2IntroductionUbuntu Linux uses groups to help you manage users, set permissions on those users, and even monitor how much time they are spending in front of the PC.Normally Linux computers have two user accounts—your own user account, and the root account, which is the super user that can access everything on the PC, make system changes, and administer other users. Ubuntu works a little differently, though—you can’t login directly as root by default, and you use the sudo command to switch to root-level access when you need to make a change.
3How Linux User Accounts Work Linux stores a list of all users in the ‘/etc/groups’ file. You can run this command in the Terminal to to view and edit the groups and users in your system:sudo nano /etc/groups
4How Linux User Accounts Work UsernamePasswordBy default, all user home directories are created and maintained in the /homedirectory.However, the root user’s home directory is /root
5User Accounts storageLocal This option stores user accounts in the /etc/passwd file. This has been the default configuration used by Linux systems for many years./etc/passwd This file contains the user account information for your system./etc/shadow This file contains passwords for your user accounts./etc/group This file contains your system’s groups
6The SuperuserBy default, one account has elevated privileges to issue any command, access any file, and perform every functionSuperuser, a.k.a. rootUser and group number 0
7The Superuser Must limit use of root Limit what root can do remotely Inexperienced users can cause serious harmUse of root for non-privileged tasks unnecessary and can be open to attackSecurity and privacy violations – root can look at anyone’s filesLimit what root can do remotelyEnsure a strong password
8Superuser PrivilegesWhat usually works best is short periods of superuser privilege, only when necessaryObtain privileges, complete task, relinquish privilegesMost common ways are su and sudoCan also use the setuid/setgid method, but not recommended
9su Short for substitute or switch user Syntax: su [options] [username] If username is omitted, root is assumedAfter issuing command, prompted for that user’s passwordA new shell opened with the privileges of that userOnce done issuing commands, must type exit
10sudo Allows you to issue a single command as another user Syntax: sudo [options] [-u user] commandAgain, if no user specified, root assumedNew shell opened with user’s privilegesSpecified command executedShell exited
11sudoersMust configure a user to run commands as another user when using sudoPermissions stored in /etc/sudoersUse utility visudo to edit this file (run as root)Permissions granted to users or groups, to certain commands or all, and with or without password being required
12Other permissions models Some Linux distributions such as Ubuntu obscure away the root account altogetherBy default the end user doesn’t know the root passwordCan’t login as rootCan’t suMust rely on sudo (and the graphical gksudo) to obtain privilege, along with ‘Unlock’ functions in GUI
13Creating and Managing User Accounts Using useraddUsing passwdUsing usermodUsing userdel
14Using useradd Syntax: useradd options username example: useradd ken ken account is created using the default parameters contained in the following configuration files: /etc/default/useradd/etc/login.defs This file contains values that can be used for the GID and UID parameters when creating an account with useradd.It also contains defaults for creating passwords in /etc/shadow.
15Using userdel Syntax: userdel username example: userdel ken It’s important to note that, by default, userdel will not remove the user’s home directory from the file system. If you do want to remove the home directory when you delete the user, you need to use the –r option in the command line. For example, entering userdel –r ken will remove the account and delete her home directory.
16Group:Password:GID:Users Managing groupsUsing groupaddUsing groupmodUsing groupdelgroups are defined in the /etc/group file. Each record is composed of the following four fields:Group:Password:GID:UsersGroup Specifies the name of the group. In the example above, the name of the group is video.Password Specifies the group password.
17Managing groups GID Specifies the group ID (GID) number of the group. Users Lists the members of the group.As with /etc/shadow, each line in /etc/gshadow represents a record for a single group. Each record is composed of the following fields: Group_Name:Password:Group_Admins:Group_Members
18groupadd options groupname Using groupaddSyntax:groupadd options groupnameOptions:–g Specifies a GID for the new group.–p Specifies a password for the group.–r Specifies that the group being created is a system group
20Managing ownershipAnytime a user creates a new file or directory, his or her user account is assigned as that file or directory’s “owner.” For example, suppose the ken user logs in to her Linux system and creates a file named linux_introduction.odt using OpenOffice.org in home directory. Because she created this file, ken is automatically assigned ownership of linux_introduction.odt.
21How ownership works Using chown Using chgrp You can specify a different user and/or group as the owner of a given file or directory. To change the user who owns a file, you must be logged in as root. To change the group that owns a file, you must be logged in as root or as the user who currently owns the file.Using chownUsing chgrpYou can also view file ownership from the command line using the ls –l command
22chown ken1 /tmp/myfile.txt Using chownThe chown utility can be used to change the user or group that owns a file or directory.Syntax chown user.group file or directory.Example: If I wanted to change the file’s owner to the ken1 user, I would enterchown ken1 /tmp/myfile.txtIf I wanted to change this to the users group, of which users is a member, I would enterchown .users /tmp/myfile.txtNotice that I used a period (.) before the group name to tell chown that the entity specified is a group, not a user account.Ex: chown student.users /tmp/myfile.txtNote: You can use the –R option with chown to change ownership on many files at once recursively.
23Using chgrpIn addition to chown, you can also use chgrp to change the group that owns a file or directory.Syntax: chgrp group file (or directory)Example: chgrp student /tmp/newfile.txt.