In this page we will try to cover Linux User and group creation, modification, deletion and detail management through Graphical and command-line user interface and cover advance topics like group directories and permission.We are working on CentOS7.4 machine latest as of now Dec 2017.

In Linux user/group could be used as individual or through an automated application for access data or to run applications. User within same group have same permission for read, write and execute system files.

Each user and group has unique ID. UID for users and GID for groups.FIle or directory created by user has owner and group owner of same file or directory. File and directory has read, write and execute permission for owner, group and everyone else. File or directory owner can only changed through root and owner.

Users can also member of many secondary groups for access permission on file-system, permission provided on group were available to all member users. This way it always easy to mange permission for build users.

Linux operating system also has ACL (Access control list) through which we could allow permission for specific users and directory which provide wide range of access on Linux file system.

Umask concept is used to assigned permission on new file adn directory, Umask 022 mentioned in /etc/bashrc, this define that only creator can modify files and all other including group can’t make changes in file or directory.

In Linux system, some User and Group are reserve for system. In CentOS7/RHEL7, below 1000 IDs are reserved. In Linux system we have /etc/login.defs which has directives used to manage user and group reservation.

Users created in linux has its uniq UID and GID. Group created while User creation is private or primary group with same name as user, this is UPG scheme. Details information stored in /etc/passwd file for Users and /etc/group for groups.

User password stored in /etc/shadow file in encrypted format, this is only readable to root user. Some security policies defined on login.defs are enforced to all users.

We should connect above knowledge with some example, this help in understanding thing in better way.

Creation of User

First we try to understand things with command-line tools because most linux admins used command-line tools over graphical which easy to load and powerful to use.

In linux command-line, user creation could be perform in many ways, mainly used “useradd”, which is comes with shadow-utils package.

Syntax

useradd [option] [user-name]

With default options, we could create user like below. This will create a locked user account, we have to assign password to account to unlock it on first time.

# useradd u1

# passwd u1

Commonly used option with useradd command

-c comment   -- This is string add for some short description about account

-d home-dir  -- Used to mention home dir instead to default one.

-g gid       -- Used to mention existing group as private group name or number of user account.

-G groups    -- list of secondary or supplement group

-u uid       -- Numeric value for user account, this must be unique, until -o option is used 

-o non-unique-- Allow the creation of a user account with a duplicate (non-unique) UID, this would only work with -u option which mention UID.

-s shell     -- user login shell In case we leave it blank, it will take take system will use SHEEL variable mentioned in /etc/default/useradd file.

Once we create a user it create entries for u1 user in some of system files, mentioned below.

[root@srv7-1 ~]# grep u1 /etc/passwd /etc/shadow /etc/shadow /etc/gshadow
/etc/passwd: u1:x:1000:1000::/home/u1:/bin/bash

/etc/group: u1:x:1000:

/etc/shadow: u1:!!:17444:0:99999:7:::

/etc/gshadow: u1:!::

We will talk in details about these files and their contents. First let’s see status of account created above.

# finger u1
Login: u1             			Name: 
Directory: /home/u1                 	Shell: /bin/bash
Never logged in.
No mail.
No Plan.

While creation of user account, we just provided username, but system automatically create other user settings. We could manage these default settings in two ways.

We Can create user with options to change default settings, mentioned below …

# useradd -c "user2" -s /bin/sh -d /data/u2 -u 1005 -g 1010 -G group2 u2

# finger u2
Login: u2             			Name: user2
Directory: /data/u2                 	Shell: /bin/sh
Never logged in.
No mail.
No Plan.
[root@srv7-1 ~]# groups u2
u2 : group1 group2

With above we can see we could easily able to change default system useradd settings with various options provide with useradd command.

We have mainly two system files used to manage User and group in RHEL7 machines. These are /etc/login.defs and /etc/default/useradd

We can make changes in these files to change defaults system settings for every new User and group. We have modification commands (usermod and groupmod) which could modified already existing Users and Groups.

User creation process

if we see behind User creation, Linux has one entry for every user in /etc/passwd file and /etc/shadow files. There are two other files which have entries for user private group. Let’s
see details for these files.

