Master Linux User & Group Management: Adding, Modifying, Deleting Users & Permissions

1. User Management

Linux classifies users into three main types:

root (superuser) : full system privileges.

Regular user : limited to resources granted by the administrator.

System user : used by system services (e.g., nobody, daemon) and typically cannot log in.

1. Adding Users

The useradd command creates a new account.

Basic syntax: useradd [options] username Common options:

-d : specify the home directory (default /home/username).

-g : set the initial primary group (default group name matches the username).

-G : assign supplementary groups.

-u : define a specific UID (otherwise the system allocates one).

Typical examples:

Add a simple user: useradd testuser Add a user with a custom home directory: useradd -d /usr/zhangsan zhangsan Add a user with a specific home, primary group, and supplementary group:

useradd -d /usr/lisi -g dev -G test lisi

2. Setting User Password

After creating an account, set its password with passwd so the user can log in.

Syntax: passwd username Example: passwd testuser The system will prompt for the password twice for confirmation.

3. Switching Users

The su command (short for “switch user”) changes the current session to another user, most often root.

Basic syntax: su [username] Common usage:

Switch to a regular user: su testuser Switch to root and load the full login environment: su - Switch to root without loading the login environment: su root Load the target user's complete login environment (recommended): su - username Exit the current user: exit or press Ctrl+D.

4. sudo Command

sudo

lets a regular user execute commands with elevated privileges, avoiding direct root login.

Basic syntax: sudo [options] command Frequently used options:

-i : simulate a full login as the target user (default root).

-u <user> : run the command as the specified user.

-k : invalidate the current sudo timestamp, forcing a password prompt next time.

-l : list the commands the invoking user may run via sudo.

-v : verify sudo credentials without executing a command.

-e / --edit : open a file in an editor with sudo privileges.

Typical sudo examples:

Update package lists: sudo apt update Obtain a root shell with the full environment: sudo -i Run a command as another user (e.g., www-data): sudo -u www-data whoami Key differences between sudo and su:

Purpose : sudo elevates privileges for single commands; su switches the entire session to another user.

Password handling : sudo uses the invoking user's password; su requires the target user's password.

Permission control : sudo is fine‑grained via /etc/sudoers; su provides no granular control.

Security : sudo is considered safer because it avoids exposing the root password and logs each command.

2. Group Management

Managing groups simplifies permission assignment and resource access control.

1. Adding Groups

Create a new group with groupadd.

Syntax: groupadd [options] groupname Examples:

Create a group named developers: groupadd developers Create a group with a specific GID:

groupadd -g 1001 developers

2. Modifying Groups

Use groupmod to change a group's name or GID.

Examples:

Rename developers to devteam: groupmod -n devteam developers Change the GID of developers to 2000: groupmod -g 2000 developers To change a user's primary group or add supplementary groups, combine usermod with the appropriate flags ( -g, -aG).

3. Deleting Groups

Remove a group with groupdel: groupdel developers Note: If files still belong to the deleted group, they will show an invalid GID.

3. File Permissions

1. Viewing File Attributes

Use ls -l (or ll) to display detailed file information, including type, permissions, owner, group, size, and modification time.

$ ls -l
-rw-r--r-- 1 user group 1234 Dec 22 12:00 example.txt

2. File Types

The first character of the permission string indicates the file type ( - regular file, d directory, l symlink, b block device, c character device, s socket, p FIFO).

3. Permission Bits

Permissions are expressed as three groups of rwx for owner, group, and others. r: read w: write x: execute -: no permission

4. Modifying Permissions

Change permissions with chmod.

Numeric mode example (owner = 7, group = 5, others = 5): chmod 755 file Symbolic mode examples: chmod u+x file – add execute for owner. chmod g-w,o-w file – remove write permission from group and others. chmod o=r file – set others to read‑only.

5. Changing Ownership and Group

Use chown and chgrp to modify file ownership.

Examples:

Change owner: chown user2 file Change group: chgrp developers file Change both owner and group simultaneously:

chown user2:developers file