3.1 User and Group Management

The Big Three Files

Authentication in Linux revolves around three plain text files in /etc.

File	Contains	Permissions
/etc/passwd	User info (Shell, Home dir, UID).	Readable by anyone (644).
/etc/shadow	Encrypted passwords.	Readable only by root (600/640).
/etc/group	Group memberships.	Readable by anyone (644).

(See [[/en/module-2/4-permissions|Permission Management]] for details on 644/600 modes)

User Management

Create, modify, and delete users.

# Create a user named 'anna' with a home directory (-m)
sudo useradd -m -s /bin/bash anna

# Set or change password
sudo passwd anna

# Modify: Add 'anna' to 'developers' group (append mode -aG)
sudo usermod -aG developers anna

# Lock account (disable login)
sudo usermod -L anna

```bash
# Delete user (and their home directory)
sudo userdel -r anna

Root Access (su vs sudo)

The root user is the system administrator with unlimited privileges.

sudo (SuperUser DO)

Run a single command with root privileges. Safe and logged.

• Usage: sudo [command]
• Config: /etc/sudoers (Edit with visudo).

su (Switch User)

Switch to another user account (default is root).

• su: Switch to root (keeps current environment variables).
• su -: Switch to root and load root’s environment (recommended).
• su - anna: Switch to user ‘anna’.

Caution

Avoid logging in as root directly for daily tasks. Use sudo instead to prevent accidental system damage.

Group Management

# Create a new group
sudo groupadd developers

# Delete a group
sudo groupdel developers

Practice Exercises

1. New Recruit:
   • Create a new user intern.
   • Assign them a password.
   • Verify their entry in /etc/passwd.
2. Group Work:
   • Create a group called ops.
   • Add your current user and the intern user to this group.
   • Verify with the groups command (e.g., groups intern).
3. Cleanup:
   • Delete the intern user and their home directory.
   • Delete the ops group.