Users and permissions
Crowd control from the blank void of the dark terminal.
Typically most desktop Linux distros only create a single user during installation. But Linux is a multiuser system that can be used by multiple users at the same time (as we’ll learn later in the feature). There are a number of command-line tools that help you create and maintain users and groups, such as: $ useradd mayank $ passwd mayank
The first command creates a new user account called mayank that’s locked until you assign a password to it with the second command. When a new user account is created, Linux will also create a home directory for the account with the username, such as /home/mayank. The user account will have a bunch of hidden files that’ll provide the environment variables for the user’s session. The command also creates a group with the same name as the new user.
Once you’ve added an account, you can edit it with the usermod command. So for example, the command usermod --append --groups sudo,vboxusers mayank
adds the user mayank to the comma separated list of groups. If you issue this command without the --append option, the user will be added to the specified groups but removed from any other groups it already belongs to. A useful security option is to set an expiry date for an account. The command usermod --expiredate 2017-05-21 mayank will disable logins into the account post 21 May 2017. In the same vein, you can also delete a user account with the userdel command. For example, userdel --remove mayank will delete the mayank user along with its home directory and all the files residing within.
Change identities
As you get familiar with the command line utilities your distro has to offer you’ll often run into some that require superuser privileges. This is especially true of most commands that help carry out some administrative task. The two main commands that help you take on escalated identities are su and sudo . Some distros include one of the two commands while others include both.
The su command enables you to assume the identity of another user and gives you the option to either initiate a new shell session or only issue a single command as that user. The command su mayank will prompt you for the password for the mayank user and after successful authentication change the working environment from the existing user to that of the mayank user. If you don’t specify a username with the su command, it’ll assume you wish to log in as the superuser and prompt you for the password of the root user. Any command you enter now will run with the privileges of the root user. Type exit when you wish to terminate the session and return to your own shell.
It is also possible to execute a single command rather than starting a new interactive shell with the -c switch. For example, su -c "ls -l /root/" will first prompt you for the password of the root user and then run the command between the quotes with superuser privileges.
The sudo command, on the other hand, allows an administrator to set up a configuration file called /etc/ sudoers, and define specific commands that particular users are permitted to execute with superuser privileges. Another important difference is that the use of sudo doesn’t require access to the password of the root user and you instead authenticate using your own password. These differences make sudo the preferred mechanism of the two. So you can list the contents of the root directory with sudo ls -l /root/ after authenticating with the password for your account.