Managing users in Ubuntu

Managing users in Ubuntu


As you notice from day to day use of Ubuntu, most tasks are easily accomplished. But what happens when you’re ready to expand your use of Ubuntu to include new applications, or connect to a home network and add new users? This brief guide shares the key steps necessary to create and manage other users, helps clarify some essential differences with other flavors, and provides tips regarding “root” user. Perhaps most importantly, these steps help empower the use of your Ubuntu system to become far more than just another desktop PC.

Understanding users in Ubuntu

The security and usefulness of your Ubuntu system depends a good deal on what you do to enable users and their privileges. Without falling into the minutia and the mundane, it is important to at least understand how users are handled in the Ubuntu GNU/Linux environment.

When you first install Ubuntu, you are required to create a user account. This initial user account, and for that matter all subsequent users, have their independent user files stored under the Home folder. But there is something unique about the first user account you create.

In my case, when installing Ubuntu, I created the user account: “mark”. Not only is mark my first Ubuntu user, but mark has automatically been given unique and powerful privileges that other users do not receive. My mark account can create users, change files and folders, and do a lot of administrative functions on Ubuntu that are normally performed by another important user account named “root”.

Therefore, in Ubuntu, you should understand the three key users:

  • Initial user, in my case called mark, created when installing Ubuntu
  • Root user, known as the administrator that usually has maximum privileges
  • All other users, which I term basic users, are added following installation

Each of these three key users have their own folders, their own unique privileges, and most importantly their own role to play on your Ubuntu system. In the following sections, I will share how to enable and utilize each. Let’s begin with the basic user.

NOTE: I assume that you are logged in to your Ubuntu system as the initial user, thereby having the rights and privileges necessary to perform the tasks below.

Creating and managing basic users

Inevitably, once you setup Ubuntu in your home or office, others will come to you begging to get access. Some may want a chance to try out one of the multitude of cool applications that come preloaded with your system, while others desire to see GNU/Linux power! In other words, you need a good way to give them access without giving them the keys to the system.

Step 1. Accessing the users and groups tool

Creating basic user accounts is easily accomplished through the Users and Groups tool. From your main menu, choose System, then Administration. To start your tool select the Users and Groups menu item.

Notice the message that appears (figure 1).

Figure 1: Using the privileged user accountFigure 1: Using the privileged user account

This is a very important message and what it infers is something unique about Ubuntu. In most GNU/Linux systems the privileged user is named root, and the password you type in would be that of root. However, in Ubuntu, the privileged user is the initial user account you created, and therefore you must type that user account password.

Once you type the password in, you will have access to all of the various administration tools. I provide more details regarding the reasons for this in the “Understanding the Superuser” section below.

Step 2. Adding a new user

You should now see the Users and Groups tool. Please choose the Add User button on the right.

What you choose to include in the Account sections should be based on who you’re adding, and what you plan to do with your Ubuntu system. If you’re adding a basic user so someone else can also access your Ubuntu system, the defaults will be satisfactory.

For an example, I will add my son John as a basic user of my Ubuntu system so he can enjoy some of those cool GNU/Linux games. Below is the sample user information. Notice that I chose to manually set the password, since I prefer to give him something that is both secure and easily remembered (figure 2).

Figure 2: Adding a new user with basic rightsFigure 2: Adding a new user with basic rights

Before you press the OK button, please click on the “User privileges” tab at the top. This is an important step whenever you create a new user.

Under the “User privileges” tab, note the default access given to this basic user. You may prefer to change some of these, such as “Monitor system logs”, “and Connect to Internet”. Anything that is checked is allowed by this user. Also make sure that the “Executing system administration tasks” is NOT checked.

Once you are satisfied with the privileges granted to this new user, press the OK button.

You should return to the main Users and Groups tool window. Now scroll down until you see the new user you just added. In my example, I added user: john (figure 3).

Figure 3: Successfully added new userFigure 3: Successfully added new user

Once you are finished adding new basic users, it is very important to press the OK button again.

This will create the account and save the information you added. Ubuntu should also automatically create your new user’s folder under the Home directory.

Once finished, your new user will be able to login and enjoy the power of Ubuntu GNU/Linux!

If for some reason the login fails, please refer to the troubleshooting tips at the end of this article.

Step 3. Making future changes to users

Notice that if you wish, you can now go back and change the properties of this user by highlighting the user name and pressing the Properties button. Or, if this user is no longer needed or wanted in the future, you can highlight the name and press the Delete button.

If you ever decide to delete a basic user, realize that the folder and files from the user are not automatically removed, only the user’s login access is removed. This is greatly advantageous since it allows you to restore a previously deleted user without losing files.

In order to totally remove even the user’s folder, you will need to apply a super-user command. This is a step that is unlikely to be necessary for beginning Ubuntu, but that I explain briefly in the “Understanding the Superuser” section.

