07-10-2018, 06:58 PM
Users, Groups, and Other Linux Beasts
<div style="margin: 5px 5% 10px 5%;"><img src="http://www.sickgaming.net/blog/wp-content/uploads/2018/07/users-groups-and-other-linux-beasts.jpg" width="1687" height="981" title="" alt="" /></div><div><div><img src="http://www.sickgaming.net/blog/wp-content/uploads/2018/07/users-groups-and-other-linux-beasts.jpg" class="ff-og-image-inserted" /></div>
<p>Having reached this stage, <a href="https://www.linux.com/blog/learn/2018/5/manipulating-directories-linux">after seeing how to manipulate folders/directories</a>, but before flinging ourselves headlong into fiddling with files, we have to brush up on the matter of <i>permissions</i>, <i>users</i> and <i>groups</i>. Luckily, <a href="https://www.linux.com/learn/understanding-linux-file-permissions">there is already an excellent and comprehensive tutorial on this site that covers permissions</a>, so you should go and read that right now. In a nutshell: you use permissions to establish who can do stuff to files and directories and what they can do with each file and directory — read from it, write to it, move it, erase it, etc.</p>
<p>To try everything this tutorial covers, you’ll need to create a new user on your system. Let’s be practical and make a user for anybody who needs to borrow your computer, that is, what we call a <i>guest account</i>.</p>
<p><b>WARNING:</b> <i>Creating and especially deleting users, along with home directories, can seriously damage your system if, for example, you remove your own user and files by mistake. You may want to practice on another machine which is not your main work machine or on a virtual machine. Regardless of whether you want to play it safe, or not, it is always a good idea to back up your stuff frequently, check the backups have worked correctly, and save yourself a lot of gnashing of teeth later on.</i></p>
<h3>A New User</h3>
<p>You can create a new user with the <code>useradd</code> command. Run <code>useradd</code> with superuser/root privileges, that is using <code>sudo</code> or <code>su</code>, depending on your system, you can do:</p>
<pre>
sudo useradd -m guest
</pre>
<p>… and input your password. Or do:</p>
<pre>
su -c "useradd -m guest"
</pre>
<p>… and input the password of root/the superuser.</p>
<p>(<i>For the sake of brevity, we’ll assume from now on that you get superuser/root privileges by using <code>sudo</code></i>).</p>
<p>By including the <code>-m</code> argument, <code>useradd</code> will create a home directory for the new user. You can see its contents by listing <i>/home/guest</i>.</p>
<p>Next you can set up a password for the new user with</p>
<pre>
sudo passwd guest
</pre>
<p>Or you could also use <code>adduser</code>, which is interactive and asks you a bunch of questions, including what shell you want to assign the user (yes, there are more than one), where you want their home directory to be, what groups you want them to belong to (more about that in a second) and so on. At the end of running <code>adduser</code>, you get to set the password. Note that <code>adduser</code> is not installed by default on many distributions, while <code>useradd</code> is.</p>
<p>Incidentally, you can get rid of a user with <code>userdel</code>:</p>
<pre>
sudo userdel -r guest
</pre>
<p>With the <code>-r</code> option, <code>userdel</code> not only removes the <i>guest</i> user, but also deletes their home directory and removes their entry in the mailing spool, if they had one.</p>
<h3>Skeletons at Home</h3>
<p>Talking of users’ home directories, depending on what distro you’re on, you may have noticed that when you use the <code>-m</code> option, <code>useradd</code> populates a user’s directory with subdirectories for music, documents, and whatnot as well as an assortment of hidden files. To see everything in you guest’s home directory run <code>sudo ls -la /home/guest</code>.</p>
<p>What goes into a new user’s directory is determined by a skeleton directory which is usually <i>/etc/skel</i>. Sometimes it may be a different directory, though. To make check which directory is being used, run:</p>
<pre>
<b>useradd -D</b>
GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=no
</pre>
<p>This gives you some extra interesting information, but what you’re interested in right now is the <code>SKEL=/etc/skel</code> line. In this case, and as is customary, it is pointing to <i>/etc/skel/</i>.</p>
<p>As everything is customizable in Linux, you can, of course, change what gets put into a newly created user directory. Try this: Create a new directory in <i>/etc/skel/</i>:</p>
<pre>
sudo mkdir /etc/skel/Documents
</pre>
<p>And create a file containing a welcome text and copy it over:</p>
<pre>
sudo cp welcome.txt /etc/skel/Documents
</pre>
<p>Now delete the guest account:</p>
<pre>
sudo userdel -r guest
</pre>
<p>And create it again:</p>
<pre>
sudo useradd -m guest
</pre>
