Linux System Administration

0 of 77 lessons complete (0%)

Managing User Accounts

User Management and Shells

You don’t have access to this lesson

Please register or sign in to access the course content.

User Management & Shells

1. Shells

A shell is a command-line interpreter that provides a user interface for accessing the operating system’s services. It’s where you type commands that the kernel then executes. Different shells offer various features, scripting capabilities, and customization options.

Common Shells in Linux:

  • Bash (Bourne-Again SHell): The most common default shell in Linux distributions. It’s a powerful and feature-rich shell with command-line editing, history, aliases, and scripting capabilities.
  • Sh (Bourne Shell): An older, simpler shell. Bash is largely compatible with Sh.
  • Zsh (Z Shell): A highly customizable shell with advanced features like improved tab completion, theme support, and powerful globbing.
  • Csh (C Shell) / Tcsh (TENEX C Shell): Shells with a C-like syntax, often preferred by programmers.
  • Ksh (Korn Shell): A powerful shell that combines features of Bash and Csh.

How to check a user’s default shell:

The default shell for a user is specified in the last field of their entry in the /etc/passwd file.

Example:

To see your current shell:

$ echo $SHELL
/bin/bash

To see the default shell for a specific user (e.g., ‘john’):

$ grep ^john /etc/passwd
john:x:1001:1001:John Doe,,,:/home/john:/bin/bash

Here, /bin/bash is John’s default shell.

2. Restricted Shells

A restricted shell is a special type of shell designed to limit the commands and actions a user can perform. This is often used for security purposes, such as for FTP users, kiosk systems, or accounts that should only run specific applications.

Common Restrictions:

  • Cannot change directories (cd).
  • Cannot set or unset environment variables.
  • Cannot execute commands containing slashes (/), preventing execution of commands outside the user’s PATH or specific allowed directories.
  • Cannot redirect output using >, >>, <, etc.

Example:

The most common restricted shell is rbash (restricted bash), which is usually a hard link to bash or a symbolic link to /bin/bash invoked with the -r option.

To set a user's shell to rbash:

$ sudo usermod -s /bin/rbash newuser

When 'newuser' logs in, they will be in a restricted environment. For example, they might not be able to run cd / or execute commands like /bin/ls directly.

Another way to create a restricted environment is using tools like chroot or specialized applications that provide a jailed environment.

3. User Management Commands

Linux provides several command-line utilities for managing user and group accounts. These commands require root privileges (or sudo) to execute.

Key Commands:

CommandDescriptionExample
useraddCreates a new user account.sudo useradd -m newuser (creates user and home directory)
usermodModifies an existing user account.sudo usermod -aG sudo newuser (adds 'newuser' to 'sudo' group)
userdelDeletes a user account.sudo userdel -r olduser (deletes user and their home directory)
passwdSets or changes a user's password.sudo passwd newuser (prompts for new password for 'newuser')
groupaddCreates a new group.sudo groupadd developers
groupmodModifies an existing group.sudo groupmod -n devgroup developers (renames 'developers' to 'devgroup')
groupdelDeletes a group.sudo groupdel oldgroup
idDisplays user and group IDs for the current user or a specified user.id john
groupsDisplays the groups a user belongs to.groups john

Example Usage:

Creating a new user 'student' with a home directory and setting their password:

$ sudo useradd -m student
$ sudo passwd student

Adding 'student' to the 'teachers' group:

$ sudo usermod -aG teachers student

Deleting a user 'tempuser' and their home directory:

$ sudo userdel -r tempuser

4. Homes and Permissions

Every user account typically has a dedicated home directory (e.g., /home/username) where they store their personal files, documents, and configurations. Proper permissions on home directories are crucial for privacy and security.

Default Home Directory Permissions:

When a new user and their home directory are created, the default permissions are usually drwxr-xr-x (755). This means:

  • Owner (user): Read, Write, Execute (rwx) - The user can create, delete, and modify files within their home directory.
  • Group: Read, Execute (r-x) - Members of the user's primary group can read and traverse the directory, but not modify its contents.
  • Others: Read, Execute (r-x) - All other users can read and traverse the directory, but not modify its contents.

For stricter privacy, some systems might set home directory permissions to drwx------ (700), meaning only the owner has access.

Managing Permissions:

  • chmod: Changes file and directory permissions.
  • chown: Changes file and directory ownership.
  • chgrp: Changes file and directory group ownership.

Example:

Checking permissions of a home directory:

$ ls -ld /home/john
drwxr-xr-x 4 john john 4096 Jul 29 10:30 /home/john

Changing a file's permissions to be readable and writable only by the owner:

$ chmod 600 /home/john/private_doc.txt

Changing the owner of a file to 'admin':

$ sudo chown admin /path/to/file.txt

Changing the group owner of a file to 'developers':

$ sudo chgrp developers /path/to/project_file.txt