Skip to main content

Creating and Managing Users and Groups on Linux

Hands-On Lab

 

Photo of Terrence Cox

Terrence Cox

Senior Vice President of Content

Length

02:00:00

Difficulty

Beginner

This lab will present you with tasks related to user and group management. You will be creating user accounts with specific characteristics and adding them to appropriate groups to support the scenario listed.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Creating and Managing Users and Groups on Linux

Introduction

This lab will present you with tasks related to user and group management. You will be creating user accounts with specific characteristics and adding them to appropriate groups to support the scenario listed.

In this lab, we will create a directory, a group for that directory, and a few users to place in that group.

Solution

Open a terminal window and log in to the server via SSH with the credentials provided:

ssh cloud_user@<PUBLIC IP ADDRESS>

Then, become root:

sudo -i

Create a Directory

  1. Create a directory:

    mkdir /mnt/reports
    ls -al /mnt/reports
  2. View the directory and its owners:

    ls -al /mnt

    The information that appears will have root as the owner, which we will later change to one of our users.

Add a Group

  1. Create a group named accounting:

    groupadd accounting
  2. View the group and make sure it was created:

    cat /etc/group | grep accounting

Add Users

  1. Create three users to add to our accounting group:

    useradd tomc
    useradd johns
    useradd brandy

Create Passwords for Users

  1. Create passwords for our newly created users (you can use the same one for each, and make sure they're ones you'll easily remember as we need them later too):

    passwd tomc
    passwd johns
    passwd brandy

Add Users to a Group

  1. Add the users to our accounting group:

    usermod -G accounting tomc
    usermod -G accounting johns
    usermod -G accounting brandy
  2. Make sure the users were entered into the group:

    cat /etc/group | grep accounting

Change Account Access

  1. Now, we want to make sure root still owns all of the files and the accounting group also has full access. We will also be giving our users read/write/execute abilities with 770 permission to reports:

    chown root:accounting /mnt/reports
    chmod 770 /mnt/reports
  2. Check the /mnt permissions.

    ls -al /mnt
  3. Test this configuration:

    ssh tomc@localhost
  4. Enter yes to confirm.

  5. Once you’ve confirmed you want to log in, enter the password you created for the user.

  6. Continue testing:

    cd /mnt/reports
  7. Create a .txt doc to test with for tomc:

    echo "my file" > johns.txt
    ll
  8. Create a second file to make sure you also have removal rights:

    echo "my file" > johns2.txt
  9. View file information:

    ll
  10. Remove the john2.txt file:

    rm johns2.txt
  11. Make sure it was removed:

    ll

Testing Permissions

To test that all permissions were set up correctly, we will need to log into a different user’s account. Do this by going to root with the exit command and then log in as brandy.

  1. Exit back to root:

    exit
  2. Log in as brandy:

    ssh brandy@localhost

    Enter the password you created earlier.

  3. Create a file and then see if it appears in the directory with the john.txt file we created earlier:

    cd /mnt/reports
    echo "my file" > brandy.txt
    ll

    We can view both files even though they are owned by different people.

  4. Try to view the contents of johns.txt:

    cat johns.txt

    The myfile response lets us know the file will act as if we own it since we are in the same group as tomc.

  5. Try to remove the file as brandy:

    rm johns.txt

    We will get a warning since brandy is not the actual file owner.

  6. Enter y to remove the file, and then check that it was removed:

    ll
  7. Remove brandy.txt, which will not prompt us to remove it since we are the owner:

    rm brandy.txt
  8. Check that it was removed:

    ll

Conclusion

Now that you have completed this lab, you can create directories, groups, and users, and nest them together to share permissions. Congratulations on completing this lab!