Linux Accounts & Groups (Users & Permissions)
User categories
Superuser (root) - unrestricted permissions. Is used for administrative tasks.
Regular user - user we create to login.
Service user - relevant to Linux Server Distros. Each service will get its own user. Best practice for security.
Don't run services with root user.
Manage users and groups
/etc/passwd - list of users. Stores user account information. Everyone can read it, but only root user can change the file. USERNAME : PASSWORD : UID : GID : GECOS : HOMEDIR : SHELL. Password: x means, that encrypted password is stored in /etc/shadow file. UID - user id. GID - group id. GECOS - general information about the account or its user. HOMEDIR - user's home directory path. SHELL - Absolute path of a shell.
sudo adduser <username> - create a new user.
sudo addgroup <groupname> - create a new group.
/etc/group - list of groups.
adduser, addgroup is more user-friendly and for manual work. useradd, groupadd - is more low-level, works with parameters. Used in scripts.
usermod [OPTIONS] <username> - modify a user account.
sudo usermod -g devops tom- add user tom to devops group.sudo delgroup groupname- remove group.sudo usermod -G group1,group2 tom- add user to multiple groups.-G- override all secondary groups.-aG- add as addition to existing ones.usermod -aG sudo<username> - add user to sudo usergroup.
groups - show all groups for logged-in user.
groups <username> - show specific user groups.
su - <username> - switch to user account.
exit - logout from user to the previous session.
User permissions
sudo chown <username>:<groupname> <filename> - change ownership.
sudo chown <username> <filename> - change only for user.
sudo chgrp <groupname> <filename> - change for group.
sudo chmod u+x <filename> - add executable permission for user.
u - for user/owner
g - for group
o - for other
a - for all
-- remove permission
Last updated
Was this helpful?
