Organizing Users and Groups
Red Hat Enterprise Linux (RHEL) is a rock solid commercial grade Linux operating system. If you're interested in learning RHEL from a system admins perspective then this course is for you!
The "Red Hat Enterprise Linux Technical Overview" course walks you through many of the basic system admin tasks and concepts required to administer RHEL effectively.
This course will provide you with insights to:
- Working with the Terminal
- Understanding the Kernel and User Spaces
- Graphical User Interface
- File management and the File System Hierarchy
- Editing Files using Vim
- Organizing Users and Groups
- File Permissions
- Managing Software
- Configuring Networking
- Controlling System Startup Processes
- Introduction to Containers
- Overview of Cockpit
Hey guys, a user identifies who you are on a Linux system and we can organize our users into groups. Now, a usable always have one primary group by default and that is the same name as the username. Other groups that a user may be a member of would be called supplementary groups. So, let's get our hands dirty right now. So, as the administrative user, what I'm going to do is create a bunch of users. So, let's go and use the useradd command and one thing I just want to show you. I'm going to backspace a little bit of here. I'm going to type in user and I'm going to hit tab twice and I want to show you all the different commands that begin with user and some of the commands that we could use include useradd to add users, userdel self-explanatory to delete users and we also have usermod that would modify the properties of an existing user.
So, this stage, I'm going to use useradd in its simplest form. I'm going to create a user called John and there we go. Now, if you want to get more information about the user John, you could use the id command.
So, I could say id john and it would reveal the properties of that user. So, what we can see over here, is that we have the uid set to 1001. Now, everything is identifiable in a system numerically and user accounts are no exception. So, a uid is the numerical identifier that represents a user and you can see that uid=1001 is for the john user and then we can see the gid or the group id, again this is a numerical identifier representing the user's primary group. This is really important.
So, here we have 1001 and that is the group John. So, like I said when you create a user that user is automatically made a member of a group and that would be the primary group of that user which is said to the username. Now, any other group is called the supplementary group and it's indicated with groups=.
So, what we going to do right now, is that we going to add a group. So, let's going to use the groupadd command and again if you want to find out more about the different group commands that we have, just type in group on its own, hit tab twice and you can see very similarly to the useradd, usermod and userdel commands. We have groupad, groupdel and groupmod. So, let's going to have some fun right now.
So, we're going to say, groupadd and we're going to create a group called the beatles.
Now, john is not a member of the group beatles. Well, not at this stage and that's exactly what we are going to be doing. So, remember that when you add a user, the user is not a member of any other groups other than the group that represents their own user account and we can make use of the usermod command to change the properties of a user account.
So, that's exactly what we are going to do.
So, we're going to say usermod right now and we're going to append to the secondary group membership list. We're going to append the group beatles for the user john and remember the argument is always going to be the thing that we are affecting.
So, we are modifying a user called john.
So, it's not beatles, beatles doesn't come last.
So, let's go and run the id command over here against john and we can see that something has changed and we could see that after groups it will list two things. It's going to list john's primary group and then it's also going to go and list this the supplementary group or one of the supplementary groups which is beatles. So, what I'm going to do right now is go and give john a password. Of course, john needs to login to my system right now and we can allocate a password using the passwd command. So, let's go and say passwd.
Now, if I were to hit enter at this stage, I'd be changing my own password.
Now, because I'm logged in as the root user, I could change the password of another user. So, I could say passwd john and now, we are changing the password for that user.
So, let's can type in redhat as the password and I know, that it's a bad password. We're going to follow through with that anyway and there you go. So, now I can go to john and say; listen up you mate. Here's your username. Your password is john and when you login to the system, all processes of course, are going to execute with the permissions of the john user and john is also a member of a group called beatles and therefore has the same access privileges that the beatles group has. So, let me give you an example of a deletion command. We're going to go ahead right now and we're going to delete the user john. So, we're going to say; userdel and then john. Nice and simple.
Now, when you delete a user, the user's data is not automatically deleted and that's that could be a very good thing.
So, the home directory would remain behind as well as all the other files that have been created by that particular user. Also, what I'm going to do right now, is go and to delete the, well, let's go and delete the group.
So, we're going to use the groupdel command and we're going to delete a group called beatles and you can see that the group is no longer on my system.
The transaction went through and again this is because we don't have an error message telling us otherwise.
Now, all the user account information is stored inside of a file called /etc/passwd and as you can tell, it's below the /etc directory. So, it has to be a configuration file. So, this is the configuration file that we have for our user accounts. Now, there's nothing terribly sensitive about the users in terms of their passwords. Even though, it's called passwd, that is not where we store passwords. So, just to show you the contents of that file, I'm going to use the grep command. I'm going to show you the entry that exists for the student user inside of passwd and you can see, yeah, there's nothing about a password over here.
Just a bit of a spoiler, the password for the student user is student. Further to that, if you're interested in password related information, we store that kind of data inside of another configuration file called shadow, and it's also in the /etc directory and this over here, this long string. Let's go and highlight that for you.
That represents the users #. Group relates and information is stored inside of a separate file it's called /etc/group and again, it just shows you what the /etc directory is useful for configuration files. So, let's go and have a look at that. So, I'm going to show you the entry that exists for a group called wheel inside of a /etc/group and you can see over here, that we have the group wheel and you can see that over there is a numerical identifier representing the group's id and the user student is a member of the group wheel.
Should you ever want to change privileges, you could make use of a command called sudo. sudo allows you to run commands as another user and because the student user is a member of the group wheel, I can do exactly that by default on a RHEL 8 machine. So, let's go and try that right now. So, I'm going to say sudo and I'm going to show you the entry that exists inside of, let's go and run the grep command and we're going to show the entry that exists inside of /etc/shadow for the student user. Now, it prompt me for my own password. It wants to check that I am, in fact the student user and you can see that we have a success results.
Because that command was being executed as the root user. So, let's go and try and repeat that command without going via sudo and you can see immediately, I get a permission denied.
Because the grep command is running with the privileges of the student user. Now, the cool thing about sudo is that I could also go and run commands as other users. Let me give you an example. So, I'm going to say sudo -u and I'm going to run a command as a completely different user.
I'm going to choose a user called cockpit-ws and the command that I'm going to run is whoami. Now, typically when you run whoami on its own, it will tell you, who you're currently logged in as.
So, I'm going to run whoami without going via sudo and you can see that normally it would return students but because, I said explicitly that we're going to run the sudo command. We're going to run a command as another user, that user, -u is cockpit-ws and you can see the command that I'm running is whoami and you can see that the output is completely different.
Of course, if you don't use the --u, it's going to assume root, as it is over there.
I'm going to show you how you could go and switch user accounts. So, I'm going to use the su command and the - over here is very important. I'm going to be switching user accounts right now and I'm going to do it for the user root. Now it's going to ask me for a password and this is the users password that I would like to switch to.
So, the root password is redhat and there you go and if you type in whoami right now, I'm logged in as root and I have a root shell. Now, to return to the previous state, I can always go and hit exit. I'm lazy, I've just typed in ctrld. ctrld always kind of means exit or logout and I'm return to my previous state.
The state, where I'm logged in as student. So, with that guys it does bring this video to an end I will see you in the next chapter.
Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.
He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, GCP, Azure), Security, Kubernetes, and Machine Learning.
Jeremy holds professional certifications for AWS, GCP, and Kubernetes.