# Managing Users in Linux

In a Linux system, users refer to individuals or entities that interact with the operating system by logging in and performing various tasks. Managing users in Linux is a fundamental aspect of system administration, allowing you to control access to the system and its resources. Incorrectly set user permissions are a security vulnerability and, in some cases, may render the Linux system inoperable.

A user in Linux is associated with a user account, which consists of several properties defining their identity and privileges within the system. These properties are a username, UID (User ID), GID (Group ID), home directory, default shell, and password.

## Types of Users in Linux

In Linux, users are categorized based on their roles, permissions, and the kind of access they have to the system's files and resources. Understanding the types of users is crucial for managing security and permissions on a Linux system. Here are the primary types of users found in Linux:

| Account Type | Access Level |
| --- | --- |
| **Root User** | The root user, also known as the superuser, has *unrestricted* access to the system. This user can perform any operation, including tasks that can affect the system's operation and security. Because of the extensive capabilities, it's advised to use the root account only when necessary. |
| **System User** | System users are created to run specific system services and automated services. For example, a web server service might run as a `www-data` user, and a database service might run as a `mysql` user. These users *do not have login access* to the system and are used to isolate service permissions for security reasons. UID range is typically from 1 to 999 (but this can vary based on the distribution) |
| **Sudo User** | A standard user who has been granted permission to execute certain commands as the root user. Every command that requires root privileges must be preceded with the [sudo command.](https://karlygash-yakiyayeva.dev/linux-sudo-command-explained) |
| **Standard User** | Regular users are the standard accounts used by people to interact with the system. They have permissions to run programs, read files they own, and modify their home directories. They cannot perform actions that affect core system settings or other user accounts. The system administrator can elevate their permissions temporarily using `sudo` or `su` for specific tasks. Users with interactive login accounts are given a UID of 1000 and above; |
| **Guest User** | Guest users are temporary accounts with very limited access rights. They are typically used for single sessions and might have access only to basic applications and the internet. Their permissions are severely restricted to protect the system's integrity. They do not require personal files and settings. |

## Understanding User Management Files

In Linux, user management revolves around several key files that store information about users, their passwords, groups, and group passwords. These files are critical for system security and user management tasks. Here's an overview of these essential files:

* `/etc/passwd` - The *passwd* file contains a list of user accounts and the corresponding user ID, group ID, home directory, and the default shell. It is readable by most users, but only root and sudo accounts can add new users or remove and modify existing user data.
    
    ![](https://i.imgur.com/vO32IAD.png align="center")
    
* `/etc/shadow` - This file stores encrypted user password information and other password-related data such as the password expiration date, last change date, and account expiration date. It is only accessible by the root user or users with appropriate privileges. The restricted access and encryption add another security layer compared to the /*etc/passwd* file.
    
    ![](https://i.imgur.com/1uOc43t.png align="center")
    
* `/etc/sudoers`\- This file specifies which users have elevated permissions, on which machines, and for which directories. Admins can use this file to configure permissions for users and groups to use the sudo command.
    
* `/etc/skel`\-The *skel* directory contains default configuration scripts and templates such as *.bashrc* and *bash\_profile*. The templates are copied to the user's home directory when a new user is created, streamlining the provisioning of new user accounts.
    
    ![](https://i.imgur.com/Er2NbJ3.png align="center")
    

## Best Practices for User Management in Linux

Effective user management in Linux is essential for maintaining system security, performance, and user accessibility. Here are some best practices in short:

1. Avoid using the root account for daily tasks. Grant administrative privileges to trusted users via the `sudo` mechanism.
    
2. Follow the principle of least privilege (PoLP). Users should have only the permissions necessary for their roles.
    
3. Periodically review user accounts and remove or disable those that are no longer in use or are temporary.
    
4. Use strong password policies.
    
5. For temporary users or employees, set account expiration dates.
    
6. Keep track of user activities, especially for users with `sudo` privileges. Tools like `auditd` can be configured to monitor and report on specific user actions.
    
7. As users change roles within an organization, regularly update their group memberships and permissions to reflect their current needs.
    
8. Educate users about security best practices, including password security, phishing awareness, and safe internet usage.
    
