SEARCH

How-To Geek

The Beginner’s Guide to Managing Users and Groups in Linux

image

Ubuntu Linux uses groups to help you manage users, set permissions on those users, and even monitor how much time they are spending in front of the PC. Here’s a beginner’s guide to how it all works.

Users and Groups

Ubuntu is set up for a single person to use when you installed it in your system, but if more than one person will use the computer, it is best for each person to have their own user account. This way each person can have separate settings and documents, and files can be protected from being viewed by the other users on the same PC.

Normally Linux computers have two user accounts—your own user account, and the root account, which is the super user that can access everything on the PC, make system changes, and administer other users. Ubuntu works a little differently, though—you can’t login directly as root by default, and you use the sudo command to switch to root-level access when you need to make a change.

Linux stores a list of all users in the ‘/etc/groups’ file. You can run this command in the Terminal to to view and edit the groups and users in your system:

sudo vigr /etc/groups

Creating User Accounts

To create a new user, you can head to System –> Administration -> User and Groups, and click the “Add” button to add a new user.

Give the appropriate name that identifies the other user and tick the “encrypt” checkbox to secure their home folder.

Click the “Advanced Settings” button to configure the user’s privileges.

The user management module lists Anna’s privileges under the “User Privileges” tab.

We recommend that you remove the “Administer System” privilege from other user accounts. This is to make sure that other users cannot easily change critical system settings that may jeopardize your Linux box.

Linux File and Folder Permissions

Each file in Linux has a set of user and group permissions, and you can use the ls -l command to show the full set of permissions and attributes from the terminal.

 

Reading from left to right, each item in the list means:

<permissions> 1 <file owner> <file group> <file size> <file date> <file name>

For instance, in the example showing a file named anki, the permissions are rwxr-xr-x, the file is owned by the root user and belongs to the root group, and it’s 159 bytes.

The permission flag has four components, the first character being the flag, usually used to indicate whether it’s a directory or a file—a directory would show a “d” and a regular file will show a “-“. The next 9 characters are broken up into sets of 3 characters, which indicate user, group, and everyone permissions.

<flag><user permissions><group permissions><everyone permissions>

In this particular example, we’ve got rwxr-xr-x, which can be broken up like this:

<flag><user permissions = rwx><group permissions = r-x><everyone permissions = r-x>

The permissions correspond to the following values:

  • r = read permission
  • w = write permission
  • x = execute permission

This means that for the file in question, everybody has read and execute permissions, but only root has access to write to the file.

Changing Group Ownership of Files and Directories

Anna is a 7th grader and her brother Peter just enrolled in a programming course in a university. Anna will be more interested to use the educational software for her mathematics or geography homework, compared to Peter who is more interested to use software development tools.

We can configure Anna’s and Peter’s access to these applications by assigning them to the appropriate groups from the “Manage Groups” module.

Let’s create two user groups, a K-12 student group, a University student group, and assign the appropriate user accounts to each group.

We should give the K-12 students the privileges to run the educational software.

Linux stores most of the executables under /usr/bin, for example, Linux stores Anki under /usr/bin/anki. If you’re not sure where a file is located, the which command is a convenient way to find out the location from the terminal:

which anki

Let’s assign Anki and Kig to the k12 group using the chown command, which uses the following format:

sudo chown :[group name] [files list]

You can also revoke the read and execute access from other user groups using the chmod command.

sudo chown :[group name] [files list]

This command gives the member of K12 group access to Anki and Kig. We should restrict the access rights of the university group from Anki and Kig by removing the read and execute permission from the “Other” groups. The format of the command is:

chmod [ugoa][+-=][rwxXst] fileORdirectoryName

The first command that we executed in the command line removes the read (r) and execute (x) privilege from the “Other” group. The “O” option indicates that we are modifying the access right of the Other group. The ‘-‘ option means that we want to remove certain file permissions specified in the parameters that follow the ‘-‘ option. The man page of chmod gives a detailed explanation of these options.

man chmod

Monitoring Computer Usage

Timekpr allows us to set give each user a limited amount of computing time, and you’ll need to add the following PPA to your software sources so that you can install Timekpr from the Ubuntu Software Center.

deb http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu lucid main

Ubuntu Software Center is the easiest way to install Timekpr—just use the search box and it should come right up.

