Managing user and groups, UID and GID in Linux

What are users in the operating system?

A user is a person who accesses or utilizes computer resources or network services. In order to gain access to a computer system, user are required to log-in to an operating system. Each and every file or folder is owned by a particular user.

There are three types of users in the Linux operating system root or superuser, regular user, and system user.

·     Root user (superuser): When the Linux is installed on computer the root account is created by default you just need to set a password to enable the root account which is also known as superuser. The root user is the most privileged user who can access all commands, files, and all services.

  

·      Regular user: A regular user has only the necessary privileges to perform standard tasks such as creating folders, etc. They can store files in their own home directory and have to work only in their home directory. Since the regular user does not have root user privileges they cannot delete or modify system configuration files or other critical files.

 

·      System user: System users are the software or application user created automatically by the system to run services such as mail, apache, ftp, etc have their own individual system account. It is also known as a service user. These accounts exist to allow each of these services to interact with the computer 

 

 Important files

·     /etc/passwd: This file contains information about users. It is a text-based file. The passwd file is stored under “etc” directory.

·   /etc/shadow: This file contain the actual password in an encrypted format. This shadow file is also stored under “etc” directory.

The above two files can be view by regular file viewer, cat, less, more or tail command, etc.

Ø  To know more about the above two files click here.

 

Managing local user

1.    useradd command: This command is used to create a new user account. This command does not set any valid password and the user cannot log-in to the account until the password is set.

From the above example, you can see the user Ronak is successfully created but we did not get any notification that the user Ronak is created. So if you want to check whether the user Ronak is created or not just check “/etc/passwd” file and the example is given below.

2.    Passwd command: The newly created user account has no password. This command is used to add a password to the new user account and this same command is used to change the password of an existing user account.

The password is successfully given to Ronak. But you can see “New password and Retype new password” is seems empty this feature is by default in the Linux operating system. You just have to type your password as per your requirement it will not appear but it will take your new password.   

3.     usermod command: To modify an existing user account usermod command is used.

From the above example you can see –u option is used for changing UID.  By using the “usermod” command the UID is successfully changed from 1003 to 1005 for Ronak.

4.     userdel command: The userdel command is used to delete an existing user account and it related files

From the above example, you can see userdel command is used with option –r stands for recursively and –f is for forcefully and this both options can be used together like –rf. 

Note: Regular user or normal user cannot execute the above commands and if you try to execute with the regular user it will give you permission denied error. All the above commands can execute by the root user or sudo user only. 

 

What is the groups?

The main purpose of the group is to set a privilege like read, write, or execute permission to the files or resources that can be shared among the users within the group. In a single group, there can be multiple users. Basically groups are a collection of users. In Linux every user has a UID (user identifier) and a GID (Group identifier).

There are two types of groups:

Primary groups

Normally, when a new user is created a new group is also created automatically while creating a new user. A new group has the name and GID (group ID) same as the user name and UID (user ID). A new user becomes a member of its own group which becomes a primary group for the user. The newly created user is the only member of this (UPG) user private group.

·         Every user has one primary group.

·         For the local user, the primary group is defined by the GID number of the group listed in the fourth field of “/etc/passwd”.

Supplementary groups

A supplementary group is an additional group the user can become a member. For example, a newly created user john automatically becomes a part of the group name john but if john wants to access files owned by the group name rocky in that case john has to be a member of the group rocky to access those files. So john becomes a member of the group name rocky which is a supplementary group.

·         The User may be a member of zero or more supplementary groups.

·         The user’s that are members of the supplementary groups are listed in the last field of the group’s entry in “/etc/group”.  The user who is members of the groups is determined by a comma-separated list of users found in the group’s entry in “/etc/group” file.

Important file

·      /etc/group: This file is a text file that contains the group information for each user account.

The above file can be view by regular file viewer, cat, less, more or tail command, etc.

Ø  To know more about the above file click here.

 

Managing local group

1.    groupadd command: This command is used to create groups and by writing it without option the next available GID (group identifier) from the range specified in the “/etc/login.defs” file.

By using “groupadd” command new group is created with the name hockey and the new group hockey is created with GID 1003. The fourth field is empty because no user is added to hockey group.

