I. Why Manage Users and User Groups?¶

In Linux systems, each user has a unique identity, and user groups are collections of users. The core purpose of managing users and user groups is permission control and resource isolation:

• Security Isolation: Different users have different permissions to prevent accidental operations or malicious access (e.g., regular users cannot modify system configurations, only root can).
• Collaborative Sharing: Multiple users can join the same user group to share file/directory permissions (e.g., development teams sharing project directories).
• System Management: Facilitates batch user management (e.g., organizing users by department and assigning permissions uniformly).

II. Basic Concept Explanation¶

1. User¶

• Definition: A system user with a unique UID (User ID).
• Categories:
• Root User: System administrator with UID=0, having full privileges.
• System Users: UID=1~999, used to run system services (e.g., the nobody user).
• Regular Users: UID≥1000, created by administrators for daily operations.

2. Group¶

• Definition: A collection of users for batch permission assignment, with a unique GID (Group ID).
• Categories:
• Primary Group: The default group a user belongs to, inherited by default when creating files.
• Supplementary Group: An additional group a user joins to temporarily gain its permissions.

III. Core Configuration Files¶

Linux stores user and group information in the following files. Beginners should understand their basic structures:

1. /etc/passwd (User Basic Information)¶

• Each line represents a user, format: username:password_placeholder:UID:GID:comment:home_dir:login_shell
• Example: testuser:x:1000:1000::/home/testuser:/bin/bash
• x: Password field (actual password stored in /etc/shadow).
• 1000: User ID (UID), default starting value for regular users.
• /home/testuser: User’s home directory (default after login).
• /bin/bash: Login shell (/sbin/nologin means no login access).

2. /etc/group (Group Information)¶

• Each line represents a group, format: groupname:password_placeholder:GID:members
• Example: dev:x:1001:testuser,alice
• dev: Group name.
• 1001: Group ID (GID).
• testuser,alice: Group members (comma-separated).

3. /etc/shadow (User Passwords)¶

• Stores encrypted passwords (only root can view). Format: username:encrypted_password:last_change:min_pass_age:max_pass_age:warn_period:expire_date:reserved
• Example: testuser:$6$...:19500:0:99999:7:::

IV. Common Management Commands¶

1. User Management¶

Create User: useradd¶

• Basic Usage: useradd username
• Example: useradd -m testuser (-m: Auto-create home directory if missing).
• Common Parameters:
• -d /home/newdir: Specify home directory.
• -g dev: Set primary group (use group name or GID).
• -G dev,testgroup: Add supplementary groups (comma-separated).
• -s /bin/bash: Specify login shell (default: /bin/bash).

Delete User: userdel¶

• Basic Usage: userdel username (deletes home directory by default).
• Preserve Home Directory: userdel -r username (-r: Delete home directory when removing user).

Modify User: usermod¶

• Examples:
• Change home directory: usermod -d /newdir testuser
• Change primary group: usermod -g dev testuser (ensure dev exists first).
• Add supplementary group: usermod -aG testgroup testuser (-a: Append, -G replaces existing groups).

Set/Modify Password: passwd¶

• Change Current User Password: passwd (enter current password).
• Set Password for Other Users (root required): passwd testuser (enter new password).

2. Group Management¶

Create Group: groupadd¶

• Basic Usage: groupadd groupname
• Example: groupadd dev (creates a group named dev).

Delete Group: groupdel¶

• Basic Usage: groupdel groupname
• Note: If members exist, remove them first before deleting the group.

Check User’s Groups: groups¶

• Example: groups testuser (shows all supplementary and primary groups).

V. Practical Operation Examples¶

1. Create User and Assign Permissions¶

Step 1: Create regular user testuser with primary group dev

# Create the dev group first
groupadd dev
# Create user with home directory, primary group dev, and bash shell
useradd -m -g dev -s /bin/bash testuser

Step 2: Set Password

passwd testuser  # Enter new password twice

Step 3: Switch to Regular User

su - testuser  # - switches environment variables (critical for home dir)

Step 4: Add User to Supplementary Group testgroup

groupadd testgroup
usermod -aG testgroup testuser  # Append to testgroup

Step 5: Verify User Information

id testuser  # Output: uid=1000(testuser) gid=1001(dev) groups=1001(dev),1002(testgroup)

2. Delete User While Preserving Files¶

To delete a user but retain their files (e.g., logs/configs):

# Incorrect: userdel -r testuser (removes home dir)
# Correct:
userdel testuser  # Only deletes user account
rm -rf /home/testuser  # Manually remove home directory

VI. Common Issues and Notes¶

1. Forgot User Password?¶

• Root can reset password: passwd --stdin testuser (requires policycoreutils on CentOS/RHEL).
• Alternative: passwd testuser (enter new password directly).

2. Cannot Log In as User?¶

• Check shell configuration: cat /etc/passwd | grep testuser (last field should be /bin/bash, not /sbin/nologin).

3. Share Directory Permissions Among Multiple Users?¶

• Method: Add all users to the same group, set the directory’s group ownership, and enable group write permissions:

# Example: Create shared directory /data/project with group dev
mkdir -p /data/project
chgrp dev /data/project
chmod g+rwx /data/project  # Group members can read/write/execute

VII. Summary¶

User and group management is fundamental for Linux system security and collaboration. This guide covers core commands (create/delete/modify), configuration files (passwd/group/shadow), and practical workflows. Use commands like id and groups to troubleshoot permission issues and avoid accidental user/group deletion. Practice creating users, switching identities, and managing permissions to master Linux user administration.