Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

unix
linux

What is User Administration in Unix / Linux?

Amaaz Ahmad

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

widget

User Administration is the process of managing different user accounts and their respective permissions in an operating system.

In Linux or Unix-based operating systems, we can create different user accounts, sort them into groups, change their set of permissions or delete them. The terminal commands for each of the above-stated actions are discussed below.

User accounts

In Linux, a single user account generally belongs to a single user. The permissions for this user account determines the level of access the user will have while using the system.

User accounts are discussed in detail below.

Types of user accounts

  1. Super User: This account is also known as the root account. It has all the permissions and can run all the commands without any restriction. The keyword sudo is often used to run a command as the root user.

  2. Normal User: The general users of the system are assigned this account. This account has restricted access to the commands and files of the system. The root user can create such an account, modify its permissions or delete it.

  3. System User: This is the type of account that is created only for a specific purpose or software. For example, a mail account.

Creating a user account

To create a normal user account, we use the useradd command, like shown in the following snippet of code:

sudo useradd [options] [username]

In the above snippet, the username is the name by which we will create the new account. Note that the name can not be the same for two users.

In the place of options, we can pass different flags to enable or disable different settings. The following table contains those options and their brief descriptions:

Option

Description

-b, --base-dir BASE_DIR

This option is used to specify the default base directory for the new user being created. BASE_DIR is concatenated with the account name to specify the base directory if the -d flag is not used to define the home directory.

-c, --comment COMMENT

This option is used to write a short description of the new account. It is also used as the user's full name for the time being.

-d, --home HOME_DIR

This option is used to specify the home directory for the newly created user.

-D, --defaults

This option is used to display the current default values for the `useradd` command

-e, --expiredate EXPIRE_DATE

This option is used to specify the date in the YYYY-MM-DD format on which the newly created user account will be disabled.

-f, --inactive

This option is used to specify the number of days that the account will stay active after its password has expired.

-g, --gid GROUP

This option is to specify the name or number of the group of newly created user.

-G, --groups Group1[,Group2,...[GroupN]]]

This option is used to specify a list of groups which will be joined by the newly created user.

-h, --help

This option is to display the help message

-k, --skel SKEL_DIR

This option is used to specify files and folders which will be copied into the home directory of the newly created user.

-K, --key KEY=VALUE

This option overrides the default values present in /etc/login.defs. These inclue UID_MIN, UID_MAX, UMASK etc.

-I, -no-log-init


This option prevents the user to be added from the lastlog and faillog databases.

-m, --create-home

This option is used to create the user's home directory if it does not exist.

-M

This option is used to prevent the creation of the home directory.

-N, --no-user-group

This option is used to prevent the creation of a group with the user's name.

-o, --non-unique

This options allows the creation of a user account with a duplicate ID.

-p, --password PASSWORD

The encrypted password, as returned by the `crypt`.

-r, --system

This option is used to create a system account.

-s, --shell SHELL

This option is used to specify the name of the user's login shell.

-u, --uid UID

This option is used to set the numerical value of the user' ID. This value must be unique.

-U, --user-group

This option enables the creation of a group with the same name as the user's name.

-Z, --selinux-user SEUSER

This option is used to determine the SELinux user for the user's login.

Modifying a user account

To modify a user account, we use the usermod command as shown in the following snippet:

usermod [options] [username]

In the above snippet, the username is the name of the account that is to be modified.

In the place of options, different flags are passed for different settings.

Deleting a user account

To delete a user account, we use the userdel command as shown in the following snippet:

userdel [options] [username]

In the above snippet, the username is the account’s name that is to be deleted.

In the place of options, different flags are passed for different settings.

Groups

In Linux or Unix-based operating systems, we can form groups of users’ accounts. Groups are used to manage the user accounts collectively. We can manage the access permissions for the entire group.

A single user can be a part of multiple groups, and a group can have multiple users.

The terminal commands related to groups are discussed in detail below.

Creating a new group

We use the groupadd command to create a new group, as shown in the snippet below.

groupdadd [options] [groupname]

In the above snippet, groupname is the name assigned to the newly created group.

In place of options, we can pass different flags for different settings.

Modifying a group

We use the groupmod command to modify an existing group, as shown in the snippet below.

groupmod [options] [groupname]

In the above snippet, groupname is the group’s name that is to be modified.

In place of options, we can pass different flags for different settings.

Deleting a group

To delete a group, we use the groupdel command as shown in the following snippet:

groupdel [groupname]

In the above snippet, groupname is the group’s name that is to be deleted.

RELATED TAGS

unix
linux

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Keep Exploring