Creating and managing user groups

Although it is fine to simply leave a new user such as john in his or her own user group, you may prefer to also assign new users to another unique group. This affords not only an easier time in managing users rights, it also offers a means to share files, etc.

You do not have to assign new users to a group, the default is that they are assigned to their own personal group. But if you prefer to do so, below are the key steps.

Step 1. Start the users and groups tool

As mentioned above, access the tool from your main menu. However, instead of making changes or using the options on the “Users” tab, click on the “Groups” tab.

Scroll down until you see your new user. Notice that a group with the user’s name has also been added.

Step 2. Add a group

Now, press the Add Group button.

Figure 4: Adding users to a specific groupFigure 4: Adding users to a specific group

Notice in my example (see figure 4) that I’ve created a new group named “desktopusers”, and then highlighted my new user john. By pressing the Add button in the middle, I will add john to the group. You can add multiple users by holding down the Ctrl key and highlighting as many as you wish. Just be sure to press the Add button once you are done choosing.

Press OK when you are satisfied that all the users who belong in your new group were added (figure 5).

Figure 5: Successfully added new groupFigure 5: Successfully added new group

Notice that on your main “Users and Groups” window, the new group was added to the bottom of the list. Press OK again to save the changes.

That’s it! In the future, to change users in a particular group you can use the same steps above. But instead, highlight the group to change and press the Properties button.

What you enabled with this new group is that users, such as a working group of colleagues or friends, can now share files and manage folders that were given desktopuser group access.

Understanding the superuser

I briefly mentioned above that there are three key users in Ubuntu. This section will clarify why certain attributes exist, and what the key differences are between root and the initial user account.

Notice that in order to apply any of the steps above you needed to be logged in and use the initial Ubuntu account. The first account you create, during installation, is automatically assigned super-user do rights (also called sudo). With a super-user account, system administration and modification is possible.

The most powerful super-user account in GNU/Linux is root. However, you’ll notice that a root account is not automatically included in your Ubuntu installation details. The root does not, by default, come enabled for your use.

In situations where you must use superuser privileges, Ubuntu allows you to use the initial account combined with sudo. If for example you wanted to delete a basic user’s file folder from under Home, you would use the following commands from the command (terminal) prompt:

cd /home
sudo delete john

To run the sudo command you will be prompted for your initial user password. This prevents you from having to run as root to do basic system administration, while protecting your system from security weaknesses associated with fully enabling another account as superuser.

What about root?

Ubuntu hides the root account somewhat in order to discourage its use, unless absolutely necessary. Instead, almost all of the power and privileges needed for administration are assigned to your initial account.

But what about those instances where you plan to perform some major modifications or enhancements to your Ubuntu system? I must state that this is unlikely to ever be the case for a beginning user. But, if you are in a situation similar to myself, trying to add something as major as perhaps the LTSP to your Ubuntu (edubuntu.org already has some good options for new users who want this), then you may need to apply root.

Again, before you press ahead to enable your root account, I want to convey that you should not be using root for day-to-day administration. Nor should you follow the steps below if you are brand new to Ubuntu and read some document that says “you need to be logged in as root”. Instead, use sudo as described above to run such commands.

If you’ve gotten this far, you don’t need anymore disclaimers just a simple answer. To enable root in Ubuntu you use the same steps as mentioned in section 1. However, you highlight the root user account and then press the Properties button. From there you can set the root password by hand and press OK twice to save your changes. I just urge you not to become a habitual root account user and to stick with the initial account and sudo when possible.

Troubleshooting

It’s a rare thing for me to hear about problems creating and managing users. However, there are a few things to keep in mind.

Login failure

If you created a new user account based on the steps above and get a strange error, you may have a simple problem with the user’s properties. The errors you may see include: $Home/.dmrc not properly configured, or that the HOME/user does not exist and the default directory will be temporarily set to /root.

In both cases, the error was caused by the new user’s folder not being properly configured or created. You can resolve this easily enough, by simply deleting the user and starting the steps above again. But this time, also click on the Advanced tab, when adding user, and ensure that the line for Home directory reads: /home/$user

Obviously, this only applies during initial creation of a new user account.

Changes do not save

I’ve encountered this more often than you would imagine. It seems that people sometimes get confused when pressing the OK button during the steps above. You must not only press the OK button on the specific properties Window, but also press OK once again on the main Users and Groups window in order to save your changes.

Conclusion

You should now have all the key steps needed to create and manage multiple user accounts on Ubuntu. More importantly, you should also have a reasonable understanding of what to do if you need to run a command or perform an action that requires “root access”. By applying these steps, you can share the power and pleasure of your Ubuntu system with others, while retaining security and stability.

Category: 
License: 

Comments

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Crucial to the use of groups is allowing groups access to directories and files. I am a beginning Ubuntu user (after two years, I still think I'm a beginner!) I've set up Samba so the Ubuntu machine can act as a file server.

