Table of Contents
A fundamental part of system administration is configuring and managing users and groups. Part of this task involves monitoring the log in capabilities of all system entities.
In this tutorial, you will review the ideas behind user management and authentication logging.
We will be exploring these concepts on a Ubuntu 22.04 server, but you can follow along on any modern Linux distribution. You can set up a Ubuntu 22.04 server for this tutorial by following our guide to Initial Server Setup on Ubuntu 22.04.
Part one will cover how to view system users and find out who is logged into the system.
How To View Available Users #
Every user on a Linux system, whether created as an account for a real human being or associated with a particular service or system function, is stored in a file called
/etc/passwd file contains information about the users on the system. Each line describes a distinct user.
Have a look by using the
less command, so you can scroll through the entire file:
. . .
Each line is broken up into fields. These fields are delimited by the colon (:) character.
The only field that you need at the moment is the first one. Each is an independent username. When you are done using
q to quit.
You can get this list without wading through the entire “/etc/passwd” by using the
cut command to split on colon delimiters (
cut -d : -f 1 /etc/passwd
. . .
You probably recognize
root as the administrative user. Towards the end, you may see the user you are logged in as.
In between, you will probably see a number of other users whose usage seems at least somewhat clear. For instance,
www-data is configured as the owner of web server processes.
This is done to separate functional privileges. That way, if an account is compromised or misused, the effect will be isolated.
You can read more about the fields in
/etc/passwd in this tutorial.
How To View Available Groups #
The corresponding file for discovering system groups is
You can use
less again to view this file:
. . .
You may notice that many of the group names mirror the users you discovered on your system. This is part of a configuration scheme called user private groups, or UPG.
User private groups create a private group for each user and set that group as the primary group. The umask is then changed from 022 to 002.
This allows for more flexibility in shared directories by setting a flag called
setgid, which gives files inside the directory the same group owner as the directory itself.
Once again, you can pare down the information from the
/etc/group file by using the
cut -d : -f 1 /etc/group
. . .
The output will be a list of each group on the system, one per line.
How To Find Which Users Are Logged In #
Many times, it will be more useful to find out which users are active on your system.
w command is a straightforward way to list all of the currently logged in users, their log in time, and what commands they are currently running:
19:37:15 up 5:48, 2 users, load average: 0.33, 0.10, 0.07
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 rrcs-72-43-115-1 19:15 38.00s 0.33s 0.33s -bash
demoer pts/1 rrcs-72-43-115-1 19:37 0.00s 0.47s 0.00s w
The first line contains system uptime information. The following lines describe who is logged in.
An alternative that provides similar information is
root pts/0 2013-09-05 19:15 (rrcs-72-43-115-186.nyc.biz.rr.com)
demoer pts/1 2013-09-05 19:37 (rrcs-72-43-115-186.nyc.biz.rr.com)
User authentication on Linux is a relatively flexible area of system management. There are many ways of accomplishing the same objective with widely available tools.
You should now know how to find out where your server stores its user and group information. You can also see who is logged in at any given time.
In the next part of this tutorial series, you will review how to restrict login access.