User and Process Management

Understanding Users and Groups

Linux is a multi-user system. Its security model depends on defining users (individual accounts) and groups (collections of users) to control who can access and modify files, run programs, and use system resources.

Understanding how users and groups are managed is fundamental to system administration and security.

/etc/passwd

The /etc/passwd file is a plain text file that lists all user accounts recognized by the system. It traditionally held user passwords in encrypted form, but for better security, this is no longer the case.

Each entry in /etc/passwd occupies one line and consists of seven colon-separated fields:

1. Username (Login Name): The user's login name, which must be unique. Login names cannot contain colons or newlines.
2. Password Placeholder: This field typically contains an x on Linux, indicating that the actual encrypted password is stored in the /etc/shadow file. Leaving this field empty creates a major security hole.
3. User ID (UID): The unique numeric identifier for the user.
4. Group ID (GID): The default GID for the user's primary group.
5. Comment (GECOS) Field: Can contain information such as the user's full name, office number, and phone numbers. The chfn command allows users to modify this information.
6. Home Directory: The absolute path to the user's home directory where personal files are stored.
7. Login Shell: The program that runs when the user logs in (e.g., /bin/bash). Users can change their shell using the chsh command.

Important: Directly editing the /etc/passwd file is not recommended. Instead, use user management commands such as useradd, usermod, userdel, or tools like vipw for safe editing.

/etc/group

The /etc/group file defines UNIX groups and lists their members. It helps manage permissions for multiple users collectively.

Each entry in /etc/group occupies one line and consists of four colon-separated fields:

1. Group Name: The unique name of the group.
2. Password Placeholder: Often contains an x, indicating that the actual group password is stored in /etc/gshadow. Group passwords are rarely used.
3. Group ID (GID): The unique numeric identifier for the group.
4. Members List: A comma-separated list of user login names that belong to the group.

/etc/shadow

The /etc/shadow file stores encrypted passwords and password aging information. Access to this file is restricted to the root user, which improves system security.

Each entry in /etc/shadow contains nine colon-separated fields:

1. Login Name: The username corresponding to the entry in /etc/passwd.
2. Encrypted Password: The hashed password. Various encryption algorithms are supported such as MD5, Blowfish, and SHA256.
3. Date of Last Password Change: Number of days since January 1, 1970 when the password was last changed.
4. Minimum Days Between Password Changes: Minimum number of days before a user can change the password again.
5. Maximum Days Between Password Changes: Maximum allowed days before a password must be changed.
6. Warning Period: Number of days before password expiration that a warning is given.
7. Inactivity Period: Number of days after password expiration before the account becomes disabled.
8. Account Expiration Date: Date on which the account will expire. If empty, the account never expires.
9. Reserved Field: Currently unused on Linux systems.

User Management Commands

Now that you understand the configuration files (/etc/passwd, /etc/group, /etc/shadow), it's time to learn the commands used to modify them. These commands are the tools for creating users, changing permissions, and performing administrative tasks.

A Word of Caution: These commands can significantly change your system's security and functionality. Always use them carefully.

1. sudo (SuperUser DO)

The sudo command provides a controlled way for ordinary users to execute commands with root-level administrative access for specific tasks.

Purpose and Usage

• Allows users to perform administrative operations without logging in as root.
• Commands are executed by prefixing them with sudo.
• Typically asks for the user's own password, not the root password.

# Basic syntax
sudo [command]

# Update package list
sudo apt update

# Edit system configuration file
sudo nano /etc/hosts

# View protected shadow file
sudo less /etc/shadow

# Run a command as another user
sudo -u www-data whoami

2. su (Substitute User)

The su command allows a user to temporarily switch to another user's identity during the same login session.

Purpose and Usage

• Commonly used to switch to the root user.
• Prompts for the target user's password (usually root).
• The new shell continues until the user exits using exit or CTRL+D.
• The - option starts a full login shell and loads environment variables.

# Switch to root user
su -

# Switch to another user
su - alice

3. useradd (Create User Account)

The useradd command is used to create new user accounts on a Linux system.

Purpose and Usage

• Creates a new login name.
• Optionally creates a home directory.
• Allows specifying UID, shell, and user description.

