User and Permission Management

Overview

Linux user management, group management, sudo configuration, ACL permissions and other skills.

User Management

View Users

# Current user
whoami
id

# User information
id username
finger username

# All users
cat /etc/passwd
getent passwd

# Logged in users
who
w
last                                # Login history

User Operations

# Create user
useradd username
useradd -m -s /bin/bash username    # Create home directory, specify shell
useradd -G group1,group2 username   # Specify supplementary groups

# Modify user
usermod -aG groupname username      # Add to group
usermod -s /bin/zsh username        # Change shell
usermod -L username                 # Lock user
usermod -U username                 # Unlock user

# Delete user
userdel username
userdel -r username                 # Also delete home directory

# Change password
passwd username
passwd -l username                  # Lock password
passwd -u username                  # Unlock password
chage -l username                   # View password policy

Group Management

View Groups

# User's groups
groups username
id -Gn username

# All groups
cat /etc/group
getent group

# Group members
getent group groupname

Group Operations

# Create group
groupadd groupname
groupadd -g 1001 groupname          # Specify GID

# Modify group
groupmod -n newname oldname         # Rename

# Delete group
groupdel groupname

# Manage group members
gpasswd -a username groupname       # Add user
gpasswd -d username groupname       # Remove user
gpasswd -M user1,user2 groupname    # Set member list

sudo Configuration

Basic Usage

# Execute as root
sudo command
sudo -i                             # Switch to root shell
sudo -u username command            # Execute as another user

# View permissions
sudo -l

sudoers Configuration

# Edit sudoers (recommended method)
visudo

# Or edit files under /etc/sudoers.d/
visudo -f /etc/sudoers.d/username

Common Configuration Examples

# /etc/sudoers.d/username

# Full privileges
username ALL=(ALL:ALL) ALL

# No password required
username ALL=(ALL) NOPASSWD: ALL

# Specific commands
username ALL=(ALL) /usr/bin/systemctl restart nginx

# Specific commands without password
username ALL=(ALL) NOPASSWD: /usr/bin/docker

# Group privileges
%groupname ALL=(ALL) ALL

ACL Permissions

View ACL

getfacl file
getfacl -R dir                      # Recursive view

Set ACL

# Set user permissions
setfacl -m u:username:rwx file
setfacl -m u:username:rx dir

# Set group permissions
setfacl -m g:groupname:rx file

# Set default ACL (new files inherit)
setfacl -d -m u:username:rwx dir

# Recursive set
setfacl -R -m u:username:rx dir

# Remove ACL
setfacl -x u:username file          # Remove specific
setfacl -b file                     # Remove all

Special Permissions

SUID/SGID/Sticky

# SUID (4) - Execute as file owner
chmod u+s file
chmod 4755 file

# SGID (2) - Execute as file group/directory inherits group
chmod g+s file
chmod 2755 dir

# Sticky (1) - Only owner can delete
chmod +t dir
chmod 1777 dir

# View
ls -la
# -rwsr-xr-x  SUID
# -rwxr-sr-x  SGID
# drwxrwxrwt  Sticky

Common Scenarios

Scenario 1: Create Developer User

# Create user and group
groupadd developers
useradd -m -s /bin/bash -G developers devuser

# Set password
passwd devuser

# Configure sudo
echo "devuser ALL=(ALL) NOPASSWD: /usr/bin/docker, /usr/bin/systemctl" > /etc/sudoers.d/devuser
chmod 440 /etc/sudoers.d/devuser

Scenario 2: Shared Directory Permissions

# Create shared directory
mkdir /shared
groupadd shared
chown root:shared /shared
chmod 2775 /shared                  # SGID ensures new files inherit group

# Add users to group
usermod -aG shared user1
usermod -aG shared user2

Scenario 3: Restrict User to Specific Commands

# /etc/sudoers.d/limited-user
limited ALL=(ALL) NOPASSWD: /usr/bin/systemctl status *, /usr/bin/journalctl

Troubleshooting

/etc/sudoers.d/

newgrp groupname