Linux, like most other modern operating systems, allow system administrators to organize their users based on groups. Users can be assigned to any number of groups, but many Linux systems employ a technique called User Private Group to increase security. A User Private Group is a group which only has one specific user as its member.
As a system administrator, you will have to decide if a User Private Group is something you want to support and impliment. A User Private Group can be ideal for a system which has a small number of users, but for larger systems with a large number of users maintaining individual private groups for each user can prove unwieldy.
User & Group files
See pages 271 through 274 of book.
Additionally, files to populate a new user's home directory can be found and should be placed in /etc/skel. Files to be placed in here are login scripts, initial shell settings, and anything else you would want a user to just have when they first log in.
Creating New User Accounts
The Linux kernel itself treats users are mere numbers. Each user is identified by a unique integer, the user id or uid, because numbers are faster and easier for a computer to process than textual names.
To create a user, you need to add information about the user to the /etc/passwd, and create a home directory for him. While you can enter new user information by editted the /etc/passwd file, it can be easy to make mistakes that might have devastating results to one or more users on your system. Because of this, the usual preferred method for adding new users is to use one of the several programs for adding new users.
Two command line programs to add new users are adduser and useradd. One some UNIX systems, these programs have slightly different usages. However they always perform the same basic tasks:
Creation of new user information in /etc/passwd
Optional creation of new group, defaulting to the User Private Group
Creation of user's home directory
Population of user's home directory from /etc/skel
Under Red Hat Linux, they both accept the same parameters, so we will just focus on one of them.
Adding a new user using useradd can be as simple as:
# useradd mike
looking at /etc/password once we have issued such a command we find this new entry:
mike:x:502:503::/home/mike:/bin/bash
as we can see, mike was added with a UID of 502 and a GID of 503 on our system. The GID is for a User Pirvate Group called 'mike', which is exclusive to mike. mike's home directory was set to '/home/mike' and his login shell to '/bin/bash'. These are all reasonable defaults, and as a system administrator, you will often be satisfied with them.
However, you may also want more control over these values. For example, you might want the 'mike' user to have a different home directory (say '/home/u_mike', be part of the 'users' group (typically GID 100) and have the Z shell as his initial shell. In that case, you would issue the following command:
# useradd -d /home/u_mike -s /bin/zsh -g users mike
which yeilds the following entry in /etc/passwd
mike:x:502:100::/home/u_mike:/bin/zsh
userdel
To delete a user from your system, you can use the userdel command. userdel has the following usage:
userdel [-r] login
'login' is the user's name. 'userdel mike' will delete the user we added above (it will also delete the User Private Group, if created). The '-r' paramter will also erase the user's home directory and all files in it along with the user's mail spool file.
Creating new groups
Like with users, the Linux kernel treats groups as numbers, using the /etc/group file as a database for conversion between group ID (GID) and group name. GIDs between 0 and 499 are generally reserved for system accounts.
Unlike useradd and adduser, there is typically only groupadd as the command for adding new groups. groupadd has the following usage:
groupadd [-g gid [-o]] [-r] [-f] group
To add a new group called 'research', we could issue the following command:
# groupadd research
which may create the following entry in /etc/group
research:x:503:
If we wanted our group to have a very specific GID, say 1000, then we would type the following:
# groupadd -g 1000 research
groupdel
groupdel deletes groups from your computer. It's usage is very simple:
groupdel group
Modifying User Accounts and Groups
usermod is a command that modifies the system account files to reflect changes that are specified. It's usage is this:
Much of these options are the same as those for useradd. Let's say that we wanted to specify 'mike's comment to reflect his full name (Mike Stanza) and we wanted to modify his user name to reflect a change in company policy stating that all users must use their last name for computer accounts. The command like we would use would be:
# usermod -l stanza -c "Mike Stanza" mike
which would modify the /etc/passwd file thusly:
stanza:x:502:100:Mike Stanza:/home/mike:/bin/bash
One caveat, when using the -G option if the user is currently a member of a group which is not listed, the user will be removed from the group
groupmod allows you to modify a groups properties as well. It's usage is as follows:
groupmod [-g gid [-o]] [-n group_name ] group
If we wanted to modify the group 'research' from above to reflect a change in company policy regarding terminolgy, whereby the researchers are now to be called "Stars", we could issue the following command:
