rainbowbird
11/20/2019 - 5:10 AM
CentOS user management
Linux Groups
There are two types of groups that a user can belong to:
- Primary or login group – is the group that is assigned to the files that are created by the user. Usually, the name of the primary group is the same as the name of the user. Each user must belong to exactly one primary group.
- Secondary or supplementary group - used to grant certain privileges to a set of users. A user can be a member of zero or more secondary groups.
List all Groups a User is a Member of
There are multiple ways to find out the groups a user belongs to.
The primary user’s group is stored in the /etc/passwd file and the supplementary groups, if any, are listed in the /etc/group file.
One way to find the user’s groups is to list the contents of those files using cat, less or grep.
Another easier option is to use a command whose purpose is to provide information about the system’s users and groups.
Using the groups command
When executed without an argument the command will print a list of all groups the currently logged in user belongs to.
To get a list of all groups a specific user belongs to, provide the username to the groups command as an argument.
Using the id command
The id command prints information about the specified user and its groups. If the username is omitted it shows information for the current user.
List All Members of a Group
To list all members of a group, use the getent group command followed by the group name.
List All Groups
To view all groups present on the system simply open the /etc/group file. Each line in this file represents information for one group.
Another option is to use the getent command which displays entries from databases configured in /etc/nsswitch.conf file including the group database which we can use to query a list of all groups.
To get a list of all groups, type the following command:
$ getent group
The output is the same as when displaying the content of the /etc/group file. If you are using LDAP for user authentication the getent will display all groups from both /etc/group file and LDAP database.
You can also use awk or cut to print only the first field containing the name of the group:
$ getent group | awk -F: '{ print $1}'
$ getent group | cut -d: -f1
How to create users and groups in Linux from the command line
Creating users
For this, we will be making use of the useradd command.
The basic syntax of the command is:
useradd [options] username
The below command would create the user and also create the user's home directory to match the username.
useradd -m olivia
To set a user's passord
passwd olivia
If you want to do this all in a single step, that command would look like this:
useradd -m olivia -p PASSWORD
Where PASSWORD is the password you want to use for the user olivia.
Creating groups and adding users
you would issue the command to create the group editorial:
groupadd editorial
Now we want to add our new user, olivia, to the group editorial. For this we will take advantage of the usermod command. This command is quite simple to use.
usermod -a -G editorial olivia
The -a option tells usermod we are appending and the -G option tells usermod we are appending to the group name that follows the option.
How to Change a USER and GROUP ID on Linux For All Owned Files
Linux command to change UID and GID
To assign a new UID to user called foo, enter:
# usermod -u 2005 foo
To assign a new GID to group called foo, enter:
# groupmod -g 3000 foo
Please note that all files which are located in the user’s home directory will have the file UID changed automatically as soon as you type above two command. However, files outside user’s home directory need to be changed manually. To manually change files with old GID and UID respectively, enter:
# find / -group 2000 -exec chgrp -h foo {} \;
# find / -user 1005 -exec chown -h foo {} \;
The -exec command executes chgrp or chown command on each file. The -h option passed to the chgrp/chmod command affect each symbolic link instead of any referenced file.