In this course, you'll learn how to manage users and groups. You'll learn where user and group information is stored on a Linux system, and you'll learn how to add, delete, and modify accounts and groups. This course is part of the Linux Administration Bootcamp learning path, designed to get you up and running with Linux.
- Anyone with basic knowledge of Linux who wants to learn more
- Professionals who want to learn more about Linux to enhance their career prospects
This is an intermediate-level course so some knowledge of Linux is expected. If you're just starting out, then try our Linux Fundamentals course first.
Group details are stored in the /etc/group file. The first entry in the /etc/group file is the root group. Here's another sample entry from /etc/group. The format of the group file is as follows, group name, followed by password, followed by a GID or group ID, then a list of accounts that are members of that group. Like the password file, each field is separated by a colon. The group name is the human readable name that you will see when group information is displayed by commands such as LS. The password field is used for privileged groups but that functionality is rarely ever used. When there's an x in this field, it means that shadow group passwords are being used. That information is stored in the /etcg/shadow file.
The GID is the group ID. It's simply a unique number, which represents the group. The remaining filled list the members of the group separated by commas. You might have noticed that the root group did not contain a list of members. Remember that the /etc/password file specifies an account's default group. In the case of the root user, the default GID is zero. When an account's default GID is listed in the /etc/password file, that account is in that group even if it's not listed in the members filled in the /etc/group file.
To display the groups that a member belongs to, pass the username to the groups command. If you execute the groups command without supplying a username, then your group memberships are listed. To confirm that the root user is in fact, part of the root group, we can run the command groups root. To create a group, use the groupadd command. The most commonly used option for the groupadd command is -g, which allows you to specify the GID.
In this example, we are creating two groups. The first group will let the group command automatically select the GID. For the second group, we'll specify the GID. You can see that the web group received GID 1,003 the db group received GID 2,500, since that's what we specified on the command line. To delete a group, simply pass the group name to the groupdel command. To delete the db group run groupdel db. To change the properties of an existing group, use the groupmod command. To change the GID use -g followed by the new GID. To change the name of the group, use -n followed by the new name of the group.
In this example, we changed the GID of the web group from 1,003 to 1,234. Next, we changed the name from web to HTTP. In this demonstration, we're going create a writer's group, a TV group and a movie group. Next we're going to create some user accounts. All of these user accounts will belong to the writers' groups, but only some of them will belong to the TV group while the others will belong to the movie group.
Let's create the writer's group by using groupadd writers. We'll do the same thing with TV and finally movie. Now you can see that the last three entries in the /etc/group file are the three accounts we just created. You'll notice that the GID or group IDs are incremented by one automatically by the groupadd command. Let's go ahead and create the first of our users. We'll put the comment as this user's name. The primary group will be writers, so -g writers. The additional group will be TV. We'll use -m to make sure the home director gets created. And we'll specify a show with -s.
In this case will give this user the bash shell. And then finally, we need to provide a username or login ID. So we'll use first initial, last name in this example. Let's go ahead and create a password for this user. And let's see what groups this user is in. I can see that the user is in the writers and TV group, just like we specified in the useradd command.
Let's go ahead and add another user. We'll put him in the writers group as well. He is a TV writer, so we'll put him in the television group or a TV group. Create his home directory and give him the bash shell as well. Okay, that looks good. Let's add another user. The additional group for this user will be movie. Okay, you can see that he is in the writers and movie group. Let's add a one final writer, - g for the primary group which is writers, - G for any additional groups movie. We can, let's add this person to two groups. We'll add him to the movie and TV. There you can see that this user is in three groups.
Now, if we look at the /etc/group file. Oops, I'm to type a three there. Now we can see the list of members in the TV and movie groups. However, we do not see any users in the members list for writers. But we know that those users are in that group because when we type groups ccuse, you can see that he's in the writers group. Well, if we search for that GID and the /etc/password file, we can confirm that each of these users primary groups are 1002, which corresponds to the GID of the writer's group. And that's why they are included in the writer's group. Even though their usernames are not listed in the /etc/group file.
Account information is stored in the /etc/password and /etc/shadow files. In addition to a username, each account consists of a unique number called the UID, a default group, a comment, a home directory location and a log-in shell. Accounts can be created with a useradd command. To delete an account use the userdel command. Modifying accounts can be accomplished by using a usermod command. Group information is stored in the /etc/group file. To create a group use of the groupadd command. You can delete groups by using the groupdel command. To update an existing group, use the group mod command. To list group memberships for an account use the groups command.
Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Amazon.com. Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.