The Beginner’s Guide to Managing Users
and Groups in Linux
Ubuntu Linux uses groups to help you manage users, set permissions on those users, and even monitor how much time they are spending in front of the PC. Here’s a beginner’s guide to how it all works.
Users and Groups
Ubuntu is set up for a single person to use when you installed it in your system, but if more than one person will use the computer, it is best for each person to have their own user account. This way each person can have separate settings and documents, and files can be protected from being viewed by the other users on the same PC.
Normally Linux computers have two user accounts—your own user account, and the root account, which is the super user that can access everything on the PC, make system changes, and administer other users. Ubuntu works a little differently, though—you can’t login directly as root by default, and you use the sudo command to switch to root-level access when you need to make a change.
Linux stores a list of all users in the ‘/etc/groups’ file. You can run this command in the Terminal to to view and edit the groups and users in your system:
sudo vigr /etc/groups
Creating User Accounts
We recommend that you remove the “Administer System” privilege from other user accounts. This is to make sure that other users cannot easily change critical system settings that may jeopardize your Linux box.
Linux File and Folder Permissions
Reading from left to right, each item in the list means:
<permissions> 1 <file owner> <file group> <file size> <file date> <file name>
For instance, in the example showing a file named anki, the permissions are rwxr-xr-x, the file is owned by the root user and belongs to the root group, and it’s 159 bytes.
The permission flag has four components, the first character being the flag, usually used to indicate whether it’s a directory or a file—a directory would show a “d” and a regular file will show a “-“. The next 9 characters are broken up into sets of 3 characters, which indicate user, group, and everyone permissions.
<flag><user permissions><group permissions><everyone permissions>
In this particular example, we’ve got rwxr-xr-x, which can be broken up like this:
<flag><user permissions = rwx><group permissions = r-x><everyone permissions = r-x>
The permissions correspond to the following values:
r = read permission
w = write permission
x = execute permission
This means that for the file in question, everybody has read and execute permissions, but only root has access to write to the file.
Changing Group Ownership of Files and Directories
Anna is a 7th grader and her brother Peter just enrolled in a programming course in a university. Anna will be more interested to use the educational software for her
We can configure Anna’s and Peter’s access to these applications by assigning them to the appropriate groups from the “Manage Groups” module.
We should give the K-12 students the privileges to run the educational software.
Linux stores most of the executables under /usr/bin, for example, Linux stores Anki under /usr/bin/anki. If you’re not sure where a file is located, the which command is a
convenient way to find out the location from the terminal:
which anki
sudo chown :[group name] [files list]
You can also revoke the read and execute access from other user groups using the chmod
command.
sudo chown :[group name] [files list]
This command gives the member of K12 group access to Anki and Kig. We should restrict the access rights of the university group from Anki and Kig by removing the read and execute permission from the “Other” groups. The format of the command is:
The first command that we executed in the command line removes the read (r) and execute (x) privilege from the “Other” group. The “O” option indicates that we are modifying the access right of the Other group. The ‘-‘ option means that we want to remove certain file permissions specified in the parameters that follow the ‘-‘ option. The man page of chmod gives a detailed explanation of these options.
man chmod
Monitoring Computer Usage
Timekpr allows us to set give each user a limited amount of computing time, and you’ll need to add the following PPA to your software sources so that you can install Timekpr from the Ubuntu Software Center.
deb http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/timekpr-maintainers/ppa/ubuntu lucid main
Ubuntu Software Center is the easiest way to install Timekpr—just use the search box and it should come right up.