Users and Groups in Linux

by

In any operating system, users and groups play a crucial role in managing access and permissions. When a process runs, it operates under the identity of a specific user—whether it’s Jane, Bob, or a system service. File access and ownership are strictly permission-based, ensuring that users cannot view or modify files they don’t have permission for. For example, Jane should not be able to access Bob’s private documents unless explicitly allowed.

Each user has a home directory where their personal files are stored. This directory is usually located at:

/home/username

(though this may vary depending on the Linux distribution).

User Identification (UID) and Group Identification (GID)

  • Linux identifies users by User IDs (UIDs) rather than just usernames. Usernames are a more human-friendly way to manage accounts, but the system uses UIDs for internal processes.
  • Groups help organize users with common permissions. Groups are identified by Group IDs (GIDs) and allow multiple users to share access to certain files or system functions.

System Users and the Root User

In addition to human users, Linux also has system users. These accounts are primarily used for system services and background processes (daemons) that keep the system running smoothly.

One of the most important users is the root user (also called the superuser). The root user has complete control over the system, including access to all files and the ability to start or terminate any process. However, using the root account all the time can be risky, as accidental actions (like deleting system-critical files) can cause major issues.

Using sudo for Root Privileges

Instead of logging in as root, a safer method is to use the sudo command (short for “superuser do”). This allows an authorized user to run specific commands with root privileges.

For example, let’s try to view a restricted file, such as /etc/shadow, which stores password hashes. Run:

$ cat /etc/shadow

You’ll likely see a Permission Denied error. Now, check the file’s permissions:

$ ls -la /etc/shadow

Example output:

-rw-r----- 1 root shadow 1134 Dec 1 11:45 /etc/shadow

This means only the root user and members of the shadow group can access it.

To view the file with root access, use sudo:

$ sudo cat /etc/shadow

Now, you’ll be able to see the file’s contents!

Using Root (Superuser) Access in Linux

Previously, we discussed how to gain superuser (root) access using the sudo command. Another method to execute commands as the superuser is by using the su command.

Using the su Command

The su command stands for “substitute user” and allows you to switch to another user account. If no username is specified, it defaults to the root user, opening a root shell. To use it, simply enter:

$ su

You’ll be prompted to enter the root password. If entered correctly, you will have full superuser privileges.

Why su is Risky

Although su provides root access, there are some disadvantages:

  • Higher Risk of Mistakes: Running the entire session as root increases the chances of accidentally modifying or deleting critical system files.
  • Lack of Command Tracking: Unlike sudo, commands executed via su are not logged, making it harder to track system changes.

For these reasons, it is generally safer to use sudo instead of su when executing commands that require elevated privileges.

Who Can Use sudo?

Not every user is allowed to execute commands as superuser. The system restricts root access to specific users for security reasons.

The /etc/sudoers file determines which users or groups have permission to use sudo. To modify this file safely, use the visudo command:

$ sudo visudo

This ensures that changes are properly validated before saving, preventing syntax errors that could lock users out of administrative access.

Understanding the /etc/passwd File in Linux

In Linux, usernames are just human-friendly labels, but the system actually identifies users using a User ID (UID). To see which users are mapped to which UIDs, you can check the /etc/passwd file.

Viewing the /etc/passwd File

To display the contents of this file, use the following command:

$ cat /etc/passwd

This file contains a list of users, with each line representing a single user. The first line usually looks like this:

root:x:0:0:root:/root:/bin/bash

Each line contains several fields, separated by colons (:). Let’s break them down:

  1. Username – The name of the user (e.g., root).
  2. Password Placeholder – This usually contains an x, meaning the encrypted password is stored in the /etc/shadow file. Other symbols include:
    • x → Password stored in /etc/shadow
    • * → User cannot log in
    • Empty field → User has no password
  3. User ID (UID) – A unique number identifying the user (root always has UID 0).
  4. Group ID (GID) – The primary group associated with the user.
  5. GECOS Field – Stores additional user information, such as the real name or contact details (comma-separated).
  6. Home Directory – The default directory where the user’s personal files are stored (/root for root, /home/username for regular users).
  7. Shell – The default command-line shell assigned to the user (e.g., /bin/bash).

