Users and Groups

Every user is assigned a unique user ID Number (UID).
 UID 0 identifies root..
user account normally start at UID 500.
 users names and UID are stored in /etc/passdw file.
 users are assigned a home directory and a program that is run when they login in.
 Users cannot read, write or execute each other's files without permission.

users are assigned to groups
each group is assigned a unique group ID number (GID)
GIDs are stored in /etc/group file.
each user is given their own private group
can be added to other groups for additional access
all users in a group can share files that belong to the group

User configuration file Directory and files description-

the user's own home directory
the password for a user
the group to which the user belongs
encrypted password file
encrypted password file for group

For Example-

User Command
#useradd username
Create a user
#passwd password
Set user password
Modify a user account
#usermod -c name username
To change the user name
#usermod -d full path_of_directory username
#usermod -d /aa username
To change the user home directory
#usermod -l newusername oldusername
If you want to change user log in name
#usermod -L username
If you want to lock the user
#usermod -U username
If you want to unlock the user
#userdel username
To delete a user
#userdel -r username
To delete a user home directory
Group Command
#groupadd groupname
To create a group
#groupdel groupname
To delete a group
#usermod -G groupname username
To add a user in the group
#groupmod -n newgroupname oldgroupname
To change the groupname
#chage -l username
If you want to see password policy for a user
#chage -E yy-mm-dd username
To change the account expire date
#chage -m 10 username
If you want to change the password permission

Understanding /home File -
A home directory is a file system directory on a multi-user-operating system containing files for a given user
of the system. The specifics of the home directory (such as its name and location) is defined by the operating system

Understanding /etc/passwd File Format-

#cat /etc/passwd

 1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4. Group ID (GID): The primary group ID (stored in /etc/group file)
 5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Understanding /etc/group File Format-
#cat /etc/group

 1. group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field.
2. Password: Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups.
3. Group ID (GID): Each user must be assigned a group ID. You can see this number in your /etc/passwd file.
4. Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.

Understanding /etc/shadow File Format-
 #cat /etc/shadow

 1. User name : It is your login name
2. Password: It your encrypted password. The password should be minimum 6-8 characters long including special characters/digits
3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
7. Inactive : The number of days after password expires that account is disabled
 8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used

Understanding /etc/gshadow File Format-

#cat /etc/gshadow

 1. Group name — The name of the group. Used by various utility programs as a human-readable identifier for the group.
 2. Encrypted password — The encrypted password for the group.
 3. Group administrators — Group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command.
 4. Group members — Group members listed here (in a comma delimited list) are regular, non-administrative members of the group.

Permission Type-

1. symbolic Method
2. Numeric Method

Permission Precedence-

 if UID matches, user permissions apply
 otherwise, if GID matches, group permissions apply
 if neither match, other permissions apply.

Examining Permissions-
File permissions may be viewed using
 ls -l #ls -l

 file type and permissions represented by 10 character string.

 For Example-

 Defaults Permissions 
root user: 
1. defaults permission for directories is 777
 2. defaults permission for files is 666

Non-privileged user:

 1. files will have permissions of 664
 2. directories will have permissions of 775

Umask Value-

Umask is a bit value, which is define your default files and directory's permission.
By default umask value 0022

 #umask                   (show umask value)
 #umask 0011           (Change the umask value)

Full Permission
Default Permission
Umask Value

Symbolic Permission type

Four sysbols are used when displaying permissions:
 r: permission to read a file or list a directory contents
 w: permission to write to a file or create and remove files from the directory
x: permission to execute a program or change into a directory and do a long listing of a directory
 -: no permission (in place of the r,w,x)

 Changing Permissions-
Symbolic Method to change access modes:

 #chmod [-R] mode file_name
 where mode is: u,g, or o for user, group, and other
+ or - for grant or deny
 r,w,or x for read, write, or execute

 who may be operator may be permissions may be
u + r (read)
g - w (write)
o = x
 a t

 #chmod u+w,go-w file
 grant write access to owner but denies it to group and other.

 #chmod u=rw file
 set user permissions to read and write.
 #chmod +r file
 make the file world-readable.

 “a useful option to chmod is -R (recursive). this option tell chmod to traverse an entire directory tree to change the permission of all its files and subfolders.”

 Changing Permissions- Numeric Method- 
uses a three-digit mode number:
>first digit specifies owner's permissions
 >second digit specifies group permissions
 >third digit specifies other's permission

 Permissions are calculated by adding:
 4 (read)
2 (write)
1 (execute)

set permission to file 
#chmod 664 file
grant read/write to the owner and group, and read only to others.

 #chmod 660 file
 grant read/write to the owner and group, and no permission to others.

 #chmod 600 file
 grant read/write to owner and no permission to set group and others.

#chmod 444 file
grant read only permission to all.

Examples: set permission to directory
 #chmod 755 directory
 grant full permission to owner and read and execute to group and others.

 #chmod 770 directory
 grand full permission to owner and group no permission to others.

 #chmod 700 directory
 grant full permission to owner no permission to group and others.

 #chmod 555 directory
 grant read and execute permission to all. You can change the owner of a file-

 #chown username filename
 You can change the group ownership of a file-

#chgrp groupname filename

Click Back..                                Click Home..