9. Regularly backup user data and configuration files. This includes home directories and critical system files like `/etc/passwd` and `/etc/shadow`.
    
10. For environments with multiple Linux systems, consider centralizing user management using LDAP, Active Directory integration, or other directory services to streamline the process.
    

## Hands-on Exercise Overview

Linux, being a multi-user system, provides a comprehensive set of tools and commands for user management. This hands-on shows how to add, modify, and remove a user on Ubuntu 20.04.

## Hands-on Exercise

1. To find out which users and how many users you have on the server, run:
    
    ```bash
    cat /etc/passwd | wc -l
    ```
    
2. To determine which users are currently logged in a Linux system, use:
    
    ```bash
    who -H
    ```
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1711476904464/27899413-5bff-4bb3-b27e-0b5e4fbb5887.png align="center")
    
3. To create a new user, run:
    
    ```bash
    sudo useradd username
    ```
    
    Root privileges are required when adding a new user to the system because system-wide changes happen. The command does not provide any output.
    
    <div data-node-type="callout">
    <div data-node-type="callout-emoji">💡</div>
    <div data-node-type="callout-text">By default, <code>useradd</code> command adds normal user accounts.</div>
    </div>
    
4. To verify if the new user is visible, run:
    
    ```bash
    cat /etc/passwd | grep username
    ```
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1711477369986/6fec2c49-f137-4c63-a596-05207b422d31.png align="center")
    
5. To add a *system* user, add the `-r` option:
    
    ```bash
    sudo useradd -r sysuser
    ```
    
    <div data-node-type="callout">
    <div data-node-type="callout-emoji">💡</div>
    <div data-node-type="callout-text">The system user is useful when you automate any tasks. It does not log in interactively and is used for running in the background and scheduling tasks and processes. Desktop distributions will not show a system user on the login screen because if it did show, there would be a mess.</div>
    </div>
    
6. To add a user with a home directory, use the `-m` option:
    
    ```bash
    sudo useradd -m username
    ls -l /home/
    ```
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1711479323207/af8dc505-53be-423e-a8e5-5f75d3af19fc.png align="center")
    
    <div data-node-type="callout">
    <div data-node-type="callout-emoji">💡</div>
    <div data-node-type="callout-text">Always use the <code>-m</code> option with <code>useradd</code> if you want the home directory to be created automatically. Some distributions might have defaults that automatically create the home directory, but it's good practice to explicitly use the <code>-m</code> option to ensure consistency across different environments.</div>
    </div>
    
7. Each Linux distribution can set its own default values for the `useradd` command. These defaults are typically configured in the:
    
    ```bash
    cat /etc/default/useradd
    ```
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1711478610661/6da42b34-813e-470b-9618-b2c85249b91a.png align="center")
    
8. To modify various attributes of an existing user account in Linux, use `usermod` command. Visit for more information: [Linux usermod Command Explained](https://karlygash-yakiyayeva.dev/linux-usermod-command-explained)
    
9. To remove a user account, use:
    
    ```bash
    sudo userdel username
    ```
    
    When a user is deleted from the system, its home directory is not deleted by default.
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1711480138407/cf0ffe36-006a-4e23-a643-41feeca2eccc.png align="center")
    
10. To remove a user account with its home directory, use `-r` option:
    
    ```bash
    sudo userdel -r username
    ```
    

<div data-node-type="callout">
<div data-node-type="callout-emoji">💡</div>
<div data-node-type="callout-text">Comply with the company policy about user data retention when the user leaves the company.</div>
</div>

12. To change the password for another user, run:
    
    ```bash
    sudo passwd username
    ```
    
    Since root privileges are accessed, the current password of the user is not asked.
    

## References

1. [Linux Crash Course - Managing Users](https://www.youtube.com/watch?v=19WOD84JFxA)
    
2. [Linux sudo command explained](https://phoenixnap.com/kb/user-management-linux#ftoc-heading-3)
    
3. [User Management in Linux](https://phoenixnap.com/kb/user-management-linux)
    
4. [Linux usermod Command Explained](https://karlygash-yakiyayeva.dev/linux-usermod-command-explained)