# Basic syntax
sudo useradd [options] username

# Create a user with home directory and bash shell
sudo useradd -m -s /bin/bash alice

# Create user with specific UID and comment
sudo useradd -m -u 1501 -c "Alice Smith" -s /bin/bash alice

• -m : Creates the user's home directory.
• -s : Sets the user's login shell.
• -c : Adds a comment (usually full name).
• -u : Specifies a custom UID.

4. usermod (User Modifier)

The usermod command is used to modify properties of an existing user account.

# Basic syntax
sudo usermod [options] username

# Add user to 'sudo' group
sudo usermod -aG sudo alice

# Change primary group
sudo usermod -g developers alice

# Change home directory
sudo usermod -d /new/home/alice -m alice

# Change login shell
sudo usermod -s /bin/zsh alice

# Lock account
sudo usermod -L alice

# Unlock account
sudo usermod -U alice

Important: The -aG option appends a user to a group without removing them from existing groups. Forgetting -a will remove the user from other groups.

5. passwd (Change Password)

The passwd command is used to set or change a user's password.

Purpose and Usage

• Users can change their own passwords.
• The root user can change any user's password.
• The command usually asks for the old password and then the new password twice.

# Change your own password
passwd

# Change password for another user
sudo passwd alice

# Lock a user account
sudo passwd -l alice

# Unlock a user account
sudo passwd -u alice

# Force password change at next login
sudo passwd --expire alice

Viewing and Managing Processes

A process is a running instance of a program with its own allocation of system resources such as memory and CPU time. A service (or daemon) is a special type of process that runs in the background, usually starting at boot and providing functionality to other programs (for example, web servers, schedulers, or databases).

Understanding how to view and control processes is essential for system administration, troubleshooting, and system optimization.

Viewing Processes

1. ps (Process Status)

The ps command provides a snapshot of current processes at the moment the command is executed.

Basic Usage and Options

• By default, ps shows processes associated only with the current terminal session.
• The x option displays all processes owned by the user, even those not controlled by a terminal.
• The aux option shows comprehensive information about processes belonging to every user.
• The output can be very long, so it is often piped to less for easier viewing.

Key Output Fields

• PID: Unique Process ID assigned by the kernel.
• PPID: Parent Process ID.
• TTY: Terminal controlling the process. A ? means no controlling terminal.
• TIME: CPU time used by the process.
• CMD: Command or process name.
• USER: Username of the process owner.
• %CPU: CPU usage percentage.
• %MEM: Memory usage percentage.
• VSZ: Virtual memory size.
• RSS: Physical RAM used by the process.
• STAT: Current process state.

Common Process States

• R – Running or ready to run.
• S – Sleeping, waiting for an event.
• D – Waiting for I/O.
• T – Stopped.
• Z – Zombie process.
• < – High priority process.
• N – Low priority process.

# Show processes for the current terminal
ps

# Show processes for the current user
ps -u $USER

# Show all processes on the system
ps aux

# Show processes in a tree (parent-child relationship)
ps auxf

2. top (Display Tasks Dynamically)

The top command provides a real-time, continuously updating display of system processes.

It shows a system summary at the top and a table of processes sorted by CPU usage.

# Start top
top

3. htop (Interactive Process Viewer)

htop is a modern and user-friendly alternative to top. It is not always installed by default but can be installed using:

sudo apt install htop

Advantages of htop

• Full-color output.
• Vertical and horizontal scrolling.
• Easily kill processes using function keys (F9).
• Mouse support.
• Tree view of processes.

# Start htop
htop

Managing Processes (Controlling Processes)

1. kill (Terminate Processes)

The kill command is used to send signals to processes.

The default signal is SIGTERM, which asks the process to terminate gracefully. The stronger signal SIGKILL forcefully stops the process.

# Basic syntax
kill [signal] PID

# Gracefully stop process
kill 1234

# Forcefully kill process
kill -9 1234

2. systemctl (Controlling System Services)

systemctl is the main tool used to manage system services (daemons) in modern Linux distributions using systemd.

# Basic syntax
sudo systemctl action service_name

# Check status of SSH service
systemctl status ssh

# Start a service
sudo systemctl start nginx

# Stop a service
sudo systemctl stop nginx

# Restart a service
sudo systemctl restart nginx

# Reload configuration without restarting
sudo systemctl reload nginx

# Enable service at boot
sudo systemctl enable nginx

# Disable service at boot
sudo systemctl disable nginx