Create a user. Delete a user. User groups. Create a group. Add user to a group. Delete user from a group. Delete a group. User: the owner of the file person who created the file. Group: the group can contain multiple users. Therefore, all users in that group will have the same permissions.
The user is be able to change their password at any time using the passwd command with the syntax. Below is an example:. There is another way of creating user accounts that might be easier for first-time administrators. However, you may need to install a new package.
The adduser command automatically creates a home directory and sets the default group, shell, etc. To create a new standard user with the adduser command the syntax is as follows:. Once you enter the command you receive a series of prompts; most of this information is optional. It is important to note that security should always be taken very seriously. Therefore, it is strongly recommended to use unique passwords for each account. Never share or give your password to other users.
Their files and home directory are not be deleted. Therefore, in order to have an additional layer of security, a sudo user is generally used in place of root. A sample of the sudo command is as follows:. Before using sudo , it may need to be installed if it is not part of your distribution.
The command for Debian is as follows:. In order to provide a user with the sudo ability, they need to be added to a sudo enabled group, or their username needs to be added to the sudoers file with a set of permissions.
This file is sensitive and important as an access and security control, and should not be edited directly with a text editor. If the sudoers file is edited incorrectly it could result in preventing access to the system or other unintended permission changes.
The visudo command should be used to edit the sudoers file. At a command line, log into your system as root and enter the command visudo. After you have given your user account sudo privileges, save the sudoers file and log out as root. Now log in as your user and test the privileges as your user with sudo access.
When a new user needs sudo access, you now are able to edit the sudoers file with your own login using the following command:. In many cases, while you want users to have elevated sudo permissions, you also want to follow the principle of least privilege and grant sudo users access only to the commands that they need.
In the following example, the sudoers file has been edited to limit sudo usage to a few clearly defined commands:. While the root and sudousername users still have full superuser permissions, the user username has been limited to only the top and apt-get commands as a sudo user. Additionally, all users added to the sudo group are separately limited only to the less , ls , and apt commands with sudo permissions.
If you wanted to give the user username sudo access to the additional 3 commands whitelisted for the sudo group, you would just need to add them to the sudo group and they would still retain their own unique permissions, giving them sudo access to a total of 5 commands. This process can be repeated for as many users and groups as needed. When whitelisting individual commands using the above syntax, it is important to use the absolute path to the command.
The which command can be used to find this absolute path:. Linux uses groups as a way to organize users. Groups organize collections of accounts, primarily as a security measure. The convention of having each user a member of their own group and optionally a member of any number of secondary groups allows users to more easily separate files that are personal from those they need to share with co-workers. When a user creates a file, members of the various user groups they belong to don't necessarily have access.
A user will have to use the chgrp command to associate a file with a secondary group. One important detail when adding a new account is that the useradd command does not necessarily add a home directory for a new user. Another option is to set yourself up with an alias so that useradd always uses the -m option. The grep commands are hiding comments and blank lines. Notice the various settings in this file determine the range of user ids to be used along with password aging and other setting e.
Users can be members of multiple groups for various reasons. Group membership gives a user access to group-owned files and directories, and sometimes this behavior is critical. To generate a list of the groups that some user belongs to, use the groups command. Users are members of a default group. If you are not experiencing the expected group privileges, logout and login again to pick up the changes to the user's group identities. If using NIS, view the groups using the command: ypcat group.
As root, the group ownership of a file, directory or device can be changed to any user or group ownership with the "chmod" command. A user who is a member of multiple groups can change the group ownership from and to any group of which they are a member.
The user must be a member of both the current group and of the group it is changing to. Change the ownership of the file to the group "accounting": chown :accounting filename Command format: chown user:group filename Also see chown man page. If the user creates a file, the default group association is the group id of user.
If he wishes to change it to another group of which he is a member issue the command: chgrp new-group-id file-name. Use the command newgrp group-name to switch your default group used in file creation or directory access. This starts a new shell.
Exit to return to the previous group id. Use the ps command to see if more than one shell is active. This only works if you are a member of multiple groups otherwise you have no group to switch to.
0コメント