User Administration is the process of managing different user accounts and their respective permissions in an operating system.
In Linux or Unix-based operating systems, we can create different user accounts, sort them into groups, change their set of permissions or delete them. The terminal commands for each of the above-stated actions are discussed below.
In Linux, a single user account generally belongs to a single user. The permissions for this user account determines the level of access the user will have while using the system.
User accounts are discussed in detail below.
Super User:
This account is also known as the root account. It has all the permissions and can run all the commands without any restriction. The keyword sudo
is often used to run a command as the root user.
Normal User: The general users of the system are assigned this account. This account has restricted access to the commands and files of the system. The root user can create such an account, modify its permissions or delete it.
System User: This is the type of account that is created only for a specific purpose or software. For example, a mail account.
To create a normal user account, we use the useradd
command, like shown in the following snippet of code:
sudo useradd [options] [username]
In the above snippet, the username
is the name by which we will create the new account. Note that the name can not be the same for two users.
In the place of options
, we can pass different flags to enable or disable different settings. The following table contains those options and their brief descriptions:
Option | Description |
-b, --base-dir BASE_DIR | This option is used to specify the default base directory for the new user being created. BASE_DIR is concatenated with the account name to specify the base directory if the -d flag is not used to define the home directory. |
-c, --comment COMMENT | This option is used to write a short description of the new account. It is also used as the user's full name for the time being. |
-d, --home HOME_DIR | This option is used to specify the home directory for the newly created user. |
-D, --defaults | This option is used to display the current default values for the `useradd` command |
-e, --expiredate EXPIRE_DATE | This option is used to specify the date in the YYYY-MM-DD format on which the newly created user account will be disabled. |
-f, --inactive | This option is used to specify the number of days that the account will stay active after its password has expired. |
-g, --gid GROUP | This option is to specify the name or number of the group of newly created user. |
-G, --groups Group1[,Group2,...[GroupN]]] | This option is used to specify a list of groups which will be joined by the newly created user. |
-h, --help | This option is to display the help message |
-k, --skel SKEL_DIR | This option is used to specify files and folders which will be copied into the home directory of the newly created user. |
-K, --key KEY=VALUE | This option overrides the default values present in /etc/login.defs. These inclue UID_MIN, UID_MAX, UMASK etc. |
-I, -no-log-init | This option prevents the user to be added from the lastlog and faillog databases. |
-m, --create-home | This option is used to create the user's home directory if it does not exist. |
-M | This option is used to prevent the creation of the home directory. |
-N, --no-user-group | This option is used to prevent the creation of a group with the user's name. |
-o, --non-unique | This options allows the creation of a user account with a duplicate ID. |
-p, --password PASSWORD | The encrypted password, as returned by the `crypt`. |
-r, --system | This option is used to create a system account. |
-s, --shell SHELL | This option is used to specify the name of the user's login shell. |
-u, --uid UID | This option is used to set the numerical value of the user' ID. This value must be unique. |
-U, --user-group | This option enables the creation of a group with the same name as the user's name. |
-Z, --selinux-user SEUSER | This option is used to determine the SELinux user for the user's login. |
To modify a user account, we use the usermod
command as shown in the following snippet:
usermod [options] [username]
In the above snippet, the username
is the name of the account that is to be modified.
In the place of options
, different flags are passed for different settings.
To delete a user account, we use the userdel
command as shown in the following snippet:
userdel [options] [username]
In the above snippet, the username
is the account’s name that is to be deleted.
In the place of options
, different flags are passed for different settings.
In Linux or Unix-based operating systems, we can form groups of users’ accounts. Groups are used to manage the user accounts collectively. We can manage the access permissions for the entire group.
A single user can be a part of multiple groups, and a group can have multiple users.
The terminal commands related to groups are discussed in detail below.
We use the groupadd
command to create a new group, as shown in the snippet below.
groupdadd [options] [groupname]
In the above snippet, groupname
is the name assigned to the newly created group.
In place of options, we can pass different flags for different settings.
We use the groupmod
command to modify an existing group, as shown in the snippet below.
groupmod [options] [groupname]
In the above snippet, groupname
is the group’s name that is to be modified.
In place of options, we can pass different flags for different settings.
To delete a group, we use the groupdel
command as shown in the following snippet:
groupdel [groupname]
In the above snippet, groupname
is the group’s name that is to be deleted.
Free Resources