Managing Ubuntu 11.04 Users and Groups
Previous | Table of Contents | Next |
Using gufw and ufw to Configure an Ubuntu 11.04 Firewall | Configuring Ubuntu 11.04 Remote Access using SSH |
Linux is a multi-user operating system. This means that more than one user can be actively logged and using the system at any one time. Obviously, it makes sense for each user to have their own user account and home directory, and for different users to have different privileges.
Users are further divided into groups for the purposes of easier administration and those groups can have different levels of privileges. For example, you may have a group of users working in the Accounting department. In such an environment you may wish to create an accounts group and assign all the Accounting department personnel to that group.
In this chapter we will cover the steps to add, remove and manage users and groups on an Ubuntu 11.04 system.
Adding a User to an Ubuntu System
There are two methods for adding new users to a system, one way is using the graphical User Settings tool and the other is to use the adduser command-line tool. In this section we will look at both approaches.
To add a new user to your Ubuntu system using the User Settings tool select the power button in the top right hand corner of the screen and choose System Settings from the resulting menu to launch the Control Center. Within the Control Center, choose Users and Groups from the System category. A dialog similar to the one shown below will appear:
The tool may also be launched by pressing Alt-F2 and entering users-admin into the Run a command text box.
To add a new user, click on the Add button. The Create new user dialog will appear ready to be filled in with the user name and full name of the new account:
Once the required information has been entered, click OK to create the new user account at which point the password configuration screen will appear:
Either enter a secure password (a minimum of 5 characters is required), or opt for the system to generate a random one on the new user’s behalf. As with all users, the option is also available to allow the user to log in into the system without entering a password. Click OK when these settings have been defined. Once the creation process is complete, the user will appear in the list on the main user settings dialog:
Adding a New User from the Command-line
As mentioned above it is also possible to add new users from the command-line. To do so, start a terminal window session and at the command prompt enter a command similar to:
sudo adduser --home /home/john john
The above command will prompt for a password for the account and optional contact information. Once the information has been gathered adduser creates the new account and the /home/john home directory. The adduser tool provides a number of different options, details of which can be learned by reviewing the adduser man page as follows:
man adduser
Modifying User Account Settings
Basic settings for the user (such as the user’s name and whether or not the user requires a password for access to the system) may be changed by clicking the Change... button next to the corresponding setting.
The Advanced Settings button provides access to a wider array of configuration options for the currently selected user account:
To define the privileges for this new user select the User Privileges tab of the dialog to display the privileges screen:
De-select any privileges you do not wish the new user to have. In particular you will want to ensure the user does not have Administration privilege unless the user is a trusted system administrator. To disable administration privileges, ensure that the Administer the system option is deselected (the default setting). The other default privileges are usually considered to be safe for the typical user.
The final screen allows Advanced settings to be defined. These include such issues as the home directory of the user (traditionally /home/<username>), the type of shell that is presented as the command line in a terminal window (Bash is usually the default and there is no reason to change this unless you specifically need a different shell), the group to which the user belongs and the user ID. Use the drop down group menu to change the user's group membership to a different group:
Deleting a User from an Ubuntu System
An existing user may be deleted using the same User settings dialog used to add a user as outlined above. Select the System desktop menu and choose Users and Groups from the Administration sub-menu to launch the User settings dialog.
Select the user to be deleted and click on Delete. A confirmation dialog will appear. If you wish to proceed, click on Delete in the confirmation dialog to commit the change.
Note that the deletion process will remove the account but leave the user's home directory intact. This will need to be deleted manually if it, and any files therein, are no longer required.
A user account may also be deleted from command-line using the deluser utility:
sudo deluser john
It is also possible to remove the user's home directory as part of the deletion process:
sudo deluser --remove-home john
Alternatively all files owned by the user, including those in the user's home directory may be removed as follows:
sudo deluser --remove-all-files john
The files in the user's home directory may also be backed up to another location before the directory is deleted using the --backup-to command-line option together with the path to the backup directory:
sudo deluser --backup-to /oldusers/backups/john --remove-home john
Adding a New Group to an Ubuntu System
All users are members of one or more groups. As an administrator it makes sense to organize users into logical groups. For example all sales people might belong to a sales group, whilst accounting staff might belong to the accounts group and so on. New groups are added either using the User Settings graphical tool, or by using the addgroup command-line tool. In this section we will look at both methods.
To administer the group settings click on the Manage Groups button in the main window of the User Settings tool. The Group settings dialog will appear, listing all the groups available on the system:
To add a new group click on the Add button and enter the name of the group you wish to add. Add the users that should belong to this group by checking the box next to each user name in the list. Click on OK to add the new group to the system.
Modifying an Ubuntu Group
To modify an Ubuntu user group, select the group to modify from the list of groups in the Group settings dialog (as outlined above) and click on Properties. The resulting Group properties dialog (shown below) allows basic settings such as the group ID, group name and group members to be changed.
To add a group from the command line, use the addgroup utility. For example:
sudo addgroup accounts
To add an existing user to an existing group:
sudo adduser john accounts
Deleting a Group from an Ubuntu System
A group may be deleted from a system using the delgroup utility:
sudo delgroup accounts
Note that if the group to be deleted is the primary group for any user it cannot be deleted. A group can be deleted only if it is empty using the following command:
sudo delgroup --only-if-empty accounts
To remove a user from membership of a group use the following command syntax:
sudo deluser john accounts
Previous | Table of Contents | Next |
Using gufw and ufw to Configure an Ubuntu 11.04 Firewall | Configuring Ubuntu 11.04 Remote Access using SSH |