Linux basic Users administrations are to adding users & assign them various privileges & access over various files directory. Sometime we also use to work on sudo as well for assigning important task to users itself. So that Users need not for Admin accounts for specific task as well. I’ll try my best to give some example over these all so that during reading you will feel some hands on experience on various commands. Here we trying to make Users group first. Then we will move to permissions sudo.

How to add Users

Here we are planning to add some Users.

#useradd a1
#useradd a2
#useradd b1
#useradd b2
#useradd c1
#useradd c2

We still not assign the password to users. Without assigning the password user’s account is locked. Now we have to assign the passwords for the users. For this passwd  command is used.

[root@srv30 ~]# passwd a2
Changing password for user a2.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully

You can also use a graphical user interface for this all. System-config-users. As we know graphical user interface is quite easy too use.

These users information is kept in /etc/passwd file. This file is text file with one record each line which gives user account information. One line contains seven fields which are separated by colons. Order of lines is not important.

a1:x:500:500::/home/a1:/bin/bash
a2:x:501:501::/home/a2:/bin/bash
b1:x:502:502::/home/b1:/bin/bash
b2:x:503:503::/home/b2:/bin/bash
c1:x:504:504::/home/c1:/bin/bash
c2:x:505:505::/home/c2:/bin/bash

Let’s talk about the fields of line. These are from left to right. Like.
1.This is basically is User name. You can also say like login name at the time of login the system.
2.This is kind of filed which store the information to validate the user’s password. But now this usually set to “x” with the actual password stored in other shadow file.
3.This field is about the group. This is basically a primary group id. Whenever user is created a group is automatic create with the same name & group id. When you give some different group name for primary group during the user creation, it creates that group for you instead of making same name group.
4.This field is for user id, In Linux system like in centos. Users which are made after the system installation by you will be start from 500. Means non-system users are start from 500 user id. Same will be with the primary group which was described above.
5.This field is kind of comment or some extra information for the user account. You can say it like it is not unique & also not affect the system in any manner. Normally this field is blank which can use with -c in useradd command.
6.This field is for user’s home directory.
7.This field is for user’s shell. Shell is kind of program that start at logon time of user on system.

As the User made, automatically a group is created or can be specified one existing group. This is called of primary or private group. A user can be member of one primary group only. All the files & directories created by this user are belongs to this group. You can also add user t another group as secondary groups.
So means of saying here this is permissions in Linux are revolving around the groups. Files or directory permission for groups defined by groups membership of users, No matter its is user’s primary or secondary group

Groups can be made with groupadd command.

[root@srv30 ~]#groupadd a
[root@srv30 ~]#groupadd b
[root@srv30 ~]#groupadd c

Let’s take an example. User a2 is member of a2 primary group and a1, a secondary group. So now any files directories have permission for these groups will be accessible to user a2 as well.

drwxrwxr-x   2 a1   a2    4096 Oct  1 15:28 data0
drwxrwxr-x   2 a1   a1    4096 Oct  1 15:28 data1
drwxrwxr-x   2 a1   a    4096 Oct  1 15:28 data2

All these directories will be accessible by user a2.

User’s properties can also be modified after their creation through usermod command. This command can be used like adding secondary group.

[root@srv30 ~]#usermod -aG b a2 -G for secondary group -a for append the group list otherwise it delete all other secondary group from user’s list 
[root@srv30 ~]# su -l a2
[a2@srv30 ~]$ id
uid=501(a2) gid=501(a2) groups=500(a1),501(a2),506(a),507(b)

Here in this command you can see user a2 is also added to one more secondary group b. -G is used for secondary group & -a is used for appending one more group otherwise all pervious groups will be deleted & only new one will be reflected In id command like in below screen.

[root@srv30 ~]# usermod -G c a2  -G is for secondary group c is group name 
[root@srv30 ~]# !su
su -l a2
[a2@srv30 ~]$ id   use id command to see the groups of user 
uid=501(a2) gid=501(a2) groups=501(a2),508(c)

We can even assign a password for users to access the group permission like now user a2 is in primary group of a2 & secondary group of c. How can user a2 access the directories that have permission for group b. This way this new group will became primary group of hat user till that login

drwxrwx--- 2 root b 4096 Oct 1 19:53 data  Directory permission. Read+write+execute for user
                                           Read+write+execute for group.User of this directory is root group of this directory is b 

[root@srv30 ~]# gpasswd b                  Assign password for group b
Changing the password for group b
New Password:
Re-enter new password:
[root@srv30 ~]# su -l a2                   Login to a2 user
[a2@srv30 ~]$ id                           Check user’s group membership
uid=501(a2) gid=501(a2) groups=501(a2),508(c)
[a2@srv30 ~]$ cd /data                     Try to go /data directory
-bash: cd: /data: Permission denied
[a2@srv30 ~]$ newgrp b                     Try to get membership of group b
Password:
[a2@srv30 ~]$ id                           Check user’s group membership again
uid=501(a2) gid=507(b) groups=501(a2),507(b),508(c)
[a2@srv30 ~]$ cd /data                     Now able to go /data directory
[a2@srv30 data]$ touch f1                  Able to make file as well inside the directory 
[a2@srv30 data]$ ll                                                                          
total 0
-rw-r--r-- 1 a2 b 0 Oct  1 20:15 f1
[a2@srv30 data]$ exit                      Come out of group b membership 
[a2@srv30 ~]$ logout                       Logout from user’s account
[root@srv30 ~]#

Some time we need to make some bulk users in Linux. I have some script for this, might help you somewhere.

In first script you can add users with default passwords. Just you need to make user’s list that you want to make.

#!/bin/bash
cat user_list | while read line; do 
useradd $line 
echo passw0rd | passwd --stdin $line 
done

File user_list is should like this.

U1
U2
U3
U4
U5
U6
U7

In second script you can also use different password for all users.

#!/bin/bash 
cat user_list | while read line; do 
user_name=`echo $line | awk '{print $1}'` 
useradd $user_name 
user_password=`echo $line | awk {'print $2}'` 
echo $user_password |  passwd --stdin $user_name 
done

File user_list for this script should look like this.

u1 passw0rd
u2 passw0rd
u3 passw0rd
u4 passw0rd
u5      12
u6 passw0rd
u7 12