Chapter 16. Introduction to managing user and group accounts
The control of users and groups is a core element of Red Hat Enterprise Linux (RHEL) system administration. Each RHEL user has distinct login credentials and can be assigned to various groups to customize their system privileges.
16.1. Introduction to users and groups
A user who creates a file is the owner of that file and the group owner of that file. The file is assigned separate read, write, and execute permissions for the owner, the group, and those outside that group. The file owner can be changed only by the
root user. Access permissions to the file can be changed by both the
root user and the file owner. A regular user can change group ownership of a file they own to a group of which they are a member of.
Each user is associated with a unique numerical identification number called user ID (UID). Each group is associated with a group ID (GID). Users within a group share the same permissions to read, write, and execute files owned by that group.
16.2. Configuring reserved user and group IDs
RHEL reserves user and group IDs below 1000 for system users and groups. You can find the reserved user and group IDs in the
setup package. To view reserved user and group IDs, use:
It is recommended to assign IDs to the new users and groups starting at 5000, as the reserved range can increase in the future.
To make the IDs assigned to new users start at 5000 by default, modify the
GID_MIN parameters in the
To modify and make the IDs assigned to new users start at 5000 by default:
/etc/login.defsfile in an editor of your choice.
Find the lines that define the minimum value for automatic UID selection.
# Min/max values for automatic uid selection in useradd # UID_MIN 1000
UID_MINvalue to start at 5000.
# Min/max values for automatic uid selection in useradd # UID_MIN 5000
Find the lines that define the minimum value for automatic GID selection.
# Min/max values for automatic gid selection in groupadd # GID_MIN 1000
GID_MINvalue to start at 5000.
# Min/max values for automatic gid selection in groupadd # GID_MIN 5000
The dynamically assigned UIDs and GIDs for the regular users now start at 5000.Note
The UID’s and GID’s of users and groups created before you changed the UID_MIN and GID_MIN values do not change.
This will allow new user’s group to have same 5000+ ID as UID and GID.Warning
Do not raise IDs reserved by the system above 1000 by changing
SYS_UID_MAXto avoid conflict with systems that retain the 1000 limit.
16.3. User private groups
RHEL uses the user private group (UPG) system configuration, which makes UNIX groups easier to manage. A user private group is created whenever a new user is added to the system. The user private group has the same name as the user for which it was created and that user is the only member of the user private group.
UPGs simplify the collaboration on a project between multiple users. In addition, UPG system configuration makes it safe to set default permissions for a newly created file or directory, as it allows both the user, and the group this user is a part of, to make modifications to the file or directory.
A list of all groups is stored in the
/etc/group configuration file.