User and Group Management Linux 1
The Beginner’s Guide to Managing Users
and Groups in Linux
Ubuntu Linux uses groups to help you manage users, set permissions on those users, and
even monitor how much time they are spending in front of the PC. Here’s a beginner’s
guide to how it all works.
Users and Groups
Ubuntu is set up for a single person to use when you installed it in your system, but if
more than one person will use the computer, it is best for each person to have their own
user account. This way each person can have separate settings and documents, and files
can be protected from being viewed by the other users on the same PC.
Normally Linux computers have two user accounts—your own user account, and the root
account, which is the super user that can access everything on the PC, make system
changes, and administer other users. Ubuntu works a little differently, though—you can’t
login directly as root by default, and you use the sudo command to switch to root-level
access when you need to make a change.
Linux stores a list of all users in the ‘/etc/groups’ file. You can run this command in the
Terminal to to view and edit the groups and users in your system:
sudo vigr /etc/groups
Creating User Accounts
To create a new user, you can head to System –> Administration -> User and Groups, and
click the “Add” button to add a new user.
Give the appropriate name that identifies the other user and tick the “encrypt” checkbox
to secure their home folder.
Click the “Advanced Settings” button to configure the user’s privileges.
The user management module lists Anna’s privileges under the “User Privileges” tab.
We recommend that you remove the “Administer System” privilege from other user
accounts. This is to make sure that other users cannot easily change critical system
settings that may jeopardize your Linux box.
Linux File and Folder Permissions
Each file in Linux has a set of user and group permissions, and you can use the ls -l
command to show the full set of permissions and attributes from the terminal.
Reading from left to right, each item in the list means:
1
For instance, in the example showing a file named anki, the permissions are rwxr-xr-x,
the file is owned by the root user and belongs to the root group, and it’s 159 bytes.
The permission flag has four components, the first character being the flag, usually used
to indicate whether it’s a directory or a file—a directory would show a “d” and a regular
file will show a “-“. The next 9 characters are broken up into sets of 3 characters, which
indicate user, group, and everyone permissions.
In this particular example, we’ve got rwxr-xr-x, which can be broken up like this:
The permissions correspond to the following values:
r = read permission
w = write permission
x = execute permission
This means that for the file in question, everybody has read and execute permissions, but
only root has access to write to the file.
Changing Group Ownership of Files and Directories
Anna is a 7th grader and her brother Peter just enrolled in a programming course in a
university. Anna will be more interested to use the educational software for her
mathematics or geography homework, compared to Peter who is more interested to use
software development tools.
We can configure Anna’s and Peter’s access to these applications by assigning them to the
appropriate groups from the “Manage Groups” module.
Let’s create two user groups, a K-12 student group, a University student group, and
assign the appropriate user accounts to each group.
We should give the K-12 students the privileges to run the educational software.
Linux stores most of the executables under /usr/bin, for example, Linux stores Anki under
/usr/bin/anki. If you’re not sure where a file is located, the which command is a
convenient way to find out the location from the terminal:
which anki
Let’s assign Anki and Kig to the k12 group using the chown command, which uses the
following format:
sudo chown :[group name] [files list]
You can also revoke the read and execute access from other user groups using the chmod
command.
sudo chown :[group name] [files list]
This command gives the member of K12 group access to Anki and Kig. We should
restrict the access rights of the university group from Anki and Kig by removing the read
and execute permission from the “Other” groups. The format of the command is:
chmod [ugoa][+-=][rwxXst] fileORdirectoryName
The first command that we executed in the command line removes the read (r) and
execute (x) privilege from the “Other” group. The “O” option indicates that we are
modifying the access right of the Other group. The ‘-‘ option means that we want to
remove certain file permissions specified in the parameters that follow the ‘-‘ option. The
man page of chmod gives a detailed explanation of these options.
man chmod
Monitoring Computer Usage
Timekpr allows us to set give each user a limited amount of computing time, and you’ll
need to add the following PPA to your software sources so that you can install Timekpr
from the Ubuntu Software Center.
deb http://ppa.launchpad.net/timekprmaintainers/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/timekprmaintainers/ppa/ubuntu lucid main
Ubuntu Software Center is the easiest way to install Timekpr—just use the search box
and it should come right up.
Timekpr allows us to limit the computer usage time by a certain time frame on each day
of the month. For example, we can specify the computer time usage for 300 minutes on
Sunday and 60 minutes on Monday.
Timekpr will appear on the user’s task bar and lock the desktop when the computing time
of the user is up.