Timekpr allows us to limit the computer usage time by a certain time frame on each day of the month. For example, we can specify the computer time usage for 300 minutes on Sunday and 60 minutes on Monday.

Timekpr will appear on the user’s task bar and lock the desktop when the computing time of the user is up.


User and Groups is quite a big concept to cover within one article. Did we miss something important ? Feel free to share some knowledge with the other readers in the comments.

Zainul spends his time trying to make technology more productive, whether it’s Microsoft Office applications, or learning to use web applications to save time.

  • Published 12/7/10

Comments (7)

  1. HCamper

    Good Article on adding,modify,permissions, users and groups.
    Cheers :).
    It might be good to have an article on removing ,modify, permissions, user and groups
    with methods to prevent loss of access to ( now removed user ) created programs or files.
    Just a an Idea to tackle.
    Martin :-)
    Windows and Linux can Work Together.

  2. Zainul Franciscus

    @HCamper, thank your for the nice words. We may put the topics that you suggested in a future article. :)

  3. asdf-chan

    The article is good but was a little short on chmod.

    3 values can be set by 3 (or 4 depends how you start counting) numeric values choosen by it’s default value or addition.
    There are 3 different kinds of permissions. First is for the owner, second the group, third others.
    The numeric values to define the permissions are 1 to execute, 2 for write acces, 4 for read access, or 0 for nothing. You can add those numeric values to your needs to define your users permission

    7 4 0
    owner group others

    sudo chmod 740 testfile.txt

    The owner can read, write and execute, group can only read and others don’t have permission.
    There is also the setuid, setguid and the stickybit which normal users actually never nead.

  4. Spydeyrch

    So I have a question. I have noticed that the default setting for new users created in ubuntu don’t have the ‘connect to wireless and ethernet networks’ and also the ‘use audio devices’ checked under the user privileges. Yet any new user can connect to the internet, either via wireless and/or ehternet. Also, sound comes out of the audio devices. Plus, if you un-check the ‘use cd-rom drives’, the new users can still use them.

    I would assume that if it isn’t checked, then the user can’t use them. So if the ‘connect to wireless and ethernet networks’ isn’t checked, then the user shouldn’t be able to use the wireless/ehternet NIC to connect to the network let alone the internet. Same goes with the CD-ROM drive. If it isn’t checked, then they shouldn’t be able to use it. Yet they still can.

    I have tested this several times. Perhaps not as in depth as is needed or required, but the outcome is always the same, when I set privileges, it doesn’t work. With the exception of the admin priv. They work just fine.

    Could anyone explain to me why certain things continue to work even after having unchecked the privilege for that user? Am I not understanding something or not configuring something correctly? Any tips/pointers would be helpful. Thanks!!

    -Spydey

  5. HCamper

    @Spydeyrch

    The problem your seeing with User permissions stems from group membership(s).
    You can set a default set of permissions for “Standard User” then add the “User” to
    a group who has greater permissions the default permissions has been overridden.

    Example: User has no cd rom permissions by default then add the user to CD ROM group or a program like “Amarok” music player(s) group.
    The default CD ROM group has permission(s) for CD ROM and DVD ROM devices. The “Amarock” player and group can access CD/ROM,DVD/ROM and USB/Pen Drive(s).

    The only way to get fine grained permissions is create a group with permissions desired.
    Remove User from all other groups and add them
    only too the group created with limited permission(s).
    It takes a bit of work to do this by hand as “Root”.
    I run “Open Suse” linux and the user management tools are GUI based and well designed.
    The details for creating/modifying users and groups are about 12 check boxes and done.
    General Note: Linux is not alone with having problems with permissions. Windows has
    many permissions quirks.

    Martin :-)

    Windows and Linux can Work Together

    .

  6. farhad

    Tanx a lot. This was a really great article. I looked after something like this for a long time. cheers :-)

  7. Emerson

    Thanks for putting this together.

    I find it hard to find good quality posts about Linux that don’t sound like a bad textbook from the 1960’s. Maybe I’m just looking in the wrong spots, maybe I’m not… either way, I’ve bookmarked this post for future reference.

Enter Your Email Here to Get Access for Free:

Go check your email!