Course Content
Lessons & Practice
0/18
Brief History & Core Concepts
Practice — Brief History & Core Concepts
00:15:00
System Access & Basic Navigation
Practice — System Access & Basic Navigation
00:15:00
Essential File Operations
Practice — Essential File Operations
00:15:00
User Environment & Shell Basics
Practice — User Environment & Shell Basics
00:15:00
User & Group Management
Practice — User & Group Management
00:15:00
Package & Software Management
Practice — Package & Software Management
00:15:00
Process Management
Practice — Process Management
00:15:00
Storage Fundamentals
Practice — Storage Fundamentals
00:15:00
Networking Fundamentals
Practice — Networking Fundamentals
00:15:00
Certification Exams
0/10
Practice Exam 1 — Core Concepts & the Shell
00:25:00
Practice Exam 2 — System Access & Navigation
00:25:00
Practice Exam 3 — File & Directory Operations
00:25:00
Practice Exam 4 — Viewing, Searching & Editing Text
00:25:00
Practice Exam 5 — Permissions & Ownership
00:25:00
Practice Exam 6 — Users, Groups & sudo
00:25:00
Practice Exam 7 — Package & Software Management
00:25:00
Practice Exam 8 — Processes & System Basics
00:25:00
Practice Exam 9 — Storage & Networking Foundations
00:25:00
Certification Exam
00:25:00
Practical Professional Linux — Foundation

Chapter 5 · Skill Level: Foundation

User & Group Management

Manage accounts, groups, and privilege the way multi-user systems require.

Linux is inherently multi-user. Correctly managing accounts, group membership, and privilege escalation is foundational to security and is heavily tested in certification.

By the end of this chapter you will be able to

  • Create, modify, and remove user accounts.
  • Explain the roles of /etc/passwd, /etc/shadow, and /etc/group.
  • Manage group membership for shared access.
  • Configure sudo privileges using sudoers drop-ins.
  • Apply setgid to build a shared collaboration directory.

5.1 Accounts and Their Files

Every account has an entry in /etc/passwd (readable by all) while password hashes live in /etc/shadow (readable only by root).

Reading /etc/passwd
# One line per account:
cat /etc/passwd | head -3
# josephine:x:1000:1000:Josephine:/home/josephine:/bin/bash
#   name   :x: uid: gid:comment: home dir       : login shell

5.2 Creating and Removing Users

On Debian/Ubuntu, adduser is the friendly interactive tool; useradd is the lower-level command used everywhere (and on RHEL-family).

User lifecycle
# Debian/Ubuntu (interactive, creates home + prompts for password):
sudo adduser maria
 
# Portable / scripted form:
sudo useradd -m -s /bin/bash maria
sudo passwd maria
 
# Remove a user and their home directory:
sudo userdel -r maria

5.3 Groups

A group lets several users share access to the same files. Each user has one primary group and any number of supplementary groups.

Managing group membership
sudo groupadd developers          # create a group
sudo usermod -aG developers maria # add maria (note -aG: append!)
groups maria                      # list her groups
id maria                          # uid, gid, and all groups

5.4 Privilege with sudo

Rather than sharing the root password, you grant specific users admin rights through sudo. On Ubuntu that means the sudo group; on RHEL-family, the wheel group.

Granting admin rights
sudo usermod -aG sudo maria    # Ubuntu
# sudo usermod -aG wheel maria # Rocky/Alma/RHEL
 
# Grant only specific commands (safer) via a drop-in:
sudo visudo -f /etc/sudoers.d/maria
# maria ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart nginx

5.5 Shared Collaboration Directory

A classic real task: a folder where everyone in a group can read and write each other’s files. The setgid bit makes new files inherit the group automatically.

Shared group directory with setgid
sudo mkdir -p /srv/team
sudo chgrp developers /srv/team
sudo chmod 2775 /srv/team   # the leading 2 = setgid
# Now files created inside belong to 'developers' automatically

5.6 Guided Lab: Account & Group Administration

Estimated time: 25 minutes. Create a user and a group, grant scoped admin rights, and build a shared directory.

  • Create a group: sudo groupadd devs.
  • Create a user with a home and bash shell: sudo useradd -m -s /bin/bash sam, then set a password with sudo passwd sam.
  • Add sam to devs: sudo usermod -aG devs sam, then confirm with id sam.
  • Create a shared folder /srv/devs, set its group to devs, and apply setgid (chmod 2775).
  • Create a file inside it as sam and check (ls -l) that it belongs to the devs group.
  • Remove the practice user cleanly: sudo userdel -r sam.

Troubleshooting

Symptom Likely cause and fix
New user can’t sudo They’re not in the sudo (Ubuntu) or wheel (RHEL) group, or you used -G instead of -aG and wiped it. Re-add with usermod -aG sudo user.
‘user is currently used by process’ on userdel They have running processes or are logged in. End their sessions/processes first, then delete.
Files in shared folder have wrong group setgid not set. Apply chmod 2775 to the directory; existing files may need chgrp -R.
Forgot a user’s password As admin: sudo passwd username sets a new one (you can’t recover the old hash).

Practice & Prove It

Write-the-command drills

  • Create a user ‘lee’ with a home directory and bash as the login shell.
  • Add lee to the existing group ‘staff’ without removing other memberships.
  • Show lee’s UID, GID, and group memberships.
  • Give lee sudo rights on Ubuntu.
  • Create a group ‘qa’ and a setgid shared directory /srv/qa owned by it.

Quick quiz

  • Which file stores password hashes?
  • What’s the danger of usermod -G (without -a)?
  • Which group grants sudo on Ubuntu vs RHEL?
  • What does the setgid bit do on a directory?
  • Which command removes a user and their home folder?

Key Takeaways

  • Accounts live in /etc/passwd; hashes in root-only /etc/shadow — never edit these by hand.
  • Use useradd/adduser, passwd, and userdel -r for the account lifecycle.
  • Groups share access; always append membership with usermod -aG.
  • Grant admin rights via sudo (and scoped sudoers drop-ins), never by sharing root.
  • setgid (chmod 2xxx) builds shared directories where files inherit the group.

Next — Chapter 6: package and software management across distribution families.

Previous
Next