Cycle Logo

Linux User Management

User management is a core aspect of administering a Linux system. It involves creating, modifying, and deleting user accounts, managing user groups, and setting appropriate permissions to ensure security and efficient resource usage. This guide covers the essential commands and practices for managing users and groups on a Linux system.

Understanding User Accounts in Linux

The Role of User Accounts

In Linux, user accounts control access to the system and its resources. Each account is associated with a unique user ID (UID), a home directory, and a shell. User accounts are crucial for isolating users, maintaining system security, and enforcing access control.

Key Files for User Management

Several key files are central to managing users and groups on a Linux system:

  • /etc/passwd: Stores essential information about each user, including the username, UID, GID (group ID), home directory, and default shell.
  • /etc/shadow: Stores encrypted passwords and related security information for each user.
  • /etc/group: Contains group information, including group names, GIDs, and user lists for each group.
  • /etc/sudoers: Configures user privileges for executing commands as the root user or another user.

Managing User Accounts

Creating a New User

To create a new user account, use the useradd command:

sudo useradd -m -s /bin/bash username
  • -m: Creates a home directory for the user under /home/username.
  • -s: Specifies the default shell for the user.

After creating the user, set a password:

sudo passwd username

This command prompts you to enter and confirm a new password for the user.

Modifying User Accounts

The usermod command allows you to modify existing user accounts. Common modifications include changing the user's home directory, shell, or adding them to a group.

  • Change the Home Directory:

    sudo usermod -d /new/home/directory username

  • Change the Default Shell:

    sudo usermod -s /bin/zsh username

  • Add User to a Group:

    sudo usermod -aG groupname username
    • -aG: Appends the user to the specified group.

Deleting a User Account

To delete a user account, use the userdel command:

sudo userdel username

If you want to remove the user's home directory and mail spool as well, use the -r option:

sudo userdel -r username

Managing User Groups

Understanding Groups

Groups in Linux manage permissions for multiple users. Each user can belong to one or more groups, each with a unique group ID (GID). By assigning users to groups, you can control their access to files, directories, and system resources.

Creating a New Group

To create a new group, use the groupadd command:

sudo groupadd groupname

This command creates a new group with the specified name.

Modifying Groups

You can modify group memberships using the usermod command:

  • Add a User to a Group:

    sudo usermod -aG groupname username

  • Remove a User from a Group: To remove a user from a group, use the gpasswd command:

    sudo gpasswd -d username groupname

Deleting a Group

To delete a group, use the groupdel command:

sudo groupdel groupname

This command removes the specified group from the system.

Managing User Privileges

Using Sudo for Privileged Access

The sudo command allows users to execute commands as the root user or another user with elevated privileges. Proper configuration of sudo is essential for maintaining security while allowing users to perform necessary administrative tasks.

Configuring Sudo Access

Sudo access is configured in the /etc/sudoers file, which should be edited using the visudo command to prevent syntax errors:

sudo visudo

To grant a user sudo privileges, add a line like the following to the file:

username ALL=(ALL:ALL) ALL

This configuration allows the user to run any command as any user or group. For more restrictive configurations, you can specify individual commands or limit execution to certain hosts.

Limiting Sudo Commands

You can restrict which commands a user can run with sudo by specifying them in the /etc/sudoers file. For example, to allow a user to only restart the Nginx service:

username ALL=(ALL) /usr/sbin/service nginx restart

Using Sudoers Aliases

Sudoers aliases allow you to create reusable sets of users, commands, and hosts in the /etc/sudoers file. This simplifies complex sudo configurations:

Cmnd_Alias RESTARTSERVICES = /usr/sbin/service nginx restart, /usr/sbin/service apache2 restart
User_Alias WEBSERVADMINS = alice, bob
 
WEBSERVADMINS ALL=(ALL) RESTARTSERVICES

In this example, users Alice and Bob are allowed to restart the Nginx and Apache services.

Go deeper on managing linux services.

Monitoring and Auditing User Activity

Viewing Logged-In Users

To see who is currently logged into the system, use the who or w command:

who

This command displays a list of all users currently logged in, along with their terminal, login time, and other details.

Checking User Login History

The last command shows a history of user logins:

last

This command lists users who have logged in and out, including the time, date, and IP address (if applicable).

Monitoring Command History

Each user's command history is stored in their home directory under .bash_history (or .zsh_history for Zsh users). You can view the command history of a user by accessing this file:

cat /home/username/.bash_history

To track commands executed with sudo, check the system logs:

sudo cat /var/log/auth.log | grep sudo

Implementing User Auditing

For more detailed monitoring, use auditd, the Linux Audit Daemon, which tracks system calls and records them in /var/log/audit/audit.log.

To install and start the auditd service:

sudo apt install auditd
sudo systemctl start auditd

You can configure audit rules to monitor specific files, commands, or users:

sudo auditctl -w /etc/passwd -p wa -k passwd_changes

This command logs write (w) and attribute changes (a) to /etc/passwd and tags the logs with the keyword passwd_changes.

Best Practices for User Management

Use Groups for Permissions Management: Assign users to groups rather than setting permissions individually. This approach simplifies management and ensures consistent access control.

Enforce Strong Password Policies: Enforce strong password policies using tools like pam_pwquality to ensure that users select secure passwords.

Regularly Review User Accounts: Periodically review user accounts, especially administrative accounts, to ensure that no unauthorized accounts exist and that only active users have access.

Limit Use of the Root Account: Avoid using the root account directly. Instead, grant necessary privileges using sudo, which provides an audit trail of commands executed with elevated privileges.

Monitor and Audit User Activity: Regularly monitor and audit user activity to detect any unauthorized access or suspicious behavior. Use tools like auditd for detailed tracking of user actions.