5 Jun 2013

An Introduction to Users and Groups in Ubuntu


This is a post you should read fully and understand before blindly following any commands as you can easily strip superuser access if you do not understand what you are doing. In fact, I recommend researching these topics outside of this post to get a better grasp of this area. You can learn more about any command by adding 'man' before it at the terminal. At the very least, ask questions!

Let's Begin

A UID is an entity that can possess ownership of files. A user is a human-readable format for a user id.

Users can belong to more than one supplementary group but each user must belong to one (and only one) primary group.

A group can have many users and group membership provides privileges to shares and resources to users of that group.

To add the user john:
$ sudo adduser john
Along with creating the user 'john', the group 'john' will be created as well.

To create the user john and place in the existing group teachers without creating the 'john' group, run:
$ sudo adduser john --ingroup teachers

To change a user's primary group, run the command:
$ sudo usermod -g group user

You can add the user john to the supplementary groups student and employee with:
$ sudo usermod -a -G student,employee john
Note: It is important to pay attention to two things. The -G switch is capital and there is no whitespace between group names. The command line interface (CLI) is very specific to capitalization and format so take care to always be precise.

Running the command without the -a switch will remove the user from any other groups. The -a switch allows you to retain the user's existing groups. Example: without -a, if the user was a member of the group 'teacher' before running the command, he will be removed from the teacher group after the command has successfully executed. That will be the case by running the command that changes the user's primary group. The problem is, if this is your user, you can strip away your superuser rights with that command, so make sure you test this on a non-production system first.

Check your users and ids

You can run $ id to print the logged in user's id and group membership on the screen. Optionally, you can specify which user to print by adding that user as a second argument to the id command.

Running id on my system, I get:
john@flare:~$ id
uid=1000(john) gid=1000(john) groups=1000(john),4(adm),27(sudo),30(dip),46(plugdev),118(lpadmin)

Let's understand the information we were returned:

My username is john and my userid is 1000. The primary group (gid) that I belong to is also known as john. My user also belongs to the secondary groups: adm, sudo, dip, and so on.

But what are the numbers beside the secondary groups? 
I'm glad you asked. The numbers are reserved id spaces. I use Ubuntu on my laptop. Ubuntu starts human user ids at 1000 (some other distros start at 500). The underlying idea is to give services enough id space to choose their own unique id without interfering with human user ids.

To take a more in-depth look at the users and their information on your system, head to the terminal and type (exit with CTRL+X):
$ nano /etc/passwd
$ nano /etc/group

Each is a text file on your system that your operating system uses to store a list of users and groups. In the group file, you may see your username appended to some of the lines, letting you know the user is a member of that group. In the passwd file, you'll see the username, userid, user's primary group, and the user's home directory.

For more information

To learn more about the command you wish to use (such as usermod), enter man usermod at the terminal to get the manual. If you are using an elevated (such as root) user, you can omit 'sudo' from the commands.

Coming up next: chmod and chown