/etc/passwd

This is main system file carry user account information. Whenever we create user account, one line get append below file for same account, this line has seven fields separated though : character and linux is such flexible operating system that we could create user manually without any command or GUI with just appending account information line below this file. We should understand what exactly happened when user create and how it login on system to use system resource. I would try to write complete post for creating user manually on linux systems. Let’s understand /etc/passwd seven fields. So if we create u1 user, below line would append /etc/passwd file.

u1:x:1000:1000::/home/u1:/bin/bash

Now we should understand, What seven fields corresponds to.

  • Name -- First field carried login name, through which he/she use for login.
  • x -- There is an x, which indicate that system is using shadow password for this user
  • UID -- User ID(UID), in case of non-system user its is greater than 999 otherwise UID below 1000 are reserved for system users.
  • GID -- Group ID(GID), in case of non-system group its is greater than 999 otherwise UID below 1000 are reserved for system group.
  • comment -- This is left blank, can used to provide additional information for user account
  • Home Directory -- This is user account home directory
  • Shell -- This is Shell provided to user account.

Now we talk about /etc/shadow file fields regarding user creation.

/etc/shadow

This system file carried password information for all linux machine’s users. This file carried nine fields separated through : character. When we create a user one line get append automatically to this file.This file is only readable or writable to root user, Any user can change their own password through /bin/passwd because of sticky bit. Let’s see details columns for this file regarding user account for u1.

u1:$6$WH8ZJjYm$HMUKQk17jBQt3sUTDK.gDp6EJeXR8EzkVo0NPkYbkJW..oj.Bf6uthQMYdCX9U0sdsadjxu8WPSYS7jxDv3eT.:17446:0:99999:7:::
  • Name -- First field carry user account name
  • password -- Until we set user password, this field has two exclamation mark (!!). After assignation of password it carry encrypted password.
  • last change -- days since Jan 1, 1970 password was last changed
  • Minimum Days -- days before which password may not be changed
  • Maximum Days -- days after which password must be changed
  • Waring Days -- days before password is to expire that user is warned of pending password expiration
  • inactive Days -- days after password expires that account is considered inactive and disabled
  • Expire Days -- days since Jan 1, 1970 when account will be disabled
  • Reserved -- reserved for future use

Now let’s talk about /etc/group.

/etc/group

This system file is used to carry information for groups created on linux system. Whenever we create user, it create one private group for user account with same name. So for any group creation one line get append on /etc/group file.

u1:x:1000:

if you read above details, then its quit easy to understand what this output means.Let’s discuss this …

  • Name -- This is group name, it could be private group on name of user account or individual group name
  • x -- There is an x, which indicate that system is using gshadow password for this group, yes this group can have password
  • GID -- This is Group ID(GID) used to identify groups.

/etc/gshadow

Now we should talk about /etc/gshadow. This is another system file used to carry group password information. When ever we add any group, one line get append below this file.

u1:!::
  • Name -- This is group name, it could be private group on name of user account or individual group name
  • password -- This field has exclamation mark until password assigned, once password assign, after assignation of password it carry encrypted password

Now we could talk about User home directory and Skel directory.

User Home Directory

By default, when user create on linux machine, it automatically create home directory. Creation of home directory in predefined Directory mentioned in /etc/default/useradd with $HOME variable. Home directory is user’s own personal space which can accessible though root and user only. If any user has home directory it should mentioned in /etc/passwd for every user.

Skel directory

During process of user creation content of /etc/skel get copied into user’s home directory, for user account settings. This is regarding user account default environment variables.

Content of /etc/skel

# ls -la /etc/skel/
total 24
drwxr-xr-x.  2 root root   59 Sep 29 05:06 .
drwxr-xr-x. 82 root root 8192 Oct  8 16:09 ..
-rw-r--r--.  1 root root   18 Sep  6 21:55 .bash_logout
-rw-r--r--.  1 root root  193 Sep  6 21:55 .bash_profile
-rw-r--r--.  1 root root  231 Sep  6 21:55 .bashrc

Now we should see how we can add User and Group through Graphical user interface

Graphical User interface for User and Group addition

In RHEL/centOS machine , there is graphical user interface which used to manage User and Group. For opening Graphical User interface for User creation tool, press super key type user and press enter. This will open graphical console for User and group management.Let’s see how it looks and what possibilities we have with this tool.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

With Above image, we can easily seen that RHEL7/CentOS7 has nice tool with huge and flexible features inbuilt.I hope we could easily able to manage User and Group from it now further.