Linux User and Group Management

Managing users and groups in Linux is crucial for system administration and DevOps, as it helps manage access control, file permissions, and process security. Here’s a guide on user and group management for DevOps engineers:

1. User Management

Creating a New User

• To create a new user, use the useradd command:

sudo useradd <username>

• After creating a user, set their password:

sudo passwd <username>

Creating a User with a Specific Home Directory

• You can specify the home directory with -d:

sudo useradd -d /home/<username> <username>

Adding a User with a Default Shell

• To set a specific shell, such as Bash, for the user:

sudo useradd -s /bin/bash <username>

Modifying a User

• To modify an existing user’s settings (e.g., home directory, shell):

sudo usermod -d /new/home/dir <username> sudo usermod -s /bin/zsh <username>

Deleting a User

• To delete a user:

sudo userdel <username>

• To delete the user along with their home directory:

sudo userdel -r <username>

User Information

• View user account information with:

id <username>

• View all users on the system:

cat /etc/passwd

2. Group Management

Creating a New Group

• Use groupadd to create a new group:

sudo groupadd <groupname>

Adding a User to a Group

• To add a user to a group:

sudo usermod -aG <groupname> <username>

• The -aG option appends the user to the group without removing them from other groups.

Changing a User’s Primary Group

• To change the primary group of a user:

sudo usermod -g <groupname> <username>

Removing a User from a Group

• Use the gpasswd command:

sudo gpasswd -d <username> <groupname>

Deleting a Group

• To delete a group:

sudo groupdel <groupname>

Viewing Group Information

• View all groups:

cat /etc/group

• View a user’s group membership:

groups <username>

3. Sudo Access for DevOps Engineers

As a DevOps engineer, you’ll often need to give users sudo (superuser) access.

Adding a User to the Sudoers File

• To give a user sudo privileges:

sudo usermod -aG sudo <username>

• Alternatively, you can directly edit the /etc/sudoers file:

sudo visudo

• Then add the line:

<username> ALL=(ALL:ALL) ALL

Granting Specific Permissions

• For more granular control, you can define specific commands a user is allowed to run:

<username> ALL=(ALL) NOPASSWD: /path/to/command

4. Best Practices for DevOps

• Use Groups for Permissions: Instead of assigning permissions directly to users, create groups (e.g., docker, jenkins, devops), and assign permissions to these groups.
• Minimal Privilege: Follow the principle of least privilege, providing users only the access necessary for their role.
• User Management Automation: For large-scale environments, use configuration management tools like Ansible or Terraform to automate user creation, management, and permissions.