Linux is a multiuser and multitasking operating system, so basic user administration skills are a must. This recipe will show you how permissions for files and directories are structured, how to add and remove a user, how to change a user's password, and how to assign a user to a group.

The following series of steps shows useful commands for basic user administration activities:

1. Creating a user: Having one user configured for each individual using Linux is not just a best practice, it is also recommended. Creating a user is quite simple:

root@90f5b4545a54:~# adduser spacex --ingroup developers
Adding user `spacex' ...
Adding new user `spacex' (1001) with group `developers' ...
Creating home directory `/home/spacex' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for spacex
Enter the new value, or press ENTER for the default
Full Name []: Onorato
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y

The spacex user has been created and assigned to the existing developers group. To switch to the newly created user, log in using the new user's credentials:

root@90f5b4545a54:~# login spacex
Password:
Welcome to Ubuntu 19.04 (GNU/Linux 4.9.125-linuxkit x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
spacex@90f5b4545a54:~$

2. Updating a user's password: Periodically, the password must be changed. Here is the command to do this:

spacex@90f5b4545a54:~$ passwd
Changing password for spacex.
 Current password:
 New password:
 Retype new password:
 passwd: password updated successfully
 spacex@90f5b4545a54:~$

3. Assigning a user to a group: As shown, a user can be assigned to a group when created. Alternatively, a user can be assigned to a group at any time, by running the following command:

root@90f5b4545a54:~# usermod -a -G testers spacex
 here spacex is added to the testers group

4. Removing a user: Likewise, removing a user is pretty simple:

root@90f5b4545a54:~# userdel -r spacex
userdel: spacex mail spool (/var/mail/spacex) not found
root@90f5b4545a54:~#

The -r option indicates to remove the spacex home directory and mail spool.

5. Now, let's have a look at the final command, which shows a list of the groups to which the current user (spacex) belongs:

spacex@90f5b4545a54:~$ groups
 developers testers
 spacex@90f5b4545a54:~$

As you can see, the spacex user belongs to the developers and testers groups.

In step 1, we used the adduser command to add the spacex user and, contextually, added the user to the developers group.

Step 2 shows how to change the password of the current user. To change the password, the previous password must be provided. It is a good practice to change the password periodically.

If we want to assign a user to a group, it can be done with the usermod command. In step 3, we have added the spacex user to the testers group. The -a and -G parameters just indicate that the new groups (-G) will be appended to the current groups (-a) of the user. That is, the spacex user will be assigned to the testers group, which will be contextually created. The groups command, in the same step, shows which groups the current user belongs to. If you only want to create a group, then groupadd group-name is the command you need.

Step 4 shows how to remove a user with the userdel command, passing the -r parameter. This parameter ensures that all the files of the user we're removing will be deleted.

On a Linux filesystem, each file and directory has a set of information defining who can do what. The mechanism is simple, as well as powerful. The operations allowed on a file (or directory) are read, write, and execute (r, w, and x, respectively). These operations can be done by the owner of the file or directory, by a group of users, or by all users. Linux represents this information with Owner: rwx; Group: rwx; All Users: rwx; or, more simply: rwx-rwx-rwx (9 in total). Actually, Linux has one more flag on top of these ones that represents the type of file. It can be a folder (d), a symbolic link to another file (l), a regular file (-), a named pipe (p), a socket (s), a character device file (c), and a block device (b). Typical permissions for a file look like this:

root@90f5b4545a54:/# ls -l
 -rwxr-xr-x 1 root root 13 May 8 20:11 conf.json

Let's see this in detail:

• Reading from the left-hand side, the first character, -, informs us that conf.json is a regular file.
• The next three characters are about the current user, rwx. The user has full read (r), write (w), and execution (x) permissions over the file.
• The next three chars are about the group to which the user belongs, r-x. All the users belonging to the group can read and execute the file, but cannot modify it (w is not selected, marked as -).
• The last three characters are about all the other users, r-x. All other users can just read and execute the file (r and x are marked, but w is not).

The owner (or the root user) can change the permissions of the file. The easiest way to achieve this is through the chmod command:

 $ chmod g+w conf.json 

Here, we're asking the Linux kernel to add the write permission (w) to the group user type (g). The types of users are as follows: u (for user), o (for others), a (for all), and g (for group), and the permissions flag can be x, w, and r, as explained previously. chmod can also accept an integer:

 $ chmod 751 conf.json 

There is a binary-to-decimal conversion on permission flags for each group type, for example:
wxr: 111 = 7
w-r: 101 = 5
--r: 001 = 1

It could be a little cryptic at the beginning, but it is very practical and handy for everyday use.

The man pages are an infinite resource of information and should be the first thing you look at. Commands such as man groups, man userdel, or man adduser will help with this.