System Users vs. Human Users

You may notice many users listed in /etc/passwd that are not actual people. These are system users, created to run background processes (daemons) with specific permissions. For example, the daemon user is assigned to daemon processes.

Modifying the /etc/passwd File

While it’s possible to manually edit /etc/passwd to add or modify user details, it is not recommended. Instead, use tools like:

  • useradd – To create new users
  • userdel – To remove users
  • vipw – To safely edit the /etc/passwd file

Understanding /etc/passwd is essential for managing user accounts and system security in Linux! 🚀

Understanding the /etc/shadow File in Linux

The /etc/shadow file is responsible for storing user authentication details, including encrypted passwords and password policies. Since this file contains sensitive information, it requires superuser permissions to view.

Viewing the /etc/shadow File

To display its contents, use:

$ sudo cat /etc/shadow

Example entry:

root:MyEPTEa$6Nonsense:15000:0:99999:7:::

At first glance, it looks similar to /etc/passwd, but instead of just a placeholder, the second field contains an encrypted password. The fields, separated by colons (:), represent:

  1. Username – The name of the user (e.g., root).
  2. Encrypted Password – The user’s hashed password (if it contains ! or *, the account is locked).
  3. Last Password Change Date – The number of days since January 1, 1970 when the password was last changed (0 means the user must change it at next login).
  4. Minimum Password Age – The minimum number of days before the password can be changed again.
  5. Maximum Password Age – The maximum number of days before the password must be changed.
  6. Password Warning Period – Number of days before password expiration that the system starts warning the user.
  7. Password Inactivity Period – Number of days after the password expires that the user can still log in.
  8. Account Expiration Date – The date after which the user account is disabled.
  9. Reserved Field – Currently unused, reserved for future use.

Modern Authentication Methods

While /etc/shadow plays a crucial role, many modern Linux distributions don’t rely solely on it for authentication. Instead, they use PAM (Pluggable Authentication Modules), which provides flexible and enhanced authentication mechanisms.

Understanding /etc/shadow is key to managing password security and user authentication on a Linux system! 🔐

Understanding the /etc/group File in Linux

The /etc/group file is used for managing user groups and their associated permissions. Groups help control access to files, directories, and system resources by grouping users together under specific permission sets.

Viewing the /etc/group File

To see its contents, use:

$ cat /etc/group

Example entry:

root:*:0:pete

The fields in /etc/group, separated by colons (:), are:

  1. Group Name – The name of the group (e.g., root).
  2. Group Password – A placeholder (*), as group passwords are rarely used. Instead, sudo or other privilege escalation methods are preferred.
  3. Group ID (GID) – The unique identifier assigned to the group.
  4. List of Users – A comma-separated list of users who are members of the group (e.g., pete).

Managing Groups

Users can be manually added to groups in this file, but it’s recommended to use commands like:

  • groupadd – Create a new group
  • usermod -aG groupname username – Add a user to a group
  • groups username – Show a user’s group memberships

Groups provide an efficient way to manage permissions and ensure controlled access to system resources.

User Management Tools in Linux

In enterprise environments, centralized user management systems handle user accounts and passwords. However, on a standalone machine, Linux provides command-line tools for managing users efficiently.

Adding Users

Users can be added using either the useradd or adduser command. The adduser command is more user-friendly, as it automatically creates a home directory and applies default settings.

$ sudo useradd alice

This command:

  • Creates an entry for alice in /etc/passwd.
  • Sets up default groups for the user.
  • Adds a corresponding entry in /etc/shadow for authentication.

Removing Users

To delete a user, use the userdel command:

$ sudo userdel alice

This attempts to reverse the changes made by useradd, removing the user’s account.

Changing Passwords

To change the password for yourself or another user (if you have root privileges):

$ passwd alice

This command updates the user’s password, modifying the /etc/shadow file accordingly.

These tools provide an easy way to manage local users on a Linux system.

Leave a Comment