoe
from themyfile.txt
file.Remove all ACL permissions
To remove all ACL permissions, you can use the
-b
option with thesetfacl
command as follows:setfacl -b filename #for file setfacl -b /directoryname #for directory
For example, if you want to remove all ACL permissions from a file named myfile.txt
, you can use the following command:
setfacl -b myfile.txt #for file
setfacl -b /mydir #for directory
This command removes all the ACL entries from the myfile.txt
file, effectively resetting the file's permissions to the default UNIX permissions.
To be continue......