User and Groups is quite a big concept to cover within one article. Did
we miss something important ? Feel free to share some knowledge
with the other readers in the comments.
and Groups in Linux
Ubuntu Linux uses groups to help you manage users, set permissions on those users, and
even monitor how much time they are spending in front of the PC. Here’s a beginner’s
guide to how it all works.
Users and Groups
Ubuntu is set up for a single person to use when you installed it in your system, but if
more than one person will use the computer, it is best for each person to have their own
user account. This way each person can have separate settings and documents, and files
can be protected from being viewed by the other users on the same PC.
Normally Linux computers have two user accounts—your own user account, and the root
account, which is the super user that can access everything on the PC, make system
changes, and administer other users. Ubuntu works a little differently, though—you can’t
login directly as root by default, and you use the sudo command to switch to root-level
access when you need to make a change.
Linux stores a list of all users in the ‘/etc/groups’ file. You can run this command in the
Terminal to to view and edit the groups and users in your system:
sudo vigr /etc/groups
Creating User Accounts
To create a new user, you can head to System –> Administration -> User and Groups, and
click the “Add” button to add a new user.
Give the appropriate name that identifies the other user and tick the “encrypt” checkbox
to secure their home folder.
Click the “Advanced Settings” button to configure the user’s privileges.
The user management module lists Anna’s privileges under the “User Privileges” tab.
We recommend that you remove the “Administer System” privilege from other user
accounts. This is to make sure that other users cannot easily change critical system
settings that may jeopardize your Linux box.
Linux File and Folder Permissions
Each file in Linux has a set of user and group permissions, and you can use the ls -l
command to show the full set of permissions and attributes from the terminal.
Reading from left to right, each item in the list means:
1
For instance, in the example showing a file named anki, the permissions are rwxr-xr-x,
the file is owned by the root user and belongs to the root group, and it’s 159 bytes.
The permission flag has four components, the first character being the flag, usually used
to indicate whether it’s a directory or a file—a directory would show a “d” and a regular
file will show a “-“. The next 9 characters are broken up into sets of 3 characters, which
indicate user, group, and everyone permissions.
In this particular example, we’ve got rwxr-xr-x, which can be broken up like this:
The permissions correspond to the following values:
r = read permission
w = write permission
x = execute permission
This means that for the file in question, everybody has read and execute permissions, but
only root has access to write to the file.
Changing Group Ownership of Files and Directories
Anna is a 7th grader and her brother Peter just enrolled in a programming course in a
university. Anna will be more interested to use the educational software for her
mathematics or geography homework, compared to Peter who is more interested to use
software development tools.
We can configure Anna’s and Peter’s access to these applications by assigning them to the
appropriate groups from the “Manage Groups” module.
Let’s create two user groups, a K-12 student group, a University student group, and
assign the appropriate user accounts to each group.
We should give the K-12 students the privileges to run the educational software.
Linux stores most of the executables under /usr/bin, for example, Linux stores Anki under
/usr/bin/anki. If you’re not sure where a file is located, the which command is a
convenient way to find out the location from the terminal:
which anki
Let’s assign Anki and Kig to the k12 group using the chown command, which uses the
following format:
sudo chown :[group name] [files list]
You can also revoke the read and execute access from other user groups using the chmod
command.
sudo chown :[group name] [files list]
This command gives the member of K12 group access to Anki and Kig. We should
restrict the access rights of the university group from Anki and Kig by removing the read
and execute permission from the “Other” groups. The format of the command is:
chmod [ugoa][+-=][rwxXst] fileORdirectoryName
The first command that we executed in the command line removes the read (r) and
execute (x) privilege from the “Other” group. The “O” option indicates that we are
modifying the access right of the Other group. The ‘-‘ option means that we want to
remove certain file permissions specified in the parameters that follow the ‘-‘ option. The
man page of chmod gives a detailed explanation of these options.
man chmod
Monitoring Computer Usage
Timekpr allows us to set give each user a limited amount of computing time, and you’ll
need to add the following PPA to your software sources so that you can install Timekpr
from the Ubuntu Software Center.
deb http://ppa.launchpad.net/timekprmaintainers/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/timekprmaintainers/ppa/ubuntu lucid main
Ubuntu Software Center is the easiest way to install Timekpr—just use the search box
and it should come right up.
Timekpr allows us to limit the computer usage time by a certain time frame on each day
of the month. For example, we can specify the computer time usage for 300 minutes on
Sunday and 60 minutes on Monday.
Timekpr will appear on the user’s task bar and lock the desktop when the computing time
of the user is up.
User and Groups is quite a big concept to cover within one article. Did
we miss something important ? Feel free to share some knowledge
with the other readers in the comments.