Ever found yourself staring at a command line, needing to bring a new user into your Linux server's world, or perhaps needing to tidy things up? It's a common task, and thankfully, Linux offers a straightforward, albeit sometimes nuanced, way to manage users and their permissions.
Let's start with the basics: who's even logged in? A quick whoami will tell you your current username. If you're curious about who else is around or how they're connected, who and its various parameters (-a, -q, -u) can paint a picture of the active users on the system. It’s like peeking into a digital guest list.
When it's time to welcome someone new, you have a couple of main paths. The adduser command, often found on Debian-based systems like Ubuntu, is quite user-friendly. Think of it as a guided tour: it not only creates the user account but also sets up their home directory and prompts you to establish a password. It's a more interactive, program-like experience.
On the other hand, useradd is a bit more bare-bones. It's a command that does its job and returns, leaving you to handle the password setup separately with passwd. This approach is more akin to a direct instruction, common across many Linux distributions. The key difference is that useradd often creates an account that's initially locked until a password is set, making it secure by default.
Now, what about groups? These are like clubs for users, allowing you to manage permissions for multiple people at once. Commands like addgroup (or groupadd on other systems) let you create these new communities. You can then assign users to these groups using usermod, specifying which group they belong to. It's a powerful way to delegate access without micromanaging individual users.
When a user's tenure on the server comes to an end, or you simply need to clean house, deluser (or userdel) comes into play. A simple deluser username will remove the account. But here's a crucial detail: by default, this might leave behind the user's home directory. If you want a clean sweep, the --remove-home flag with deluser is your best friend, ensuring that both the account and its associated files vanish.
Beyond just creating and deleting, managing user accounts involves tweaking their permissions and details. The passwd command is your go-to for changing passwords, a fundamental security practice. For more in-depth modifications, usermod is the tool. It can rename users (though you'll need to manually adjust their home directory names), change their primary group, or add them to multiple supplementary groups. A word of caution with usermod -g or usermod -G: these can remove a user from their existing groups. To avoid this and simply add them to new ones, use the -a (append) flag with -G, like usermod -aG groupname username. This ensures they retain their existing memberships while gaining new ones.
Understanding file permissions is the final piece of the puzzle. You'll often see strings like -rw-r--r-- when you list files. The first character tells you if it's a file (-), a directory (d), or a link (l). The subsequent nine characters are broken into three sets of three: owner, group, and others. Each set represents read (r), write (w), and execute (x) permissions. The chmod command is your key to manipulating these. You can use symbolic notation (like u+x to add execute permission for the user) or numerical notation (where r=4, w=2, x=1, so 777 means full permissions for everyone, and 644 means owner can read/write, group and others can only read). For bulk changes, especially within directories, the -R (recursive) flag with chmod is invaluable.
Finally, chown allows you to change the owner of a file or directory, which is essential when transferring responsibility or cleaning up after user deletions. It's all about ensuring the right people have the right access, and no more.
