User & Group Management

🚀 Linux User Management (Advanced & Real-World Scenarios)

This guide covers: ✅ User creation, management & permissions ✅ SSH access control ✅ File permissions & access restrictions ✅ Monitoring user activity ✅ Flags & options for commands

🔹 Real-World Enterprise Scenario

Imagine a company where multiple teams (Admins, Developers, Read-Only Users) access a single Linux server.

Role

Access Level

Admin

Full root access (sudo), can manage users

Developer

Can modify project files but not system settings

Read-Only

Can view logs but cannot modify files

🔹 Step 1: Creating Users & Assigning Groups

1.1 Adding Users with Flags

🔹 Create an Admin user (john) with a home directory:

sudo useradd -m -s /bin/bash john

🛠️ Breakdown of Flags:

-m → Creates a home directory (/home/john)
-s /bin/bash → Sets Bash shell for the user

✅ Common Issue: User can't login Solution: Set a password

sudo passwd john

🔹 Create a Developer (alice):

sudo useradd -m -s /bin/bash alice

🔹 Create a Read-Only User (bob):

sudo useradd -m -s /bin/bash bob

1.2 Creating & Managing Groups

🔹 Create role-based access groups:

sudo groupadd admins
sudo groupadd developers
sudo groupadd readonly

🔹 Add users to their respective groups:

sudo usermod -aG admins john
sudo usermod -aG developers alice
sudo usermod -aG readonly bob

🔹 Check a user's groups:

groups john

✅ Common Issue: User permissions not working 🔹 Reapply group permissions & restart session:

newgrp developers  # Apply group change immediately

🔹 Step 2: Managing SSH Access

2.1 Restricting SSH Access by User Role

🔹 Allow only admins to SSH into the server: Edit SSH config:

sudo nano /etc/ssh/sshd_config

Add:

AllowGroups admins

Restart SSH service:

sudo systemctl restart sshd

✅ Common Issue: SSH Access Denied 🔹 Check SSH logs:

sudo tail -f /var/log/auth.log

2.2 Setting Up SSH Key Authentication

🔹 Generate SSH key on local machine:

ssh-keygen -t rsa -b 4096

🔹 Copy public key to server (alice user):

ssh-copy-id alice@server-ip

✅ Common Issue: SSH Permission Denied 🔹 Ensure correct permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

🔹 Step 3: Managing File Permissions & Access Control

3.1 Setting Up Role-Based Access for Shared Directory

🔹 Create a project folder for Developers (/opt/project)

sudo mkdir /opt/project
sudo chown :developers /opt/project
sudo chmod 770 /opt/project

🛠️ Breakdown of Permissions:

770 → Developers can read/write, others no access
chown :developers → Assigns group ownership

🔹 Grant Read-Only Users (bob) access to logs only:

sudo setfacl -m g:readonly:rx /var/log

✅ Common Issue: Developers can't modify files 🔹 Check file ownership:

ls -ld /opt/project

🔹 Step 4: Monitoring & Restricting Users

🔹 See currently logged-in users:

who

🔹 Check login history:

last

✅ Common Issue: Unauthorized login attempts 🔹 Monitor failed login attempts:

sudo grep "Failed password" /var/log/auth.log

4.2 Restricting User Access

🔹 Lock a user account (bob) temporarily:

sudo passwd -l bob

🔹 Disable interactive login for a user:

sudo usermod -s /sbin/nologin bob

🔹 Delete a user (bob) completely:

sudo userdel -r bob

✅ Common Issue: User Cannot Login After Reset 🔹 Re-enable account and reset password:

sudo passwd -u bob
sudo passwd bob

🚀 Enterprise Setup Summary

✔ Admins (john) → Full sudo access ✔ Developers (alice) → Modify project files ✔ Read-Only (bob) → View logs but no changes ✔ SSH restricted to Admins only ✔ Shared directory with correct permissions ✔ Monitoring & restricting user access

Next: Do you want to automate user management using Ansible or Bash scripts? 🚀

PreviousService & Process Management NextFile and Dir Permission

Last updated 11 months ago

hashtag🚀 Linux User Management (Advanced & Real-World Scenarios)

hashtag🔹 Real-World Enterprise Scenario

hashtag🔹 Step 1: Creating Users & Assigning Groups

hashtag1.1 Adding Users with Flags

hashtag1.2 Creating & Managing Groups

hashtag🔹 Step 2: Managing SSH Access

hashtag2.1 Restricting SSH Access by User Role

hashtag2.2 Setting Up SSH Key Authentication

hashtag🔹 Step 3: Managing File Permissions & Access Control

hashtag3.1 Setting Up Role-Based Access for Shared Directory

hashtag🔹 Step 4: Monitoring & Restricting Users

hashtag4.1 Checking Active Users & Login History

hashtag4.2 Restricting User Access

hashtag🚀 Enterprise Setup Summary

hashtagNext: Do you want to automate user management using Ansible or Bash scripts? 🚀