<p>Hey presto! Your <i>Documents/</i> directory and <i>welcome.txt</i> file magically appear in the guest’s home directory.</p>
<p>You can also modify other things when you create a user by editing <i>/etc/default/useradd</i>. Mine looks like this:</p>
<pre>
GROUP=users HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=no
</pre>
<p>Most of these options are self-explanatory, but let’s take a closer look at the <code>GROUP</code> option.</p>
<h3>Herd Mentality</h3>
<p>Instead of assigning permissions and privileges to users one by one, Linux and other Unix-like operating systems rely on <i>groups</i>. A group is a what you imagine it to be: a bunch of users that are related in some way. On your system you may have a group of users that are allowed to use the printer. They would belong to the <i>lp</i> (for “<i>line printer</i>“
group. The members of the <i>wheel</i> group were traditionally the only ones who could become superuser/root by using <i>su</i>. The <i>network</i> group of users can bring up and power down the network. And so on and so forth.</p>
<p>Different distributions have different groups and groups with the same or similar names have different privileges also depending on the distribution you are using. So don’t be surprised if what you read in the prior paragraph doesn’t match what is going on in your system.</p>
<p>Either way, to see which groups are on your system you can use:</p>
<pre>
getent group
</pre>
<p>The <code>getent</code> command lists the contents of some of the system’s databases.</p>
<p>To find out which groups your current user belongs to, try:</p>
<pre>
groups
</pre>
<p>When you create a new user with <code>useradd</code>, unless you specify otherwise, the user will only belong to one group: their own. A <i>guest</i> user will belong to a <i>guest</i> group and the group gives the user the power to administer their own stuff and that is about it.</p>
<p>You can create new groups and then add users to them at will with the <code>groupadd</code> command:</p>
<pre>
sudo groupadd photos
</pre>
<p>will create the <i>photos</i> group, for example. Next time, we’ll use this to build a shared directory all members of the group can read from and write to, and we’ll learn even more about permissions and privileges. Stay tuned!</p>
<p><em>Learn more about Linux through the free <a href="https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux">“Introduction to Linux” </a>course from The Linux Foundation and edX.</em></p>
</div>
<div style="margin: 5px 5% 10px 5%;"><img src="http://www.sickgaming.net/blog/wp-content/uploads/2018/07/users-groups-and-other-linux-beasts.jpg" width="1687" height="981" title="" alt="" /></div><div><div><img src="http://www.sickgaming.net/blog/wp-content/uploads/2018/07/users-groups-and-other-linux-beasts.jpg" class="ff-og-image-inserted" /></div>
<p>Having reached this stage, <a href="https://www.linux.com/blog/learn/2018/5/manipulating-directories-linux">after seeing how to manipulate folders/directories</a>, but before flinging ourselves headlong into fiddling with files, we have to brush up on the matter of <i>permissions</i>, <i>users</i> and <i>groups</i>. Luckily, <a href="https://www.linux.com/learn/understanding-linux-file-permissions">there is already an excellent and comprehensive tutorial on this site that covers permissions</a>, so you should go and read that right now. In a nutshell: you use permissions to establish who can do stuff to files and directories and what they can do with each file and directory — read from it, write to it, move it, erase it, etc.</p>
<p>To try everything this tutorial covers, you’ll need to create a new user on your system. Let’s be practical and make a user for anybody who needs to borrow your computer, that is, what we call a <i>guest account</i>.</p>
<p><b>WARNING:</b> <i>Creating and especially deleting users, along with home directories, can seriously damage your system if, for example, you remove your own user and files by mistake. You may want to practice on another machine which is not your main work machine or on a virtual machine. Regardless of whether you want to play it safe, or not, it is always a good idea to back up your stuff frequently, check the backups have worked correctly, and save yourself a lot of gnashing of teeth later on.</i></p>
<h3>A New User</h3>
<p>You can create a new user with the <code>useradd</code> command. Run <code>useradd</code> with superuser/root privileges, that is using <code>sudo</code> or <code>su</code>, depending on your system, you can do:</p>
<pre>
sudo useradd -m guest
</pre>
<p>… and input your password. Or do:</p>
<pre>
su -c "useradd -m guest"
</pre>
<p>… and input the password of root/the superuser.</p>
<p>(<i>For the sake of brevity, we’ll assume from now on that you get superuser/root privileges by using <code>sudo</code></i>).</p>
