Managing Accounts

Being able to add and remove users and groups is of primary importance to you as a system administrator if you are running a multiuser Linux system or a Linux system on a network to which many people have remote login permission. In Chapter 7, "Understanding File Properties," you learned about users, groups, and permissions. Now you learn how to create the user and group accounts with which permissions work.

The process of adding or deleting users and groups at the command line is an easy one; the tasks at hand are accomplished with the adduser, groupadd, userdel, and groupdel commands.

Adding and Removing User Accounts

Whenever you want to give a new user access to your Linux system with his or her own set of files and login information, you need to add a user account to your system. This is accomplished in two simple steps:

For example, to create a new account for a user named joe, you call adduser supplying joe as an argument, and then call passwd supplying joe as an argument, entering a password for joe when prompted:

 [root@workstation20 you]# /usr/sbin/adduser -c "Joe Brady" joe [root@workstation20 you]# passwd joe Changing password for user joe. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@workstation20 you]# 

After you create an account for joe, he can log in using the password that you configured for him. His home directory has been created too: /home/joe.

To delete a user account, simply use the userdel command, which resides in /usr/sbin, supplying the name of the account you want to delete as an argument and, optionally, the -r option if you want to delete the user's home directory. To delete the account for joe that you just created, along with joe's home directory, enter the following:

 [root@workstation20 you]# /usr/sbin/userdel -r joe [root@workstation20 you]# 

Without fanfare, joe's account and his home directory are deleted irrecoverably from the system.

Take Care When Deleting Accounts If you want to delete an account but you're not sure which one, you can get a listing of the accounts that exist on your system by displaying the /etc/passwd file, which contains all user accounts with their account numbers, one per line. Do not, however, delete any accounts with user numbers lower than 500 because accounts numbered below 500 belong to system services and might be critical for the proper functioning of Fedora Core 4.

Adding and Removing Groups

Groups enable users to become affiliated with one another, to work collectively on projects, or to access a specific facility or device that nongroup users can't. To create a group, use the groupadd command, stored in /usr/sbin, supplying the name of the group to create as an argument. To create a group called programmers, supply the name as an argument to groupadd as follows:

 [root@workstation20 you]# /usr/sbin/groupadd programmers [root@workstation20 you]# 

The process of deleting groups is similarly easy and is accomplished using the groupdel command, also stored in /usr/sbin. To delete a group, call groupdel and supply the name of the group you want to delete as an argument:

 [root@workstation20 you]# /usr/sbin/groupdel programmers [root@workstation20 you]# 

The group is deleted.

Administering Groups

Because groups are, by definition, a collection of individual users, they require some maintenance: You must be able to add users to a group or delete users from a group, and to assign group administration privileges to a specific user. All this is accomplished by calling the gpasswd command.

After you create a group, you can give group administration privileges to a regular user by calling the gpasswd command with the -A option, and supplying the name of the user and the name of the group as arguments. For example, to give the user joe administration privileges for the group programmers, you enter the following command:

 [root@workstation20 you]# gpasswd -A joe programmers [root@workstation20 you]# 

The user joe now has administration privileges for the group programmers and can add and delete users, set the password, and clear the password for the group.

To add users, joe issues the gpasswd command with the -a option, supplying the name of the user to add and the name of the group he administers as arguments. For example, if joe adds jane to the group programmers, he enters the following command:

 [joe@workstation20 joe]$ gpasswd -a jane programmers [joe@workstation20 joe]$ 

The user jane is now a member of programmers until joe removes her. To remove jane from programmers, joe calls the gpasswd command with the -d option, supplying the user to remove, jane, and the group to remove her from, programmers, as arguments:

 [joe@workstation20 joe]$ gpasswd -d jane programmers [joe@workstation20 joe]$ 

For information on additional capabilities offered to the root user by the gpasswd command, including the ability to use group passwords, see the gpasswd manual page.

Changing Group Membership

For regular users to use their group memberships, they must use the newgrp command. The newgrp command is called with the name of a group as an argument; the user's group identity then changes to that of the specified group if the user is a member of the group. For example, if jane, a member of programmers, wants to access the files belonging to the group programmers, she calls newgrp from her command prompt, supplying programmers as an argument:

 [jane@workstation20 jane]$ newgrp programmers [jane@workstation20 jane]$ 

Users can return to their default (that is, login) group identity by issuing the newgrp command without arguments:

 [jane@workstation20 jane]$ newgrp [jane@workstation20 jane]$