This article shares how to manage user and group permissions on Linux systems. Because Linux is a multi-user operating system, using Linux requires knowing how to perform effective user management, such as adding, editing, suspending, or deleting user accounts, and granting permissions to perform assigned tasks.
To add a new user account, run one of the following commands as root:
# adduser [new_account]
# useradd [new_account]
To add a new user account, perform the following operations to create its home directory. The following hidden files are copied to the user's home directory and used to provide environment variables for their user session:
bash_logout
.bash_profile
.bashrc
Create a mail pool for the user in /var/spool/mail/username. Create a group and give it the same name as the new user account.
The full account information is stored in the /etc/passwd file. This file contains records for each system user account in the following format (fields separated by colons).
[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]
x means that the account is protected by the shadow password (in /etc/shadow), which is required to log in as [username]. The [UID] and [GID] fields are integers, representing the user ID and major group ID to which [user name] belongs, respectively. [Home directory] Indicates the absolute path of [user name] to the home directory, and [default shell] is the shell that is available for this user to log in to the system.
The group information is stored in the /etc/group file. The format of each record is as follows:
[Group name]:[Group password]:[GID]:[Group members]
After adding the account, use the usermod command to edit:
# usermod [options] [username]
To set the expiration time of the account, use the -EXPIREDATE flag followed by the date in YYYY-MM-DD format:
# usermod --expiredate 2034-10-30 tecmint
Add users to an attach group
Use the combined -aG or -append-groups option, followed by a comma-separated list of groups.
# usermod --append --groups root,users tecmint
To change the location of the user's home directory, use the -d or -home option, followed by the absolute path to the new home directory:
# usermod --home /tmp tecmint
Change -shell followed by new shell path:
# usermod --shell /bin/sh tecmint
Display the group to which the user belongs:
# groups tecmint
# id tecmint
Now execute all the above commands at once:
# usermod --expiredate 2014-10-30 --append --groups root, users --home/tmp --shell/bin/sh tecmint
The above is to set the expiration date of the tecmint user account to October 30, 2034. Also add the account to the root and users groups. Finally, set the default shell and change the directory location to /tmp.
If it is an existing account, you can also perform the following operations, such as disabling the account by locking the password. lock the user password with L or LOCK:
# usermod --lock tecmint
Use u or unlock to unlock a previously blocked user password:
# usermod --unlock tecmint
Create a new group for files that require multiple users to access for read and write access:
# groupadd common_group # Add a new group
# chown :common_group common.txt # Change the group owner of common.txt to common_group
# usermod -aG common_group user1 # Add user1 to common_group
# usermod -aG common_group user2 # Add user2 to common_group
# usermod -aG common_group user3 # Add user3 to common_group
Delete a group:
# groupdel [group_name]
If the files are owned by group_name, they will not be deleted, but the group owner will be set to the GID of the deleted group.
