1. List, Add and Remove a User#
List all users:
Add a new user:
1
2
3
4
5
6
7
| # - `-m`: Creates the user's home directory.
# - `-s`: Specifies the user's login shell.
# - `-c`: Provides a comment, typically the user's full name.
useradd -m -s /bin/bash -c "<full-name>" <username>
# Set password after the user is created
passwd <username>
|
Remove an existing user:
Remove the user from the sudo or wheel group (if they were in) before deleting them:
1
2
| gpasswd -d <username> sudo
gpasswd -d <username> wheel
|
1
2
| # `-r`: Removes the user's home directory and mail spool.
userdel -r <username>
|
2. Change the Password of a User#
3. Superuser#
Grant write permission to /etc/sudoers:
There are four ways to make a user a superuser:
- Add
<username> ALL=(ALL:ALL) ALL to the end of the file /etc/sudoers. This allows the user to execute any command with prefix sudo after entering the password. - Add
<username> ALL=(ALL:ALL) NOPASSWD: ALL to the end of the file /etc/sudoers. This allows the user to execute any command with prefix sudo without entering the password. - Add
%<groupname> ALL=(ALL:ALL) ALL to the end of the file /etc/sudoers. This allows all users in the group to execute any command with prefix sudo after entering the password. - Add
%<groupname> ALL=(ALL:ALL) NOPASSWD: ALL to the end of the file /etc/sudoers. This allows all users in the group to execute any command with prefix sudo without entering the password.
Return the file /etc/sudoers to read-only mode:
4. User Groups#
List all user groups:
List the groups a user is in:
Create a new group:
Add a user to a group:
1
| gpasswd -a <username> <groupname>
|
Remove a user from a group:
1
| gpasswd -d <username> <groupname>
|
5. Onwership and Permission of Files and Directories#
To check the owership and the permission of a file or directory:
1
2
3
4
5
6
| # File:
ls -l <filename>
# Directory:
ls -ld <dirname>
# List all files including the hidden ones
ls -la
|
Output example:
1
2
3
4
5
6
| # Permision|*|owner|group|bytes| date |file/dirname
drwxr-xr-x 2 james james 4096 Dec 2 11:02 example-dir/
# *: Number of subdirectories.
# If file, usually starts at 1; Numbers higher than 1 indicate how many hard
# links point to this file.
# If directory, the minimum value is 2 ("." and "..").
|
To break down drwxr-xr-x:
1
2
3
4
5
6
7
| d | rwx | r-x | r-x
↓ ↓ ↓ ↓
| | | └── Others permissions (last 3 chars), 101=5
| | └──────── Group permissions (middle 3), 101=5
| └────────────── Owner permissions (first 3), 111=7
└────────────────── File type, d = directory; - = regular file; l = symbolic
link; b = block device; c = character device
|
To change the ownership:
1
2
| chown [-R] <user>:<group> <filename/dirname>
chown [-R] :<group> <filename/dirname>
|
To change the permission using numeric mode:
1
| chmod [-R] 764 <filename/dirname>
|
Where:
7=0b100+0b010+0b001, owner can Read Write Execute.6=0b100+0b010+0b000, group can Read Write.4=0b100+0b000+0b000, other can Read.
To change the permission using symbolic mode:
1
2
3
4
5
6
7
| chmod +r foldername # Add read for everyone
chmod a+r foldername # Add read for everyone
chmod u+r foldername # Add read for owner only
chmod g+r foldername # Add read for group only
chmod o+r foldername # Add read for others only
chmod a-rwx file # Remove all permissions from all
# ...
|
6. Shared Directory#
To create a shared directory for all users in the same group being able to create, modify, execute, and delete files:
Click to see file: create-shared-dir
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
| #!/bin/bash
set -e
# =============================================================================
# Script: create-shared-dir
# Description: Configures one or more directories to be shared with a specific
# group.
#
# It performs the following actions on each target directory:
# 1. Creates the directory if it doesn't exist.
# 2. Recursively sets the group ownership.
# 3. Sets permissions (group: rwx, others: none).
# 4. Sets the 'setgid' bit on subdirectories to enforce group inheritance.
# 5. Uses Access Control Lists (ACLs) to enforce permissions for new items.
#
# Usage:
# sudo create-shared-dir <shared_group> <dir1> [<dir2> ...]
#
# Example:
# sudo create-shared-dir developers /srv/data /home/shared/project
#
# =============================================================================
# --- Argument Parsing ---
SHARED_GROUP="$1"
shift # Shift arguments so $@ contains only the directories
TARGET_DIRS=("$@")
# --- Input Validation ---
if [ ${#TARGET_DIRS[@]} -eq 0 ] || [ "$1" == "-h" ] || [ "$1" == "--help" ]
then
echo "Usage: $0 <shared_group> <dir1> [<dir2> ...]"
echo "Example: $0 developers /var/www/project_a"
exit 1
fi
# --- Pre-flight Checks ---
# 1. Check for root privileges.
if [[ $EUID -ne 0 ]]; then
echo "Error: This script must be run as root (or with sudo)." >&2
exit 1
fi
# 2. Check if the specified group exists.
if ! getent group "$SHARED_GROUP" > /dev/null; then
echo "Error: Group '$SHARED_GROUP' does not exist." >&2
exit 1
fi
# --- Main Logic ---
echo "Configuring shared directories for group '$SHARED_GROUP'..."
for target_dir in "${TARGET_DIRS[@]}"; do
echo "--> Processing: $target_dir"
mkdir -p "$target_dir"
chgrp -R "$SHARED_GROUP" "$target_dir"
chmod -R g=rwX,o-rwx "$target_dir"
find "$target_dir" -type d -exec chmod g+s {} +
setfacl -R -m "g:$SHARED_GROUP:rwX" "$target_dir"
setfacl -R -d -m "g:$SHARED_GROUP:rwX" "$target_dir"
done
echo "Configuration complete."
exit 0
|
You may put the file to “/usr/local/bin/create-shared-dir”, and then change its mode with command:
1
| chmod +x /usr/local/bin/create-shared-dir
|
Then you can run the script with the desired parameters, for example:
1
| sudo create-shared-dir developers /srv/data /home/shared/project
|
Related Blogs#