User, Group, Permission and Sudoer

Linux Administration commands. Only a root/sudoer  or super user can run these commands.

Adding New User:  useradd [options] username

  • -c "Comment"
  • -m Create home directory
  • -s /shell/path
  • -g Group  Default group

[root@orcleprod ~]# useradd -c " Sam Smith" -m -s /bin/bash sam

[root@orcleprod ~]# passwd sam
Changing password for user sam.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@orcleprod ~]#

Encrypted passwords are stored in /etc/shadow file. This shadow file is only readable by root preventing other users from trying to crack the password.

[root@orcleprod ~]# id sam
uid=54323(sam) gid=54324(sam) groups=54324(sam)

[root@orcleprod ~]# egrep sam /etc/passwd

Each account has an username or login ID, UID (user ID) which is a unique number. Default group. comments shell and a home directory location.  The user account information is stored in /etc/passwd file

oracle:x:54321:54321:Oracle Software Owner:/home/oracle:/bin/bash

Deleting User: userdel [-r] username

[root@orcleprod ~]# userdel sam
[root@orcleprod ~]# id sam
id: sam: No such user
[root@orcleprod ~]#

On occasion, you may need to remove user's account from the server only. If you need to remove the user's home directory as well then add the option -r to the userdel command

Modify User: usermod [options] username

[root@orcleprod ~]# usermod -c "This is a test comment" sam
[root@orcleprod ~]# cat /etc/passwd | grep sam
sam:x:54323:54325:This is a test comment:/home/sam:/bin/bash

Create Group

[root@orcleprod ~]# groupadd group_name
[root@orcleprod ~]# groupadd devops

The file /etc/group stores group information.  The format of the /etc/group file:

[root@orcleprod ~]# grep devops /etc/group

Linux users sam and prabin both belong to devops group. To display all the groups that a user belong to simply type groups [username]

[root@orcleprod ~]# groups sam
sam : sam devops 

Delete Group: groupdel group_name
Change the property of Group: groupmod

Assigning Group

usermod -a -G <groupname> username

[root@orcleprod ~]# id sam     
uid=54323(sam) gid=54325(sam) groups=54325(sam)
[root@orcleprod ~]# usermod -a -G devops sam
[root@orcleprod ~]# id sam
uid=54323(sam) gid=54325(sam) groups=54325(sam),54324(devops)

Also, you can view all the groups that you are part of using groups using  groups command

[sam@orcleprod ~]$ whoami
[sam@orcleprod ~]$ groups
sam devops

Note: Sometime the user may need to logout and log back in for the new group to take into effect. 

Revoking Group

usermod -R <group name> <username>
usermod -R root sam

File & Directory Permission:

Each file and directory has three users (owner, group, all other users) based permission groups.
owner:  It only applies to the owner only
group:  This group permission only applies to the member of this group.
all users:  This permission applies to all other user.

Permission Types:
Read (r): Read only to a file or directory
Write (w): Write or modify a file or directory
Execute(x): Execute a file or view the contents of the directory

Changing Permission

1 = Read
2=  Write
4 = Execute

777 = rwx rwx rwx (owner, group, all user)
owner= rwx = 4+2+1=7
group= rwx = 4+2+1=7
other= rwx=4+2+1=7

chmod 777 filename
chmod o=rwx filename
chmod g=rwx filename
chmod u=rwx filename

[root@orcleprod u01]# ls -l test*
-rw-r--r--. 1 root root 20 Jul 27 13:06 test.txt
chmod 777 test.txt
[root@orcleprod u01]# ls -l test*
-rwxrwxrwx. 1 root root 20 Jul 27 13:06 test.txt

[root@orcleprod u01]# chmod 770 test.txt
[root@orcleprod u01]# ls -l test*
-rwxrwx---. 1 sam root 20 Jul 27 13:06 test.txt


Ownership Change:

chown - change file owner and group
chown owner:group filename

[root@orcleprod u01]# ls -l test*
-rw-r--r--. 1 root root 20 Jul 27 13:06 test.txt
[root@orcleprod u01]# chown sam:root test.txt
[root@orcleprod u01]# ls -l test*
-rw-r--r--. 1 sam root 20 Jul 27 13:06 test.txt


Sudo (substitute user do) allows a SYS admin to delegate authority to give certain users or a group of users the ability to run some or all commands as root or another users while providing an audit trail of the commands arguments.

cat /etc/sudoers  ## Holds all the groups for sudoer. If you belong to any of those groups, you have sudoer access  or else you will need to request SYS admin for access to certain root commands through sudo.

Interested in working with me? I can be reached at pbaniya04[at] for any questions, consulting opportunities or you may drop a line to say HELLO. Thank your again for visiting my blog and looking forward to serving you more.

Have a Database-ious Day!

No comments

Powered by Blogger.