Manage Local User and Group in Linux

Note

UID Ranges

Red Hat Enterprise Linux uses specific UID numbers and ranges of numbers for specific purposes.

  • UID 0 : The superuser (root) account UID.

  • UID 1-200 : System account UIDs that are statically assigned to system processes.

  • UID 201-999 : UIDs that are assigned to system processes that do not own files on this system. Software that requires an unprivileged UID is dynamically assigned a UID from this available pool.

  • UID 1000+ : The UID range to assign to regular, unprivileged users.

Implementation

Add User

[root@ip-172-31-17-9 ~]# useradd regi
[root@ip-172-31-17-9 ~]# cat /etc/passwd | grep regi
regi:x:1002:1004::/home/regi:/bin/bash

Add User with UID

[root@ip-172-31-17-9 ~]# useradd -u 1222 user02
[root@ip-172-31-17-9 ~]# cat /etc/passwd | grep user02
user02:x:1222:1222::/home/user02:/bin/bash

Check User ID

[root@ip-172-31-17-9 ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@ip-172-31-17-9 ~]# id regiapriandi
uid=1001(regiapriandi) gid=1001(regiapriandi) groups=1001(regiapriandi),1003(admin)

Delete User

[root@ip-172-31-17-9 ~]# userdel regi
[root@ip-172-31-17-9 ~]# cat /etc/passwd | grep regi

Add Password to User

[root@ip-172-31-17-9 ~]# passwd regiapriandi
Changing password for user regiapriandi.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Add Comments to User Account

[root@ip-172-31-17-9 ~]# usermod -c "Pemilik Server" regiapriandi
[root@ip-172-31-17-9 ~]# cat /etc/passwd | grep regi
regiapriandi:x:1001:1001:Pemilik Server:/home/regiapriandi:/bin/bash

Add Group with GID

[root@ip-172-31-17-9 ec2-user]# groupadd -g 12000 newgroup
[root@ip-172-31-17-9 ec2-user]# cat /etc/group | grep newgroup
newgroup:x:12000:

Add Group

The groupadd command creates groups. Without options, the groupadd command uses the next available GID from the range that the GID_MIN and GID_MAX variables specify in the /etc/login.defs file. By default, the command assigns a GID value that is greater than any other existing GIDs, even if a lower value becomes available.

[root@ip-172-31-17-9 ec2-user]# groupadd newgroup1
[root@ip-172-31-17-9 ec2-user]# cat /etc/group | grep newgroup1
newgroup1:x:12001:

Add System Group

The groupadd command -r option creates system groups. As with normal groups, system groups use a GID from the range of listed valid system GIDs in the /etc/login.defs file. The SYS_GID_MIN and SYS_GID_MAX configuration items in the /etc/login.defs file define the range of system GIDs.

[root@ip-172-31-17-9 ec2-user]# groupadd -r systemgroupregi
[root@ip-172-31-17-9 ec2-user]# cat /etc/group | grep systemgroup
systemgroupregi:x:989:

Modify Group

Example modify the name of group.

[root@ip-172-31-17-9 ec2-user]# groupmod -n systemgroup systemgroupregi
[root@ip-172-31-17-9 ec2-user]# cat /etc/group | grep systemgroup 
systemgroup:x:989:

Change Group Membership

The membership of a group is controlled with user management. Use the usermod -g command to change a user's primary group.

[root@ip-172-31-17-9 ec2-user]# id regiapriandi
uid=1001(regiapriandi) gid=1001(regiapriandi) groups=1001(regiapriandi),1003(admin)
[root@ip-172-31-17-9 ec2-user]# groupadd grupbaru
[root@ip-172-31-17-9 ec2-user]# usermod -g grupbaru regiapriandi
[root@ip-172-31-17-9 ec2-user]# id regiapriandi
uid=1001(regiapriandi) gid=12002(grupbaru) groups=12002(grupbaru),1003(admin)

Use the usermod -aG command to add a user to a supplementary group.

[root@ip-172-31-17-9 ec2-user]# groupadd grouptambahan
[root@ip-172-31-17-9 ec2-user]# id regiapriandi
uid=1001(regiapriandi) gid=12002(grupbaru) groups=12002(grupbaru),1003(admin)
[root@ip-172-31-17-9 ec2-user]# usermod -aG grouptambahan regiapriandi
[root@ip-172-31-17-9 ec2-user]# id regiapriandi
uid=1001(regiapriandi) gid=12002(grupbaru) groups=12002(grupbaru),1003(admin),12003(grouptambahan)

Delete Group

[root@ip-172-31-17-9 ec2-user]# groupdel grouptambahan