Linux Examples - USERS AND GROUPS



• Create New Group
• Delete User's Home Directory
• Delete User
• Create New Users, A Home Directory In /home And A Group
• List All Groups
• File Permissions And Ownership
• Linux File System Object Types
• Directory Permissions
• Create Passwords For Our New Users
• Add User To Existing Group
• List Users Groups
• Login As Another User
• Add User To The Sudo Group
• User Creates File In Another User's Directory
• chmod Permissions Table

Create New Group

sudo groupadd defjam
→This creates a group called “defjam”

Delete User's Home Directory

sudo rm -r /home/username/

Delete User

sudo userdel username

Create New Users, A Home Directory In /home And A Group

Create user called “fred”:
sudo useradd -m fred
→This creates User(Owner) “fred” and Group “fred” and home directory “/home/fred/”

Create user called “jen”:
sudo useradd -m jen
→This creates User(Owner) “jen” and Group “jen” and home directory “/home/jen/”

Create usercalled “jon”:
sudo useradd -m -g jon
→This creates User(Owner) “jon” and Group “jon” and home directory “/home/jon/”

NOTE: These users’ passwords are NOT created here. See below for how to create them.

List All Groups

cut -d: -f1 /etc/group

Linux List All Groups

Typing the following reveals that the home directories were indeed created:

ls -l /home/

Note the following:

• The Owner of each of these directories (i.e. Owner = User).
• The Group associated with each directory is shown in Orange.
• Also remember that there is no home directory for "defjam" as we never created it!

Linux-Tutorials-User-Group-Other

File Permissions And Ownership

With regard to "fred":

Linux-Tutorials-File-Permissions-And-Ownership-Example

d rwxr-xr-x  fred fred

directory Owner(User) Group Other OwnedByUser GroupName
d rwx r-x r-x fred fred

So, for example, regarding the 1st line (fred’s home directory). This directory can be read, written to and executed by the owner (fred). We can see that the owner is fred and the group that this directory belongs to is fred. The Group can only read and execute but not write. Other can only read and execute but not write.

Linux File System Object Types

Code Object Type
- Regular file
d directory
l Symbolic link
c Character special device
b Block special device
p FIFO
s Socket

Directory Permissions

Directories use the same permissions flags as regular files however they are interpreted differently. For example:

If the Read permission for a directory is set then this allows a user with that permission to list the contents of the directory.
If the Write permission for a directory is set then this means a user with that permission can create or delete files in the directory.
If the Execute permission for a directory is set then this allows the user to enter the directory and access all the subdirectories.

Also bare in mind that without the execute permission, the filesystem objects inside a directory are inaccessible.
Without the read permission, filesystem objects inside a directory are not viewable however these objects can be accessed as long as the full path to the object is known.

Create Passwords For Our New Users

passwd fred
passwd jen
passwd jon

•Set each of these three passwords to be "123" for test purposes.

Add User To Existing Group

Recall that we created the group called "defjam" earlier on.
Now let’s add this group to the two male (fred and jon) users:

sudo usermod -a -G groupName userName
The user will need to logout and log back in to see their new group added.

sudo usermod -a -G defjam fred
sudo usermod -a -G defjam jon

Note: I didn’t add the user “jen” to this group.

List Users Groups

groups fred

After running this, the Terminal Output looks like:

Example-List-User-Groups-Example-1

groups jen

After running this, the Terminal Output looks like:

Example-List-User-Groups-Example-2

groups jon

After running this, the Terminal Output looks like:

Example-List-User-Groups-Example-3

→ So user "jen" is NOT a member of the "defjam" group whereas both users "fred" and "jon" are members of the group "defjam".

Login As Another User

Log in as user “fred” without having to leave the current terminal:

Use the following command format:
su - username

Linux-Example-Login-As-Another-User
NOTE: That I typed “bash” above to get a BASH Terminal

However I could just login as User “raspberry” by:

Linux-Example-3-Login-As-Another-User

Also, notice that I can login here as User “root” by doing the following. Generally speaking, you shouldn't ever do this or indeed have a password setup for root. I have it here for test purposes merely to illustrate that it is possible!

Linux-Example-4-Login-As-Another-User

Add User To The Sudo Group

I want user fred to be able to create a file in user jon’s directory. Without user fred having sudo access I can’t do it.

