Linux allows multiple users to have access to the system at one time. Setting permissions protects users from each other. Users can be assigned to groups that are created for users who share privilege, security, and access. Files and devices may be granted access based on a specific user or a group of users.
Groups are often used to give members certain permissions to modify a file or directory.
The two main types of groups are primary groups and secondary groups. A user's primary group is the default group the account is associated with. Directories and files the user creates will have this Group ID. A secondary group is any group(s) a user is a member of other than the primary group.
Creating groups
Let's create two groups called "writers" and "editors". Use the groupadd
command like this ( You may have to use sudo
at the beginning so you have the appropriate permission to create a group):
groupadd writers
groupadd editors
Creating users
You may already have users to add to your group. If not, here is the basic syntax to create a user with the useradd
command:
useradd [options] username
Here is the command to create a user named "quincy". The -m
will create the user's home directory to match the username. The -p p4ssw0rd
creates a password for the user of "p4ssw0rd".
useradd -m quincy -p password
The user will be able to change their password with the passwd
command. They will have to enter their current password and then their new password.
Adding a user to a group
You can use the usermod
command to add a user to a group. Here is how to add the user "quincy" to the group "writers". The -a
parameter means "append" and the -G
parameter adds a group as a secondary group.
usermod -a -G writers quincy
When a user is created with the adduser
command, the user is automatically assigned to a primary group with the same name as the username. So currently the user "quincy" has a primary group of "quincy" and a secondary group of "writers".
You can also add a user to many groups at once by separating the group names with commas. -G group1,group2,group3
.
The following command changes the primary group of the user quincy to "editors":
usermod -g editors quincy
Removing a user from a secondary group
To remove a user from a secondary group you need to overwrite the current groups of a user with a new set of groups that does not contain the group that is being removed.
First, use the id
command to check what secondary groups a user belongs to:
id -nG quincy
Let's say that this returns editors writers
indicating that quincy is part of the "editors" and "writers" group. If you want to remove the "writers" group, use this command:
usermod -G editors quincy
That command sets the secondary group of quincy to "editors". Since the -a
flag was not used, the previous set of groups was overwritten.
Conclusion
You should now be ready to start managing users and groups. The next step is to determine which privileges each group will have.