Linux user account management Create Delete and Modify user account

Nerd, Solutions 

One of the task of Linux system administrator is user management. This involves creating, deleting and modifying user information in the system. All commands that can be used for user management require the user issuing them to be a root user. User accounts keep boundaries between the people who use the system and between the process that run on the system. Groups are a way of assigning rights to your system that can be assigned to multiple users at once.


Creating user accounts

One important rule is, everyone that use the Linux system have his/her own user account that is separate from other system users. Having a user account provides you with an area in which is securely store files, as well as a means of tailoring your user interface (GUI, path, environment variables, and so on) to suit the way you use the computer.

In many new Linux systems, we can create a new system user account by using one of these two methods: GUI (using graphical tool) or a command line. To add a new user via a GUI tool, we navigate to the settings and then we find user tab and follows instructions that are provided  by the user tab on how to add the new user accounts.

Add new a user via command line method

This method is a more reliable one, because the command used is available in many Linux distros. To add a new user via this method, we use the useradd command. This method can be used to add new users with a shell script or change user account features that are not available from the user's window. You need to be a root user in order to invoke the useradd command, and this command takes new user information as its argument.

The basic use of useradd command is: useradd test_user; this command will add new user with default useradd configurations. To view default configuration for your useradd command, we type this command. useradd -D. This command will display the default configuration that will be used when the new user is added to the system. And you can type useradd -h to view, which options can be used with the useradd command.

List of options that can be used with useradd command:

Example we can create a new user with the username gmgenius by using useradd command:

This command will create a new user with the username gmgenius and comment "George Andrew". Next we need to set the initial password for our user. To achieve this, we use the passwd command. You are prompted to type the password twice. Example: passwd gmgenius. This command will change password for gmgenius user account.


 Modifying users with usermod command

This command can be used to change existing user accounts information, to use this command is very easy and straightforward. This command takes the same option as the useradd command. Word of caution is, when you use this command with the -G option, which is used to add supplementary groups to the user account. You should provide -a option or all previously assigned supplementary group will be replaced with the list of new one.

Deleting user from the system with userdel command

To delete user from the system we can use the userdel command. This command will take only five option.

Before you delete the user, it's recommended to find all files that may be left behind by the user. After you have delete the user, you could search on user ID to find files left behind. Example:

We need to remove these files, because files that don't belong to any user are considered to be a security risk, it is a good idea to find them and assign them to real user account or remove them from the system completely.

Groups accounts

Groups accounts are useful if you want to share a set of files with multiple users. You can create a group and change the set of files to be associated with that group. The root user can create a group and change the set of files to be associated with the group so they can have access to files based on that group's permission.


Using group accounts

Every user is assigned to a primary group. In Fedora and RHEL, by default, that group is a new group with the same name as the user. So, if the user were named gmgenius, the group assigned to him would also be gmgenius.

The primary group is indicated in the /etc/passwd file, for example the group ID 1001 here:

You can create a new group by using groupadd. Example:

This command will add new group into the system.

Access control list

This feature was added into Linux system in order to allow regular users to share their files and directory selectively with other users and groups. To add ACL set on a file or directory, we use the setfacl command and to view ACL  set on a file or directory, we use the getfacl command. To set ACL on any file or directory, you must be the actual owner(user) assigned to it.

Setting ACL with setfacl command

 Using the setfacl command, you can modify permission (-m) or remove ACL permission (-x). This is the example on how to use the setfacl command.

And to set for group instead of user we replace u with g. And to view the ACL we use this command. Example: getfacl /file.txt; file.txt can be any file or directory you wish to view its ACL configuration.

To remove all ACL configuration from the file we use this setfacl option.

 Default ACL configuraitons

We can set default ACL configuration; this will enable these configurations to be inherited when the new file is created. This is practical in directories. Example we can assign default ACL configuration to the directory named share.

Create a new file named share:

Set default ACL configuration to the file:

This command will make every file that will be created inside share directory to have a write and read permission for user gmgenius.

This command is going to set default ACL for the directory share and every fie that will be created in that directory will have the same ACL configuration.