Manage Local Users and Groups

Root User System User Regular User

Run specific system

Purpose Full Administrative access General user activities
services/processes

UID Range 0 1 to 999 1000 and above

Typically none or service

Home Dir /root /home/username
specific

Usually /usr/sbin/nologin or /bin/bash or other login

Login Shell /bin/bash or other
/bin/false shells

Unlimited, Full system Limited to user specific

Permissions Limited to specific services
access actions

Default user created Created and managed by Created and managed by

Creation &
during installation and system or package system admin for general
Management
managed by system admin installation scripts use

Example root ‘Chrony’, ‘systemd-oom’ ‘User1’ , ‘coder’

User Account Management
○ Managing Users (Creating, modifying, and deleting)

○ Managing passwords

○ Group memberships

○ Setting file/directories permissions

○ Granting Elevated privileges

○ User Login
 List all Users
lists all known users on the system with detailed information
● Command: lslogins

Machine Name (Hostname)

 List System Users
-s option is used with lslogins to display system accounts(UID < 1000 by default).
● Command: lslogins -s

Machine Name (Hostname)

 List Root & Regular Users
-u option is used with lslogins to list all user accounts including root
(UID >= 1000 by default).
● Command: lslogins -u

Machine Name (Hostname)

 Managing Users
To display the username of the current user
● Command: whoami

Machine
Add a new User (or Regular UserName (Hostname)
account)
● Command: useradd -c ‘<user_info’ <user_name> OR
adduser <user_name> [works in Debian based dist.]
Checking Current Users
● Command: cat /etc/passwd
 /etc/passwd : User account info file

Note : "x" placeholder denotes that the encrypted password is stored in the
/etc/shadow file for security.
Display user and their group information
● Command: id <user_name>
Modify user account properties (-s is to change the user's login shell)
● Command: usermod -s <new_shell> <user_name>

Machine Name (Hostname)

Use -d with usermod command to change the user's home directory
● Command: usermod -d <new_dir> <user_name>
Add a user to a secondary group (-aG is used to append a user
to additional groups without removing them from their existing
groups)
● Command: usermod -aG <group_name> <user_name>
Delete user(-r is used for deleting user along with its home
directory and mail spool)
● Command: userdel -r <user_name>
Add user with all parameters set
● Command: useradd -g testers -s /bin/bash -c 'John Doe' -m
-d /home/john john

● -g testers: Assigns the user to the "testers" group.

● -s /bin/bash: Sets the default shell to Bash.
● -c 'John Doe': Adds a comment (full name) for the user.
● -m: Creates a home directory for the user.
● -d /home/john: Specifies the home directory.
● john: Username of the new user.
 Managing Password
Set or change user password
● Command: passwd <user_name>

OR
● Command : echo ‘<user_name>:<password>’ | chpasswd
● Checking Users password
○ Command: cat /etc/shadow

● Placeholder '!' for No Password

● Stores hashed passwords with salt

● Salt adds randomness to hashed

passwords
After setting password
List or change user password expiry information (-l to list the info)
● Command: chage [options] <user_name>

Machine Name (Hostname)

 User Groups
● Users Sharing Common Permissions
 List all groups
lists all groups on the system
● Command: getent group

Machine Name (Hostname)

● Primary Group: For ‘student’ and ‘user1’ primary
groups are there with same name

● Secondary Group: ‘student_group’ is another

group which has two users ‘student’ and ‘user1’
Create a new group
● Command: groupadd <group_name>

Verify group creation by retrieving group information

● Command: getent group <group_name>
Machine Name (Hostname)
Modify group properties (add user1,student using -U in student_group)
● Command: groupmod [options] <group_name>

Verify by getent group command whether

Machine Name users added or not
(Hostname)
● Command: getent group <group_name>
● /etc/group file : Stores group information like group names and IDs
Delete a group & verify by getent group command
● Command: groupdel <group_name>

Machine Name (Hostname)

 File/Directory Permission
● Access controls:
○ Who can access a file or directory.
○ What actions they can perform on them.
Change group ownership of files
● Command: chgrp <user_name>

Machine Name (Hostname)

Granting Elevated privileges
● Authorizing users to perform administrative tasks or run all
commands

Verify whether user have sudo access or not

● Command: sudo -l -U <user_name>
● Sudoers file in Linux specifies who can run commands with
elevated privileges.

● Edit sudoers file using vi editor

○ Command: vi /etc/sudoers
● Find this section

● Add your user in same format and save the file

● student : Specifies the user granted sudo privileges

● ALL: Allows sudo on any host

● ALL : Permits running commands as any user

● ALL: Authorizes execution of any command.

● Verify whether user got sudo access or not
 User Login
● /etc/login.defs : used for configuring global user
authentication settings, such as password aging, login
restrictions, and default user environment settings.
User Login
Switch user
● Command : su - <user_name>
Logs
● /var/log/secure: Logs authentication-related events, including
login attempts and authentication activities.
● All login , logout and authentication failures events are logged.