Master Linux Account and Permission Management: Users, Groups, and Commands

Account and Permission Management

1. Managing User and Group Accounts

User accounts: superuser, regular user, program user

Group accounts: primary group (private), supplementary group (public)

UID: user identifier; GID: group identifier

User Accounts

Superuser (root): ID=0, has unrestricted system privileges; should be used only for system administration tasks.

Regular user: created by root or another admin, limited permissions, typically full access only to its own home directory.

Program user: low‑privilege accounts created by packages (e.g., bin, daemon, ftp, mail) that usually cannot log in and are used to run specific services.

Group Accounts

Primary group: each user belongs to at least one primary (private) group.

Supplementary groups: additional groups a user may belong to.

Typical GID ranges (CentOS): system groups 1‑499 (CentOS 6) or 1‑999 (CentOS 7); regular groups start at 500 (CentOS 6) or 1000 (CentOS 7).

1. /etc/passwd – User Account File

Each line stores username, password placeholder, UID, GID, comment, home directory, and login shell.

Example line: root:x:0:0:root:/root:/bin/bash Fields meaning: root – username (used for identification via UID) x – password placeholder; actual encrypted password is in /etc/shadow

First 0 – UID

Second 0 – GID

Third field – descriptive comment

Fourth field – home directory

Fifth field – login shell

2. /etc/shadow – Secure Password File

Stores encrypted passwords and password‑related metadata. Only root can read this file.

Each line contains nine fields separated by colons:

Username

Encrypted password (SHA‑512 hash); !! or * indicates no login

Last password change date (days since 1970‑01‑01)

Minimum days before a password may be changed

Maximum days a password is valid

Days of warning before expiration (default 7)

Grace period after expiration

Account expiration date (days since 1970‑01‑01)

Reserved

Use chage to modify these values, e.g.:

chage -M 60 username   # set max password age to 60 days

3. useradd – Adding User Accounts

Basic syntax:

useradd [options] username

-u UID

– specify UID (must be unused) -d home_dir – set home directory -e YYYY‑MM‑DD – set account expiration date -g primary_group – set primary group (or GID) -G supplementary_groups – set additional groups -M – do not create home directory -s shell – set login shell

Example: useradd -d /admin -g wheel -G root admin Verify with:

id admin

4. passwd – Setting or Changing Passwords

Basic usage: passwd [options] username Batch set password (requires root): echo "123456" | passwd --stdin username Options: -d – delete password (empty password) -l – lock account -u – unlock account -S – display account status

5. usermod – Modifying User Attributes

Common options: -l new_name – change login name -L – lock account -U – unlock account -u UID – change UID -d home_dir – change home directory -e YYYY‑MM‑DD – change account expiration -g primary_group – change primary group -G supplementary_groups – change supplementary groups -s shell – change login shell

6. userdel – Deleting User Accounts

Remove a user and optionally its home directory: userdel -r username Force removal (including files owned by the user):

userdel -rf username

7. Initial User Configuration Files

When a new user is created, files are copied from /etc/skel. Common files: .bash_logout – executed on logout (e.g., echo "logout, $(date)") .bash_profile – executed on login .bashrc – executed for each interactive bash session

8. Group Account Files

/etc/group

stores group name, GID, and member list; /etc/gshadow stores encrypted group passwords (rarely used).

Example commands:

grep "^root" /etc/group   # list members of root group

9. Managing Groups

groupadd [-g GID] group_name

– create a new group. gpasswd – modify group membership: -a user – add user to group -d user – remove user from group -A admin – set group administrator -M users – set multiple administrators

10. Querying Account Information

finger username

– detailed user info id username – UID, GID, groups groups username – list groups w, who, users – logged‑in users

Managing Directory and File Attributes

1. File/Directory Permissions and Ownership

Permission bits:

r – read

w – write

x – execute

Ownership:

Owner – user who owns the file

Group – group that owns the file

2. chown – Changing Ownership

Basic forms:

chown user file
chown :group file
chown user:group file

Common option: -R – recursive

3. umask – Default Permission Mask

umask defines which permission bits are cleared when new files or directories are created. View current mask with umask. To make it permanent, add umask 022 (example) to ~/.bash_profile or ~/.profile and reload with source ~/.bash_profile.

Summary

User account management (useradd, passwd, usermod, userdel)

Group account management (groupadd, gpasswd, groupdel)

Account files (/etc/passwd, /etc/shadow, /etc/group, /etc/gshadow)

Query commands (id, groups, finger, w)

File permission handling (chmod)

File ownership handling (chown)