Comprehensive Guide to User and Group Management in Linux Systems: Covering Core Operations like Creation, Modification, and Permission Control

1. User Management

1. View User Information

# View all users
cat /etc/passwd         # Basic user information
getent passwd           # Compatible with LDAP and other authentication methods

# View currently logged-in users
who                     # Simple view
w                       # Detailed information (including activity)
users                   # Show only usernames

# View specific user information
id username             # Show UID/GID/Group
finger username         # Detailed user information (requires installation)



2. Create User

sudo useradd -m -s /bin/bash -c "User Description" username
# Option explanation:
# -m Create home directory
# -s Specify shell
# -c Comment information

# More user-friendly command (recommended)
sudo adduser username   # Interactive creation (Debian-based)



3. Modify User Attributes

sudo usermod -aG sudo username   # Add sudo privileges
sudo usermod -s /sbin/nologin username  # Disable login
sudo usermod -L username          # Lock account
sudo usermod -U username          # Unlock account



4. Delete User

sudo userdel -r username   # -r also deletes home directory and mail



5. Password Management

sudo passwd username       # Set/modify password
sudo chage -l username     # View password expiration information
sudo chage -E 2024-12-31 username  # Set account expiration date



2. Group Management

1. View Group Information

cat /etc/group
getent group
groups username    # View groups the user belongs to



2. Create/Delete Group

sudo groupadd developers
sudo groupdel developers



3. Manage Group Members

sudo gpasswd -a username developers  # Add user to group
sudo gpasswd -d username developers  # Remove user from group
sudo usermod -g primarygroup username # Change primary group



4. Set Group Administrator

sudo gpasswd -A username developers  # Specify group administrator



3. Permission Control

1. Basic File Permissions

chmod u+rwx,g+rx,o-rwx file  # User read/write/execute / Group read/execute / Others no permissions
chmod 750 directory/          # User rwx / Group rx / Others no permissions

# Numeric permission correspondence:
# 4(r) + 2(w) + 1(x) = 7
# For example: 755 = rwxr-xr-x



2. Special Permissions

chmod u+s file       # Set SUID (run as owner when executed)
chmod g+s directory  # Set SGID (new files inherit group)
chmod +t /shared/    # Set sticky bit (only owner can delete)



3. ACL Advanced Permissions

# View ACL permissions
getfacl /path/to/file

# Set ACL
setfacl -m u:username:rwx /path  # Add permissions for user
setfacl -m g:groupname:r-x /path # Add permissions for group
setfacl -x u:username /path      # Remove specific ACL entry



4. Sudo Permission Management

1. Configure sudoers

sudo visudo   # Safely edit /etc/sudoers



Typical Configuration:

# Allow user to execute all commands
username ALL=(ALL:ALL) ALL

# Allow group to execute specific commands
%developers ALL=(root) /usr/bin/apt, /usr/bin/systemctl



2. Passwordless sudo

username ALL=(ALL) NOPASSWD: ALL



3. Restrict Command Parameters

username ALL=(root) /bin/kill, /usr/bin/apt, !/usr/bin/apt *remove*



5. Login Restrictions

1. Restrict Login Shell

sudo usermod -s /sbin/nologin username  # Disable interactive login
sudo usermod -s /bin/false username     # Completely disable



2. Restrict Login Time

# Edit /etc/security/time.conf
username;*;*;Wk0800-1700



3. Restrict Concurrent Logins

# Edit /etc/security/limits.conf
username hard maxlogins 2



6. Batch User Management

1. Batch Create Users

# Use newusers command
echo"user1:x:1001:1001::/home/user1:/bin/bash" | sudo newusers

# Batch create from file
sudo newusers users.list



2. Batch Modify Passwords

# Use chpasswd
echo"username:newpassword" | sudo chpasswd

# Batch modify from file
sudo chpasswd < passwords.list



3. Batch Add Groups

for user in user1 user2 user3; do
sudo usermod -aG developers $user
done



7. Security Best Practices

  1. Password Policy:

    # Edit /etc/login.defs
    PASS_MAX_DAYS   90
    PASS_MIN_DAYS   7
    PASS_WARN_AGE   14
    
    # Install pam_cracklib
    sudo apt install libpam-cracklib
    
    
    
    

  2. Audit Users:

    sudo lastlog                   # View last login
    sudo grep 'Failed password' /var/log/auth.log  # View failed attempts
    
    
    
    

  3. Principle of Least Privilege:

  • Create dedicated users for services (e.g., <span>www-data</span> for web services)

  • Use <span>sudo</span> instead of directly using root

8. Troubleshooting

1. User Cannot Login

# Check items:
cat /etc/passwd | grep username  # Confirm user exists
ls -ld /home/username/          # Check home directory permissions
sudo grep username /etc/shadow  # Check password status



2. Permission Issues

# Check process:
id username                    # Confirm user group
getfacl /path                  # Check ACL
sudo -u username ls /path      # Simulate user operation



3. Sudo Errors

# Common reasons:
# 1. User not in sudoers file
# 2. Command path not in secure path
# 3. Command explicitly denied



9. Common Command Quick Reference

Operation

Command

Create User

<span>sudo adduser username</span>

Modify Group

<span>sudo usermod -aG groupname username</span>

Delete User

<span>sudo userdel -r username</span>

View Permissions

<span>ls -l /path</span>

Modify Permissions

<span>chmod 755 file</span>

Change Owner

<span>chown user:group file</span>

Set ACL

<span>setfacl -m u:user:rwx file</span>

By mastering these commands, you can:

  • Efficiently manage system users and permissions

  • Implement fine-grained access control

  • Quickly troubleshoot account-related issues

  • Build a secure user management system

Leave a Comment