deleting the user John, will not delete John's home folder – this is useful if you have certain data
retention policies that you must adhere to. It does, however, cause an issue if you have a new
member of the team called John – if you add that individual with the same username as was used
for the original John, they will have access to his home folder. To avoid this, you might want to
rename his folder, or create the user with a new user ID.
You can also lock a user account (sudo passwd -l username) or unlock a user account (sudo
passwd -u username).
You can also group users. This could be useful as you'd be able to add a user to the HR group &
assign system privileges to the users based on what group they're in. To do that, you'll first need to
create a group (sudo addgroup groupname) – you can, of course, always delete a group too (sudo
delgroup groupname).
To add a user to that group simply type sudo adduser username groupname.
Making user management easier
User management can be a bit of a drag through the command line. It's not the most intuitive
interface in the world and that can lead to mistakes. I recommend using a tool called Ajenti to
manage your user security & groups – it's worked nicely for me!
Profile security
When you create a new user, they will also have a home directory created for them (under
/home/username). This can cause problems as those folders are created with global read and write
capability. That means that any user can look in any other users home folder.
In order to check the users home directory status, just type ls -ld /home/username into the terminal.
The output is likely to start with something like this: drwxr-xr-x. The three blocks of letters
determine the permissions that each user will have. The first block shows the permissions of the
directory owner, the second shows the permissions of the group and the final block shows the
permissions of all other users.
R = Read
W = Write
X = Execute
To remove the world readable syntax, simply type sudo chmod 0750 /home/username. This will
ensure that you're protecting both the parent and all sub directories.
That's great, you've controlled the access to your user file, but, this should never have been a
problem. The best thing you can do is edit the adduser global default permissions which are
applied when creating home folders. To do this, find the adduser.conf file located in the /etc/
directory.
Within this folder, modify the DIR_MODE variable to reflect the permissions that you want the
users to have. I find that this tool: http://permissions-calculator.org/ is extremely helpful when it
comes to finding out which permissions you want to give users.
You can now verify that your changes have worked. You can do this by typing in ls -ld
www.netshock.co.uk