In Linux, managing users and groups is essential for maintaining system security and controlling access to resources. The su command allows you to switch to another user account, while commands like useradd and groupadd enable you to create new users and groups.

Understanding the su Command:

• The su command (switch user) allows you to temporarily become another user, typically the root user (superuser).

• Syntax: su [options] [username]

  • If no username is specified, it defaults to root.

  • su - or su -l creates a login shell for the target user, loading their environment variables.

• Example:

  • su (switches to the root user)

  • su john (switches to the user "john")

Creating New Users:

• The useradd command creates a new user account.

• Syntax: sudo useradd [options] username

• Common Options:

  • -m: Creates the user's home directory.

  • -s: Specifies the user's login shell.

  • -g: Specifies the user's primary group.

  • -G: Specifies additional groups the user belongs to.

• Example:

  • sudo useradd -m -s /bin/bash newuser (creates a user "newuser" with a home directory and Bash shell)

  • sudo passwd newuser (to set the password for newuser)

Creating New Groups:

• The groupadd command creates a new group.

• Syntax: sudo groupadd groupname

• Example:

  • sudo groupadd developers (creates a group named "developers")

  • sudo usermod -aG developers newuser (Adds newuser to the developers group.)

/etc/passwd and /etc/shadow Files:

• /etc/passwd:

  • Stores basic user account information, such as username, user ID (UID), group ID (GID), home directory, and login shell.

  • It is world-readable.

  • Each line represents a user account, with fields separated by colons.

• /etc/shadow:

  • Stores encrypted user passwords and password-related information.

  • It is readable only by the root user, enhancing security.

  • Each line corresponds to a user account, with fields separated by colons.

Example of /etc/passwd and /etc/shadow contents:

• /etc/passwd example line:

newuser:x:1001:1001:New User,,,:/home/newuser:/bin/bash

• /etc/shadow example line:

newuser:$6$randomsalt$hashedpassword:18999:0:99999:7:::

Important Security Considerations:

• Always use sudo when executing commands that require root privileges, rather than logging in as root directly.

• Use strong and unique passwords for all user accounts.

• Regularly review user and group permissions to ensure system security.

Example walkthrough:

1. Create a new group called testgroup:

sudo groupadd testgroup

1. Create a new user called testuser, assign it to the testgroup, create a home directory, and assign bash as its shell:

sudo useradd -m -g testgroup -s /bin/bash testuser

1. Set the password for testuser:

sudo passwd testuser

1. Switch to the testuser account:

su testuser

1. Return to the root user:

exit or su