Linux-Example-Add-User-To-Sudo-Group

Obviously if I give user fred sudo access then he can create a file there by merely typing:

sudo touch Pic1.jpg

Therefore fred needs to be able to access sudo in this case (all though there are alternatives to giving user fred sudo access. This will be explained later).

sudo usermod -aG sudo <username>
NOTE: You will need to either restart your shell/terminal or log out and back in for this to take effect.

sudo usermod -aG sudo fred

Now let’s list all of user fred's groups. As you can see it worked:

Linux-Example-Add-User-To-Sudo-Group-2

User Creates File In Another User's Directory

User fred can now use sudo to create a file in user jon’s home directory:

Linux-Example-Add-User-To-Sudo-Group-3

HOWEVER, it would be better to exploit my group “defjam” here.
Both Fred and Jon are members of group “defjam”.
If I change the group of jon’s home directory to be “defjam” then user fred will be able to create files inside jon’s directory without having to use sudo.

Thus I will change the group of this directory to “defjam”:

sudo su
cd /home/
sudo chown :defjam jon

NOTE: chown stands for CHange OWNer

ls -l

Linux-Example-chown

At the moment jon’s home directory says rwx r-x r-x. So the Owner (jon) has rwx permission.
Therefore jon can read,write and execute. The group (defjam) can only r-x, i.e. read and execute and other can only r-x read and execute too. So I also need the directory to allow its group (defjam) to read,write,execute:

chmod Permissions Table

In order to understand how these files permissions are constructed, the following table is useful:

Decimal Octal r w x Permissions Human Readable
0 0 0 0 0 --- No permissions
1 1 0 0 1 --x Execute only
2 2 0 1 0 -w- write only
3 3 0 1 1 -wx write and execute
4 4 1 0 0 r-- read only
5 5 1 0 1 r-x read and execute
6 6 1 1 0 rw- read and write
7 7 1 1 1 rwx read, write, and execute

The number systems used here may at first glance look confusing however via binary it is simple (assuming you are familuar with binary that is!). To work these out mentally, for example, r – x looks like 101 binary i.e. 5 Octal (or 5 decimal). Octal and decimal look identical up until the number 7. Note: In Octal, the next number after 07 is 10. In terms of thinking in binary, just assume a “-” is a zero, and anything else is a 1.

As I said above, I need the directory to allow its group (defjam) to read,write,execute. So I need it to look like this

Owner Group Other
rwx rwx r-x
7 7 5

Therefore I need to use the following command:

sudo chmod 775 jon

Linux-Example-chmod

So now the home directory permissions of user “jon” says that the Owner (jon) of the directory (d) can rwx (read,write,execute), the group that the directory is associated with (defjam) can rwx (read,write,execute) and the others can only r-x (read and execute). i.e. Now user “fred” can go into home directory “jon” and create a file without having to use sudo:

Linux-Example-chmod-2

 Also note that: chmod 0775 is the same as chmod 775 

User jon can delete anything inside his directory.
This new file Pic2.jpg created by user “fred” is owned by user “fred” and a member of group “fred”. However as it is inside the directory /home/jon/ i.e. this directory which is Owner by User “jon”. User jon has rwx (read,write,execute) permissions and can therefore delete or change this file. Also Pic1.jpg was creaded by user “root” via sudo. Again, User “jon” can delete this as it is inside his directory and he has wrx permissions on this directory:

Linux-Example-chmod-3

I recreate these 2 picture files Pic1.jpg and Pic2.jpg identically as before…
User “Jen” is not a member of this group “defjam” so if she tries to create a file inside /homepage/jon/ then she will fail as she is (Other) and Other merely has r-x (read and execute) permissions but not write permissions:

Linux-Example-chmod-4

Also I can block user jen from seeing inside this directory. If I only want to allow the Owner(User) i.e. User “jon” and the Group associated with this directory (defjam) to see inside this directory BUT no Others (i.e. jen) then I can do:

Owner Group Other
rwx rwx ---
7 7 0

Remember user "Jen" doesn’t have sudo access so I have to be fred or root to do this. I'll use user fred to do it via sudo:

Linux-Example-chmod-5

Now let’s login as user "jen" and try and look inside user "jon’s" directory:

Linux-Example-chmod-6

So user "jen" can’t see inside user "jon’s" directory. However User "jon" and User "fred" can both see inside it and create files:

Linux-Example-chmod-7

Remember that User fred’s home directory group isn’t group "defjam" it is group "fred" so User "jon" and User "jen" CAN’T create files inside there. Also User jen and jon aren’t members of the group sudo thus they can not create any files inside User fred’s home directory. E.g. using User "jon":

Linux-Example-chmod-8





Linux Examples - Comments