User and Group: What for and How to create them

Summary hide
1 Users
1.1 What is it
1.2 How to create a normal user
1.2.1 Ubuntu
1.2.1.1 Option for normal user
1.3 System User
2 Groups
2.1 What is it
2.2 Adding a group to a user
2.3 Creating a group

Users

What is it

A server (and to some extent a computer) is usually shared between several people. But how could we do that?

One solution to allow several people access to a server is sharing the same credentials. But this comes with many issues:

  • Everyone can modify the files of others
  • Everyone can see the files of everyone, for example, an employee could look at files from HR and get the address of all the employees
  • Generally, everyone can do everything, like shutting down the server or destroying the databases. And no one would know who did it at it would have been root.

The solution offered by Linux is the users.
That way every person who needs to access the server corresponds to a user. Each user has their username, password, and several other information.

The default user on a computer is root. This user is the main administrator, it can perform everything on the computer, even erase the hard drive (rm -rf /).
For security reasons, this user should never be used as the main user.
That is why we are going to see how to create a user.

How to create a normal user

Creating a user depends on the distribution of Linux you are using

Ubuntu

Ubuntu provides an easy-to-use tool to create a user, adduser.

To create the user test the command is the following.

sudo adduser test

You will then be prompted several questions to answer.

  • The password, you have to choose a password.
    It cannot be an empty password.
    You can generate a random password using pwgen. We will cover more about passwords in another tutorial.
  • The full name of the user: it can be empty.
    But is useful to easily differentiate between users.
  • The room number of the user: it can be empty
  • The work phone of the user: it can be empty
  • The home phone of the user: it can be empty
  • Other information about the user: it can be empty
Option for normal user

Several options can be used when creating a user.
Here is a short sample:

  • --disabled-login
    Do not set the password. It will prevent the user from being able to log in before a password is set for the user.
  • --disabled-password
    Similar to the previous one, but still allows connection without a password, for example, SSH with keys.
  • --home <dir>
    Specify the home directory of the user. If not specified the default one is created, usually /home/<username>
  • --no-create-home
    Do not create the home directory. Useful for users who can log in but will never save data on the server.
  • --shell <bin>
    Specify the default shell of the user.

System User

The file /etc/passwd contains the list of all users on the server.
And if you look at yours you will see many more than just the one you created. Why would you ask?
They are system users.

Many software needs to run tasks in the background that are not run by a specific person. For example, your web server needs to serve the requests but each request does not necessarily correspond to one of the employees. So with which user should the software run?

The Linux solution was to create what is called system users. They are users who do not correspond to real people but rather to a specific software or service.
For example, the system user for your web server is usually called www-data.

As these system users do not correspond to real people, they do not have personal information or a home directory. Usually, they can not even log in.

Creating a system user can sometimes be useful for example for crontab or other things. This is done with the option --system, like the following command.

sudo adduser --system test

Groups

What is it

We saw in the previous section that we can manage the right on a user basis.
But do we need to configure the right for all the members of a team or how can several people share the ownership of files?

To do so, Linux uses what is called groups. This way we can share rights across several users without configuring every user separately.

A user always has a main group, usually named after him, and additional groups.

While the names of standard groups can vary, here are some of them:

  • adm: the group of system administrators
  • sudo: the group of users allowed to sudo as root
  • docker: the group of users allowed to run docker commands
  • wireshark: the group of users allowed to use Wireshark and as such listen to network traffic
  • www-data: the default group of the web server, useful for web dev to be able to edit the file of the web server without messing with the right of the web server

Adding a group to a user

Now that we have identified which groups are relevant to add to our users, how do we do it?
We are going to modify them with the command usermod.

For example, to add the sudo group to the test user, we use the following command.

sudo usermode test -aG sudo

Creating a group

Sometimes it can be interesting to create a group, for example, for a specific team, to allow them to share folders.
To do so, we use the command addgroup as in the following.

sudo addgroup <team>

This tutorial is mainly inspired by the man page of adduser and addgroup

Leave a comment

Your email address will not be published. Required fields are marked *