GNU/Linux is a multi-user operating system. This means that multiple users can use the system, and they can use the system simultaneously. The GNU/Linux concepts for user management are quite simple. First of all, there are several user accounts on each system. Even on a single user system there are multiple user accounts, because GNU/Linux uses unique accounts for some tasks. Users can be members of groups. Groups are used for more fine grained permissions, for example, you could make a file readable by a certain group. There are a few reserved users and groups on each system. The most important of these is the root account. The root user is the system administrator. It is a good idea to avoid logging in as root, because this greatly enlarges security risks. You can just log in as a normal user, and perform system administration tasks using the su and sudo commands.
The available user accounts are specified in the /etc/passwd. You can have a look at this file to get an idea of which user account are mandatory. As you will probably notice, there are no passwords in this file. Passwords are kept in the separate /etc/shadow file, as an encrypted string. Information about groups is stored in /etc/group. It is generally speaking not a good idea to edit these files directly. There are some excellent tools that can help you with user and group administration. This chapter will describe some of these tools.
The useradd is used to add user accounts to the system. Running useradd with a user name as parameter will create the user on the system. For example:
# useradd bob
Creates the user account bob. Please be aware that this does not create a home directory for the user. Add the -m parameter to create a home directory. For example:
# useradd -m bob
This would add the user bob to the system, and create the /home/bob home directory for this user. Normally the user is made a member of the users group. Suppose that we would like to make crew the primary group for the user bob. This can be done using the -g parameter. For example:
# useradd -g crew -m bob
It is also possible to add this user to secondary groups during the creation of the account with the -G. Group names can be separated with a comma. The following command would create the user bob, which is a member of the crew group, and the www-admins and ftp-admins secondary groups:
# useradd -g crew -G www-admins,ftp-admins -m bob
By default the useradd only adds users, it does not set a password for the added user. Passwords can be set using the passwd command.
As you probably guessed the passwd command is used to set a password for a user. Running this command as a user without a parameter will change the password for this user. The password command will ask for the old password,once and twice for the new password:
$ passwd Changing password for bob (current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
The root user can set passwords for users by specifying the user name as a parameter. The passwd command will only ask for the new password. For example:
# passwd bob Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Sometimes it is necessary to remove a user account from the system. GNU/Linux offers the userdel tool to do this. Just specify the username as a parameter to remove that user from the system. For example, the following command will remove the user account bob from the system:
# userdel bob
This will only remove the user account, not the user's home directory and mail spool. Just add the -r parameter to delete the user's home directory and mail spool too. For example:
# userdel -r bob
It is a good idea to avoid logging in as root. There are many reasons for not doing this. Accidentally typing a wrong command could cause bad things to happen, and malicious programs can make a lot of damage when you are logged in as root. Still, there are many situations in which you need to have root access. For example, to do system administration, or to install new software. Fortunately the su can give you temporal root privileges.
Using su is very simple. Just executing su will ask you for the root password, and will start a shell with root privileges after the password is correctly entered:
$ whoami bob $ su Password: # whoami root # exit exit $ whoami bob
In this example the user bob is logged on, the whoami output reflects this. The user executes su and enters the root password. su launches a shell with root privileges, this is confirmed by the whoami output. After exiting the root shell, control is returned to the original running shell running with the privileges of the user bob.
It is also possible to execute just one command as the root user with the -c parameter. The following example will run update-grub:
$ su -c update-grub
If you want to give parameters to the command you would like to run, use quotes (e.g. su -c "ls -l /"). Without quotes su cannot determine whether the parameters should be used by the specified command, or by su itself.