2.    groupmod command: This command is used to change an existing group name and GID. The –n option is used to specify a new name to an existing group. The option –g is used to specify your own GID number to the existing group.

By using “groupmod” command you can see that the GID of the group hockey is been changed from 1003 to 8000.

3.    groupdel command: The groupdel command is used to remove the existing group.

From the above example by using “groupdel” command the group hockey is successfully deleted.

Note: usermod alters group membership. You can change the user’s primary group with “usermod –g groupname” command. To add an existing user to a supplementary group “usermod –aG groupname username” command is used.

 

UID and GID:

UID: A UID (user identifier) is a unique number that Linux operating system assigned to each user. Which is used to identify the user on the system and to determine which system resources the user can access.

There are some specific ranges of UID are used for a specific purpose are given below.

·         The UID 0 is only assigned to the superuser account, root.

·         The UID 1 – 200 is a range of “system users” assigned statically to system processes.

·         The UID range 201 – 999 is a range of “system users” used by system processes that do not own files on the system.

·         The range of UID 1000+ is available to assign to the regular users and the maximum range is 60,000 for assign to regular users.

 

GID: A GID (group identifier) is a unique number to identify each group.

There are some specific ranges of GID are used for a specific purpose are given below.

·         The GID 0 is only assigned to the superuser account, root.

·         The GID 1 – 200 is a range of “system users” assigned statically to system processes just like UID.

·         The GID range 201 – 999 is a range same as UID used for “system user” used by system processes that do not own files on the system.

·         The range of GID 1000+ is available to assign to the regular users and the maximum range is 60,000 for assign to regular users.

Note: Default ranges used by useradd and groupadd can be changed in the “/etc/login.defs” file.

Understanding /etc/group

/etc/group

This file contains the group names with GID (group identifier) and defines which user belongs to which group.  It is a simple text file stored under “etc” directory.  The “/etc/group” file has a similar role for groups as the “/etc/passwd” file has for users. This file contains one entry per line and each entry has four fields that are separated by a colon (:).

The entry in this file looks like given below:

Groupname: password: GID:list of users 

Field	Description
Groupname	The name of the group.
Password	The encrypted password of the group represented by x.
GID	This field contains the group identification number.
List of users	It contains the names of users that are members.

 

To access the “/etc/group” file you can use commands like cat, tail, head, etc.

From the above image “hockey” is a group name, “x” is the encrypted password, 1004 is a GID, and user2, john, and user1 are the members of the group hockey.

 The command “cat” is short of “concatenate” it allows us to view file content, redirect output in terminal or file, create single or multiple files, and concatenate files.

The “pipe” is a vertical bar (|) on the command line between two commands. The pipe basically takes the output from one command and use it as input for another command.

The “grep” stands for (globally search for a regular expression and print out) is used to filter search through a pattern of characters, and displays all lines related to the pattern.

 

 

Understanding /etc/passwd and /etc/shadow files:

/etc/passwd:

This file contains information about users. It is a text-based file with seven fields separated by a colon (:). This file in stored under “etc” directory and to view this file we can use regular file viewer, cat, less, more or tail command, etc.  

From the above image, the tail command is used along with –n option followed by 1 which means only one line from the bottom of this file.

Basically tail command is used to view a specific number of lines as per need. Here –n option stands for a number.

Note: The “/etc/passwd” file can be accessed by a normal user there is no need to gain root access. 

username:password:UID:GID:GECOS:/home/user:default shell

Breaking down of the user entry from left to right:

 

1.  Username is a mapping of a UID which uniquely identifies the user on the computer system.

2.  Password is where passwords were kept in an encrypted format but display only “X”. The full encrypted password is stored in a separate file called “/etc/shadow”.

3.   UID is a user ID, a number that identifies the user at the most fundamental level.

4.   GID is a user’s primary group ID number.

5.  GECOS field usually includes the user’s full name, or address, or phone number, or any basic information, and this field is also known as the comment field.

6.   /home/user is the location of a user home directory, personal data, and configuration files.

7.  Shell is a program that runs as the user logs in. For a regular user, this is normally the program that provides the user’s command interpreter.

