LECTURE NOTE: USER AND GROUP MANAGEMENT

Most operating systems have multi-user capabilities, several people may be logged in and
actively working on a given machine at the same time. Security-wise, it is never a good idea to
allow users to share the credentials of the same account. In fact, best practices dictate the use
of as many user accounts as people needing access to the machine. At the same time, it is to be
expected that two or more users may need to share access to certain system resources, such as
directories and files. This is where Users and Groups comes in. Users and Groups are Operating
System concepts for managing access and permission to system resource that can be employed
for security and organization of an Operating System by restricting different user’s scope of
action. User and group management is a fundamental responsibility in system administration. It
ensures the right people have access to the right resources and enforces security policies.
A user is an individual or process that interacts with the operating system. Every user have a
user account on the Operating System identified by a unique username and a user ID (UID). A
user account stores information about the user such as Login Credentials, Home Directory,
System Configurations, etc. User’s access to the resources is often associated with specific level
of privileges and permissions which determines what operation they can perform and what
resources they have access to.
There are different types of users classified on the basis how they are managed, whereas they
are broadly classified into:
1. Regular User: These are standard users who have limited access to system resources.
They can typically only access their own files and programs.
2. Super Users: Super Users have complete control over the system. Thus, they have
privileges to access and modify all files, resources and configurations on the system.
They are usually referred as Root User or Administrators. Because they can alter
privileges of all users and groups on the system.
3. System Users: These are typically special users created by the OS or applications for
running system processes and services such as nobody or daemon.
Groups are collections of users who share the same permissions or privileges. They allow
administrators to assign permissions to a group rather than to individual users. When users are
added to a group, they inherit the group’s permissions. This simplifies the management of
permissions for a large number of users. Like users, groups are also identified using Group ID.
There are primarily two types of groups:
1. Primary Group: Each user has a primary group, which is the default group for the user
and is often used for file ownership.
2. Supplementary Groups: These are additional groups that a user may belong to. A user
can be a member of multiple groups, and each group may have different access rights to
files and resources.
Permissions or Access Control
Permissions define what actions a user or group can perform on a file, directory, or resource. In
an Operating System, the permissions granted to users or groups usually include operations
such as-
1. Read (r): The ability to view or read the contents of a file or list the contents of a
directory.
2. Write (w): The ability to modify the contents of a file or add/remove files within a
directory.
3. Execute (x): The ability to run a file as a program or script. For directories, execute
permission allows users to enter the directory and access its contents.
Special Permissions
In some systems, there may be additional permissions, such as setuid, setgid, or sticky bits.
1. Setuid (Set User ID): When set on an executable file, this permission allows a user to run
the file with the privileges of the file’s owner (usually root), regardless of who executes
it.
2. Setgid (Set Group ID): When set on a file, this permission forces the file to run with the
group permissions of the group associated with the file, not the group of the user
running the file.
3. Sticky Bit: Typically used on directories, this permission ensures that only the file owner
or root can delete or rename files within the directory, even if other users have write
access to the directory.
In Linux and UNIX like operating systems, the permissions are usually assigned to owner, group
and other users.
1. Owner Permission: It defines what operations the owner or creator of the file or
directory can perform.
2. Group Permission: It defines what operation the member of a group can perform on a
file or directory.
3. Other Permission: It defines what operations other users can perform on a file or
directory.

Why Use Users and Groups?

1. Security: By separating users and defining different access levels, an Operating System
can restrict access to sensitive data and system resources, reducing the risk of
accidental or malicious misuse.
 2. Organization: Groups allow admins to categorize users based on their role in the
organization (e.g., developers, managers, support staff) and assign appropriate
permissions to each group.
3. Efficiency: Instead of modifying permissions for each user individually, system
administrators can adjust permissions for an entire group, simplifying system
management.

Super User Permissions

Adding a new user involves dealing with an account other than your own which requires super
user (aka root) privileges. The same applies to other user or group management tasks, such as
deleting an account, updating accounts, and creating and removing groups.
These operations are performed using the following commands:
1. adduser: add a user to the system.
2. userdel: delete a user account and related files.
3. addgroup: add a group to the system.
4. delgroup: remove a group from the system.
5. usermod: modify a user account.
6. chage: change user password expiry information.
7. sudo: run one or more commands as another user (typically with superuser
permissions).
8. Relevant files: /etc/passwd (user information), /etc/shadow (encrypted passwords),
/etc/group (group information) and /etc/sudoers (configuration for sudo).

Superuser permissions can be gained either by changing to the root user with the su command
or using sudo. The latter approach is used by default in Ubuntu and derivatives, and is preferred
over the former in other distributions as well. It is also important to note that, as opposed to
other Linux flavors, the user that is created when Ubuntu is first installed has superuser
privileges out-of-the-box.