Adding Users to Group (cont.)
Another way to add users as members of a group is to directly edit the /etc/group file.
To add users ahmed, karim and oracle as members of the dba group:
1. Open the /etc/group file for editing.
2. Go to the line starting with dba.
3. Press ‘A’ to append text to the end of the line.
4. Add the usernames separated by commas as shown in the figure below.
5. Save and exit the file.
Now, if you open the User Manager, you should see the three users next to the name of the dba group.
Note : –Â If the User Manager was already open, click the Refresh button from the toolbar to reload the window reflecting any new changes.
Adding New User to Existing Group(s)
To create a new user account and add it to one or more groups in one step, the same command useradd is used with the –G option:
useradd –G GROUP1[,GROUP2,…] USERNAME
Example
To create a user named salah, and make it member of the sales group:
To confirm the user has been created and made a member of the sales group, check the Groups tab of the User Manager tool:
Or using the id command:
Adding an Existing User to Existing Group(s)
To make an existing user member of one or more groups, the usermod command could be used:
Syntax
To set the group membership to one or more groups:
usermod –G GROUP1[,GROUP2,…] USERNAME
To append the user to the supplemental groups mentioned by the -G option without removing him/her from other groups:
usermod –aG GROUP1[,GROUP2,…] USERNAME
Example
Make the user oracle a member of the groups dba and oinstall.
The oracle user is already member of the dba group.
So, we need to append oracle to the oinstall group without removing it from the dba group. This should be done using the –aG options of the usermod command:
Now, check to verify that oracle has become a member of both groups:
Deleting a Group
To delete a group using the graphical method, open the User Manager tool, and switch to the Groups tab. Select the group to remove and then click the Delete button from the toolbar:
A dialog box is displayed asking you if you really want to remove the group:
Click Yes to confirm deletion, or No to cancel the operation.
Using the groupdel Command
To delete a group from the shell, use the groupdel command:
Syntax
usermod –aG GROUP1[,GROUP2,…] USERNAME
Example
Remove the dba group.
Miscellaneous Users and Groups Tasks
In this section, we are going to discuss some user-related exercises and their solutions.
Printing the Current Effective User
To print the user name associated with the current effective user ID, use the whoami command:
Printing Groups’ Memberships for a User
To print the groups a user is in, use the groups command.
Syntax
groups [USERNAME]...
Using the command without providing arguments prints the groups for the current effective user.
Examples
- To print the group membership for users ahmed and salah:
- To print the groups in which the current effective user is a member:
Printing User and Group Information for a User
To print the user and group IDs for a given user account, use the id command. Using the command without specifying an argument prints the info for the current effective user.
Examples
- To display the user ID and group IDs for the oracle user:
- To display the user ID and group IDs for the current user:
Preventing a User from Login to the System
There will be cases wherein you need to prevent a user from login to your system: either directly from the console, remotely using ssh, or even by su from another user to that user.
For this purpose, the /sbin/nologin executable was written. When set as the startup shell program for a user, the nologin utility politely refuses any login attempts using that user. This is usually done with services and daemons’ accounts. If you print the contents of the /etc/passwd file, you will notice that many accounts have been denied login by the /sbin/nologin program.
To set the startup program for a user to /sbin/nologin (instead of the default /bin/bash), this can be done using several methods:
- On user creation: using the –s option of the useradd command:
useradd –s /sbin/nologin john
- For an existing user account using the usermod command with –s option:
usermod –s /sbin/nologin leo
- For an existing user account by directly editing the /etc/passwd file:
Open the /etc/passwd file for editing and locate the line for the user you want to deny login. Go to the end of the line:
Replace the last field (that contains by default /bin/bash) with /sbin/nologin.
Save and exit the file. Now, if you try to login with alex or to switch to him, you shouldn’t be able to do:
- Using the Graphical Method.
In the User Manager, select the user account and open the properties dialog for it.
From the Login Shell dropdown box, choose /sbin/nologin and click OK.
Summary
- The group membership could be set and modified by directly editing the /etc/group file.
- A user account can be made member of one or more groups either at creation using the useradd command, or later using the usermod command. In either cases, the –G option will be the star of the operation.
- To delete a group, use the groupdel command.
- To print the current effective user, use the whoami command.
- To print the group membership for one or more users, use the groups command.
- To print the user ID and group IDs for a given user account, use the id command.
- To prevent a user from login to the system, set the startup program for that user to /sbin/nologin.
In this article, we have completed the topic of Users and Groups Management. So, that is it. In the next article, we will start a topic. See you.