 

/etc/shadow:

This file stores the actual password in encrypted format using a hashing algorithm and also holds information about password aging. It is a text-based file with nine fields separated by a colon (:). 

Note: Root access is required to view “/etc/shadow” file. If you try to view this file as a normal user the shell will throw an error message given below.

Output after taking root access.

Breaking down the entry from left to right:

 

1. Login name: The login name of the user which is store on the system.

2. Encrypted password: A password field starts with an exclamation ($) mark which means that the password is locked.

3. Last password change: This field shows the date of the last password changes, represented as the number of days since 1970/01/01.

4. Minimum: The minimum number of days before a password may be changed, where 0 means “no minimum age requirement”.

5. Maximum: This field shows the maximum number of days before a password must be changed.

6. Warning period: The warning period that a password is about to expire. Represented in days, where 0 means “no warning given”.

7. Inactive period: The number of days a user account remains active after a password has expired. A user may still log into the system and change the password during this period. After the specified number of days, the account is locked and becoming inactive.

8. Expiration date: This field shows the expiration date of the user account represented as the number of days since 1970/01/01.

9. Blank: This field is blank. It is reserved for future use.   

Linux Basic Commands

The command line is a text-based interface that can be used to take input from a user as an instruction to the computer system. In the Linux, the command line is provided by a program called the “shell”. There are so many shell program have been developed but “GNU Bourne-Again shell (bash)” is the default shell in some Linux distribution such as Centos and RHEL. Bash is an improved version of one of the most successful shells used on UNIX like the system the Bourne Shell (sh).

Using “bash” to execute command can be powerful. The “bash” shell provides a scripting language that can support the automation of tasks. The shell has additional capabilities that can simplify or can make some operation possible that are hard to accomplish with graphical tools.

Note: The “bash” shell is similar in concept to “cmd.exe” the command line interpreter of Microsoft Windows, although bash is a more sophisticated scripting language and it is also similar to “PowerShell”.

To access the terminal in a graphical mode of Centos and RHEL you just need to select Application > Utilities > Terminal or Just right click on an empty desktop > Open Terminal.

From the Activities Overview, select Terminal from the dash (either from the favorite’s area or by finding it with the grid button (inside utility grouping) or the search field at the top of the window overview).

Before starting to learn some commands let understand the difference between $ and #.

When a shell is used interactively. The shell displays a string when it is waiting for a command from the user. This is called the shell prompt. When a regular user starts a shell, it shows $ character to the end of the prompt by default.

The $ character gets replaced by a # if the shell is running as the superuser, root. This # character makes it more obvious that it is a superuser shell, which helps to avoid accidents and mistakes in the privileged account.

Linux Basic Commands

Let’s starts with simple Linux commands.

1. pwd command: “pwd” stands for present working directories that print the absolute path of the current working directories. 

2. cal command:  “cal” command display calendar of current month but by specifying month and year it will display a calendar of that specific month and year for example: “cal 5 2000”.

From the above example 5 stands for the month “may” and 2000 is the “year”. You can practice by specifying only a month after the “cal” command.

3. who command: “who” command displays all users who are currently logged in.

4. whoami command: “whoami” command displays the name of a current user who is logged-in into a particular terminal.

5. who am i command: There is a difference between “whoami” and “who am i” the command “who am i” display not only current user who is logged-in but also pseudo-terminal (pts), time and comment.

6. clear command: “clear” command is used to clear the current terminal.

7. date command: “date” command is used to displays the current date and time.

8. ls command: “ls” command display list of files and directories from current working directories, for example, if you are in the root directory and you type ‘ls” command then it will display all the files and directories under the root directory.

9. cd command: By using “cd” command you can change directory. For example: “cd /directory”.

10. touch command: with “touch” command you can create a file without any content. It extension can be .txt, .file, .zip, or etc. 

11. rm command: “rm” command stands for remove which is used to remove files, but not directories.

If you try to remove directory by just “rm “command it will give throw a message “cannot remove “dir”: Is a directory”.But if you want to remove directories you have to use –r (recursive) option.

12. mkdir command: when you want to make a directory then use “mkdir” to create directory and ‘mkdir” stands for make directory.

