The control of users and groups is a core element of Red Hat Enterprise Linux system administration.
Users can be either people, meaning accounts tied to physical users, or accounts which exist for specific applications to use.
Groups are logical expressions of organization, tying users together for a common purpose. Users within the same group can read, write, or execute files owned by the group.
Each user and group has a unique numerical identification number called a userid (UID) and a groupid (GID) respectively.
The user who creates a file is assigned as the owner and group owner. The file is also assigned separate read, write, and execute permissions for the owner, the group, and everyone else. The owner of a file can be changed only by the root user. The group to which a file belongs can be changed by root or by the owner of the file if the owner is part of the group being added to the file. Access permissions can be changed by both the root user and the owner of the file.
Red Hat Enterprise Linux supports access control lists (ACLs) for files and directories which allow permissions for specific users outside of the owner to be set. For more information about using ACLs, refer to the chapter titled Access Control Lists in the Red Hat Enterprise Linux System Administration Guide.
Proper management of users and groups, and effective management of file permissions are among the most important tasks a system administrator undertakes. For a detailed look at strategies for managing users and groups, refer to the chapter titled Managing User Accounts and Resource Access in the Red Hat Enterprise Linux Introduction to System Administration.
Managing users and groups can be a tedious task, but Red Hat Enterprise Linux provides tools and conventions to make their management easier.
The easiest way to manage users and groups is through the graphical application, User Manager (redhat-config-users). For more information on User Manager, refer to the chapter titled User and Group Configuration in the Red Hat Enterprise Linux System Administration Guide.
The following command line tools can also be used to manage users and groups:
useradd, usermod, and userdel — Industry-standard methods of adding, deleting and modifying user accounts.
groupadd, groupmod, and groupdel — Industry-standard methods of adding, deleting, and modifying user groups.
gpasswd — Industry-standard method of administering the /etc/group file.
pwck, grpck — Tools used for the verification of the password, group, and associated shadow files.
pwconv, pwunconv — Tools used for the conversion of passwords to shadow passwords and back to standard passwords.
For an overview of users and group management, refer to the Red Hat Enterprise Linux Introduction to System Administration. For a detailed look at command line tools for managing users and groups, see the chapter titled User and Group Configuration in the Red Hat Enterprise Linux System Administration Guide.