<p>By including the <code>-m</code> argument, <code>useradd</code> will create a home directory for the new user. You can see its contents by listing <i>/home/guest</i>.</p>
<p>Next you can set up a password for the new user with</p>
<pre>
sudo passwd guest
</pre>
<p>Or you could also use <code>adduser</code>, which is interactive and asks you a bunch of questions, including what shell you want to assign the user (yes, there are more than one), where you want their home directory to be, what groups you want them to belong to (more about that in a second) and so on. At the end of running <code>adduser</code>, you get to set the password. Note that <code>adduser</code> is not installed by default on many distributions, while <code>useradd</code> is.</p>
<p>Incidentally, you can get rid of a user with <code>userdel</code>:</p>
<pre>
sudo userdel -r guest
</pre>
<p>With the <code>-r</code> option, <code>userdel</code> not only removes the <i>guest</i> user, but also deletes their home directory and removes their entry in the mailing spool, if they had one.</p>
<h3>Skeletons at Home</h3>
<p>Talking of users’ home directories, depending on what distro you’re on, you may have noticed that when you use the <code>-m</code> option, <code>useradd</code> populates a user’s directory with subdirectories for music, documents, and whatnot as well as an assortment of hidden files. To see everything in you guest’s home directory run <code>sudo ls -la /home/guest</code>.</p>
<p>What goes into a new user’s directory is determined by a skeleton directory which is usually <i>/etc/skel</i>. Sometimes it may be a different directory, though. To make check which directory is being used, run:</p>
<pre>
<b>useradd -D</b>
GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=no
</pre>
<p>This gives you some extra interesting information, but what you’re interested in right now is the <code>SKEL=/etc/skel</code> line. In this case, and as is customary, it is pointing to <i>/etc/skel/</i>.</p>
<p>As everything is customizable in Linux, you can, of course, change what gets put into a newly created user directory. Try this: Create a new directory in <i>/etc/skel/</i>:</p>
<pre>
sudo mkdir /etc/skel/Documents
</pre>
<p>And create a file containing a welcome text and copy it over:</p>
<pre>
sudo cp welcome.txt /etc/skel/Documents
</pre>
<p>Now delete the guest account:</p>
<pre>
sudo userdel -r guest
</pre>
<p>And create it again:</p>
<pre>
sudo useradd -m guest
</pre>
<p>Hey presto! Your <i>Documents/</i> directory and <i>welcome.txt</i> file magically appear in the guest’s home directory.</p>
<p>You can also modify other things when you create a user by editing <i>/etc/default/useradd</i>. Mine looks like this:</p>
<pre>
GROUP=users HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=no
</pre>
<p>Most of these options are self-explanatory, but let’s take a closer look at the <code>GROUP</code> option.</p>
<h3>Herd Mentality</h3>
<p>Instead of assigning permissions and privileges to users one by one, Linux and other Unix-like operating systems rely on <i>groups</i>. A group is a what you imagine it to be: a bunch of users that are related in some way. On your system you may have a group of users that are allowed to use the printer. They would belong to the <i>lp</i> (for “<i>line printer</i>“
group. The members of the <i>wheel</i> group were traditionally the only ones who could become superuser/root by using <i>su</i>. The <i>network</i> group of users can bring up and power down the network. And so on and so forth.</p><p>Different distributions have different groups and groups with the same or similar names have different privileges also depending on the distribution you are using. So don’t be surprised if what you read in the prior paragraph doesn’t match what is going on in your system.</p>
<p>Either way, to see which groups are on your system you can use:</p>
<pre>
getent group
</pre>
<p>The <code>getent</code> command lists the contents of some of the system’s databases.</p>
<p>To find out which groups your current user belongs to, try:</p>
<pre>
groups
</pre>
<p>When you create a new user with <code>useradd</code>, unless you specify otherwise, the user will only belong to one group: their own. A <i>guest</i> user will belong to a <i>guest</i> group and the group gives the user the power to administer their own stuff and that is about it.</p>
<p>You can create new groups and then add users to them at will with the <code>groupadd</code> command:</p>
<pre>
sudo groupadd photos
</pre>
<p>will create the <i>photos</i> group, for example. Next time, we’ll use this to build a shared directory all members of the group can read from and write to, and we’ll learn even more about permissions and privileges. Stay tuned!</p>
<p><em>Learn more about Linux through the free <a href="https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux">“Introduction to Linux” </a>course from The Linux Foundation and edX.</em></p>
</div>