Linux Administration - User Management

Users and Groups Management

Linux user accounts are stored in the /etc/passwd file, formatted as follows:

user:x:1000:1000:denis,,,:/home/user:/bin/bash

Breakdown:

  1. Username
  2. Has password (stored in /etc/shadow)
  3. User ID (UID)
  4. Group ID (GID)
  5. Friendly name (optional: email or phone number)
  6. Default home directory
  7. Default shell or no-login setting

Encrypted passwords are stored in /etc/shadow, while groups are listed in /etc/group.

Creating User Accounts

User creation defaults are stored in /etc/adduser.conf, where you can configure:

  • Default user directory
  • Prefix for default directories
  • Default directory skeleton

Creating a New User:

sudo adduser username

Modifying and Deleting User Accounts

User Management Commands:

  • Login as a user: su username
  • Change password: passwd (or sudo passwd username)
  • Change user shell: chsh
  • Modify user details: chfn username
  • Rename a user: usermod -l newusername oldusername
  • Change home directory: usermod -d /home/user -m username
  • Delete a user: sudo deluser username

Managing Groups

Creating and Modifying Groups:

  • Create a new group: sudo addgroup groupname
  • Add a user to a group: sudo adduser username groupname
  • Modify or delete a group: groupmod groupname / delgroup groupname

Home Directory Templates and Global Configurations

Skeleton files for new users can be configured in /etc/skel.

To monitor user resource usage:

top -u username
ps -u username

Set user resource limits in /etc/security/limits.conf.

Configuring Permissions for Group Collaboration

Modifying File and Directory Permissions:

  • Change folder group: chgrp groupname folder
  • Allow group write access: chmod g+w folder
  • Check user groups: groups username
  • Ensure files belong to the group, not the user: chmod g+s folder

Granting Users and Groups Sudo Access

  • Check sudo access: cat /etc/sudoers
  • Assign a user to the sudo group: usermod -aG sudo username

Authentication Tools

PAM (Pluggable Authentication Modules)

  • Configuration files are located in /etc/pam.d/

LDAP (Lightweight Directory Access Protocol)

Required packages:

  • ldap-utils (client)
  • slapd (server)

Configure LDAP Authentication:

sudo dpkg-reconfigure ldap-auth-config

Modify /etc/nsswitch.conf for LDAP integration:

passwd: compat ldap
group: compat ldap
shadow: compat ldap

Kerberos Authentication

Kerberos requires a Key Distribution Center (KDC). Essential packages:

krb5-kdc
krb5-admin-server

Conclusion

This guide covers essential user and group management in Linux, including creating, modifying, and deleting accounts, managing permissions, configuring sudo access, and authentication with LDAP and Kerberos. Mastering these skills is fundamental for system administrators managing multi-user environments.