Simple Ubuntu Server: Part 5 – Setting Up Users and Groups

In Part 5, we’ll discuss setting up users and groups, which will be a direct precursor to setting up permissions and Samba shares in the next few parts. Right now, your server probably only has a single user, you, that you can log in as (unless you enabled root login, something I suggest against doing). I’m going to keep it that way and not allow login from other users with the goal of only giving them access to the shared files that will be setup in the next parts, but you can change it as you see fit.

Note that for virtually all of the commands below, you will need to prepend it with sudo. If you forget and get the following message that the file cannot be locked,

User doesn't have permission

User doesn’t have permission

an easy way to redo the command without having to retype the entire thing is to issue the command

sudo !!

which will repeat the last command but with sudo in front of it.

To add a user, use the following command. The -c option is a text string, which is typically used as the user’s full name. The -d option specifies the home directory for the new user. If it doesn’t exist, it will be created and populated from the files from the directory /etc/skel. Finally, the -s option specifies the shell to be used by the user. This is typically left blank which results in the default login shell being specified, but I want to disable login by the user. The last field is the username for the user you are creating.

useradd -c "John Doe" -d /home/john.doe -s /sbin/nologin john.doe

Once the user is created, you can assign their initial password using the command

passwd john.doe

Deleting a user is done with the following command.

userdel -r john.doe

Note that the -r option will only remove all the files in that user’s home directory and mail spool, all other files contained on the system will need to be searched for and deleted manually.

find / -user john.doe -print

Or to find all files owned by that particular user and change their ownership, you can use (replace new_owner and new_group the the username and group name you want to own the file)

find / -user john.doe -exec chown new_owner:new_group {} \:

Adding and deleting groups is much simpler. The first command adds a group, the second deletes it.

groupadd office.users
groupdel office.users

Once you have all your users and groups created in the system, you can add users to the appropriate groups. This will be important when using samba to share files over a network and assigning permissions, because when you don’t want the wrong people to have access to the wrong files. Example, the secretary at the front desk shouldn’t have access to the company accounting files. And the easiest way to arrange that is to only give access to the accounting files to the accounting group, a group which the secretary is not part of.

To assign our user, john.doe, to the group, office.users, use the following command

usermod -a -G office.users john.doe

Deleting a user from a group works a little differently, in that you do not actually delete the user from the group, but you overwrite the groups that the user belongs to with the new group(s). For example, say our user, john.doe, belongs to the groups office.users and accounting.users. To remove the user from the office.users group, you’d use the command

usermod -a -G accounting.users john.doe

To add the office.users group back and keep the user assigned to the accounting.users group, you’d use the command (note that there is no space between the comma separating the group names)

usermod -a -G office.users,accounting.users john.doe

To list all the users on your system, you simply cat the output from the file /etc/passwd, like so

cat /etc/passwd

To list all the groups on your system, you simply cat the output from the file /etc/group, like so

cat /etc/group

To list the groups that a user is currently assigned to, you can use either of the following commands

groups john.doe
-or-
id -nG john.doe

At this point, you should be able to set up all your users and groups (for your office, family, whatever). The next step will be to assign the appropriate permissions to the files that those users and groups should have access to, followed by setting up samba to allow network file sharing.

Tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

Protected by WP Anti Spam