Chapter 4. Introduction to managing user and group accounts

The control of users and groups is a core element of Red Hat Enterprise Linux (RHEL) system administration.

4.1. Introduction to users and groups

Each RHEL user has distinct login credentials and can be assigned to various groups to customize their system privileges.

A user who creates a file is the owner of that file and the group owner of that file. The file is assigned separate read, write, and execute permissions for the owner, the group, and those outside that group. The file owner can be changed only by the root user. Access permissions to the file can be changed by both the root user and the file owner. A regular user can change group ownership of a file they own to a group of which they are a member of.

Each user is associated with a unique numerical identification number called user ID (UID). Each group is associated with a group ID (GID). Users within a group share the same permissions to read, write, and execute files owned by that group.

4.2. Configuring reserved user and group IDs

RHEL reserves user and group IDs below 1000 for system users and groups. You can find the reserved user and group IDs in the setup package. To view reserved user and group IDs, use:

cat /usr/share/doc/setup*/uidgid

It is recommended to assign IDs to the new users and groups starting at 5000, as the reserved range can increase in the future.

To make the IDs assigned to new users start at 5000 by default, modify the UID_MIN and GID_MIN parameters in the /etc/login.defs file.

Procedure

To modify make the IDs assigned to new users start at 5000 by default, use:

  1. Open the /etc/login.defs file in an editor of your choice.
  2. Find the lines that define the minimum value for automatic UID selection.

    # Min/max values for automatic uid selection in useradd
    #
    UID_MIN                  1000
  3. Modify the UID_MIN value to start at 5000.

    # Min/max values for automatic uid selection in useradd
    #
    UID_MIN                  5000
  4. Find the lines that define the minimum value for automatic GID selection.

    # Min/max values for automatic gid selection in groupadd
    #
    GID_MIN                  1000

Note that for users and groups created before you changed the UID_MIN and GID_MIN values, UIDs and GIDs still start at the default 1000.

Warning

Do not raise IDs reserved by the system above 1000 by changing SYS_UID_MAX to avoid conflict with systems that retain the 1000 limit.

4.3. User private groups

RHEL uses the user private group (UPG) system configuration, which makes UNIX groups easier to manage. A user private group is created whenever a new user is added to the system. The user private group has the same name as the user for which it was created and that user is the only member of the user private group.

UPGs simplify the collaboration on a project between multiple users. In addition, UPG system configuration makes it safe to set default permissions for a newly created file or directory, as it allows both the user, and the group this user is a part of, to make modifications to the file or directory.

A list of all groups is stored in the /etc/group configuration file.