If you want to make subdirectory under a directory from a single command then use –p, this means parent option creates parent directories for the requesting destination.

13. rmdir command: To remove any directory you can use the “rmdir” command and “rmdir” stands for remove directory.

14. mv command: “mv” command is used to move files or directories from source to destination. The example for the command is “mv source destination”.

The move command can be used to rename the file or directories as well.

15. cp command: “cp” command is used to copy a file or directories from source to destination.

Useful command line-editing shortcuts

Shortcut	Description
Ctrl+l	Clear the current terminal.
Ctrl+a	Jump to the start of the command line.
Ctrl+e	Jump to the last line of the command.
Ctrl+u	Clear from the cursor to the start of the command line.
Ctrl+k	Clear from the cursor to the last line of the command.
Ctrl+left arrow	Jump to the beginning of the previous world on the command line.
Ctrl+right arrow	Jump to the end of the next word on the command line.
Ctrl+r	Search the history list of commands for a pattern.

                       

The Linux File System Types

The computer file system is the method of organizing how and where the data should be stored on the hard disk, accessed, and managed. The computer file system also provides the capabilities to modify, create, delete the files. Without the file system, the information which is stored would not be isolated into individual files and would be difficult to identify and retrieve.

The ext, ext2, ext3, ext4, and xfs are all the file systems created for the Linux operating system.

1. Ext - The ext stands for extended file system and first implemented in 1992 as the file system created specifically for the Linux. It was developed by Remy Card. Its metadata structure was inspired by the UFS (UNIX file system). It was designed to overcome the certain limitations of the MINIX file system. The individual file size can be 2GB.

2. Ext2 - The ext2 stands for the second extended file system and it was first introduced in 1993. It was developed to overcome the limitation of the ext file system. It was also developed by Remy Card. This file system does not support the journaling feature. This file system comes with the fundamental concept of inode number (index node number or index node). Every file in the file system is represented by an inode. The inode structure contains the pointer to the file system blocks which contains the details about the file and all the meta-data.  The individual file size can be from 16 GB to 2 TB maximum and the overall file system size can be from 2 TB to 32 TB.

3. Ext3 - The ext3 stands for the third extended file system and it was developed by Stephen Tweedie in 2001. It was introduced in Linux kernel 2.4.15 and available since then. It also introduces the journaling feature. Journaling is developed to prevent data from corruption through sudden power loss or system crashes. There is three types of journaling mode are available in the ext3 file system such as journal, ordered, and write back.

• Journal - It provides the most secure data retention policy. Basically, it writes metadata and file content to the journal but reduces the performance.
• Ordered - This is a default mode and all the metadata are journal only after writing the content to disk. 
• Write back - This mode is faster but at high risk. It makes no guarantee as to when the metadata is committed to the journal. But allow the file to shows up after a crash and relies on kernel standard write back to flush buffers

The conversion from ext2 to ext3 the file system is possible directly without and backups or restore by using “tune2fs command”. 

4. Ext4 - The ext4 stands for the fourth extended file system it was developed in 2008 and introduced in Linux kernel 2.6.14 and available since then. It has a backward compatibility feature means the ext4 can convert into ext3 or ext2. There are several more features are introduced in the ext4 file system such as multi-block allocation, journal checksum, fast fsck (file system check), delayed allocation, etc. In the ext4 user have an option to turn off the journaling features. The maximum size of an individual file can be from 16 GB to 16 TB and the overall file system size is 1 EB (Exabyte) which is greater than 1 PB (Petabyte) = 1024 TB and 1 TB (Terabyte) = 1024 GB.

5. XFS - The xfs file system was developed by Silicon Graphics Incorporation (SGI) in 1994. This is a 64-bit high-performance journaling file system and introduces in SGI’s IRIX operating system but with version 5.3. This file system was introduced to the Linux kernel in 2001 but in 2014 the xfs file system is supported by most of the Linux distributions and some use as a default file system. The maximum size of an individual file is 8 EB (Exabyte) for the 64-bit file system. The xfs file system is highly scalable but its scalability is for only scaling up not for scaling down means once you create a file system with xfs you cannot reduce the size

Note: Microsoft’s FAT file system is also often an option when formatting a driver in the Linux