Please correct these instructions if I remember them incorrectly:

Pick a directory you want the group to share say group: games, directory /games_dir.
As root create the directory
mkdir /games_dir

change the ownership so the group is always games and the group will be inherited in subdirectories (-R)
chown :games -R /games_dir

change the permissions so that the owner and other members of the group can read and write. Those outside the group can do nothing. The initial "2" sets the "sticky bit" for the group permissions.

chmod 2660 -R /games_dir

WIthout these ownership and permissions settings, whenever I saved pictures from my wifes account to /pictures I'd be unable to edit them later. This way, we can both read and edit.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

A very nice read indeed, especially for casual Linux users.

However, there are some small misspellings, that take away some fun of reading your article:

  • (Page 1)
    Ubuntu should also automatically create your new user’s folder under the /home directory.
  • (Page 2)
    cd /home
    sudo rm -rf john

    (I can't remember "delete" command, really)
  • The errors you may see include: $HOME/.dmrc not properly configured, or that the /home/user does not exist.

Don't forget about "sudo userdel -r john" which does two things at once: it removes the user's account and their home directory in one shot.

And for NOT enabling the root's account but still be able to run programs on his behalf:

sudo bash

(remember, in Linux there are more ways to do the same thing)

Regards,
SirYes

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

>And for NOT enabling the root's account but still be able to run programs on
>his behalf:

This works also and gives you the root environment:

sudo su -

>(remember, in Linux there are more ways to do the same thing)

ciao ek

allanregistos's picture

I will create these groups for home users:

kid
boy
girl
adult
parent
family

A boy or a girl under the age of 18 will have the group kid as their secondary group. Same to boy or girl 18 above will have the group adult as secondary. Parents of course belongs to the parent group and will have no secondary group. All users have access to contents of the family group. In this way, I can manage contents that are unique for each home users. Just a thought..

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I know that Linux is a multi-user OS, however, I'm wondering if there is a way to have multiple users on a single physical screen ala Win XP.

This is a nice feature - allowing multiple users to use different logins on the same physical screen without forcing either one to log out and terminate their respective applications.

This would be very useful, for instance, when I have visitors over and I want to let them use my system, but I don't want them use my login and I don't want to terminate my running programs. They would instead use a guest account running from the same screen.

I know there's the possibility of running multiple X servers, but this seems cumbersome.

Cosmo Lee
cosmolee at bigfoot dot com

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Cosmo: yes, you can log in another user without logging out the previous one. To do this, choose "Switch User" from the "Quit..." menu item under the "System" menu (can also be accessed by clicking on the open door with arrow found on the right-top of the desktop).

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Furthermore, you can choose to open several sessions from one session either in fullscreen or in nested windows!

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I wanted to take a moment to thank each of the readers who took time to reply on the article.

Indeed it is my hope to write more articles regarding Ubuntu and appreciate your kind replies and guidance on some of the notations above.

with kind regards,
mark rais

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I was given a Hard drive with Ubuntu installed, but since I wanted to be the Administrator now that I deleted the existing admistrator but now I canon load programs without the password and I cannot restor the administrator account even to' I can log in as Adinistrater using his name and password.
System/Administration section is only half the size now.
Can anyone help please. I am loosing all respect for Ubuntu and I din't want this, I realy want to mak it work.
Rex Gladding
rexd@istnet.net.au

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Don't lose respect for Ubuntu for your mistake. If you made that type of mistake in Windows, you would experience the same problem.

You obviously are not very experienced with computers, so maybe you should take your computer to the local repair shop where they can help you out.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Do that kind of thing to any multiuser OS and it'd be broken!

Another option after killing an installation in this way is to reinstall -- go to Ubuntu.com and ask them to send you a new CD. It's probably easier that way, and you'll learn stuff :-)

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

This would NOT have happended in windows actually. Becuase in windows you cannot delete the the administrator account. So the one reply to your post, that guy dosent know about computers.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

If you boot your system into single user mode:
http://wiki.clug.org.za/wiki/How_do_I_reset_my_root_password%3F

Then add a user: yourusername

then just make sure to add your user to the "admin" group, reboot and you are good to go. If you need more help, you can contact me (sharms on irc.freenode.org) and ask on #ubuntu

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

If you were given a disk with another install already on it, you may already have built in problems and the easiest and cleanest thing to do would be a reinstall. If you can access a system with internet access you can download an image of feisty fawn from ubuntu.org, make a cd, and boot to it. Double-click Install... you will have to give it user information, and choose a password. Write it all down! Choose to overwrite the current install, have a cup of tea, or two, and you will have a fresh, clean start.
It's very important to be patient, and persist. It took me 3 years to really learn windows, and Linux is no different. Theres a learning curve to any OS, but persistance, and patience is the key. Solving your first problem may take awhile and a lot of research and trial and error, the second will come easier, and so forth, and it really won't be long, you'll wonder why the whole world isn't using Linux.
Unless you are wealthy in the extreme, you will never be able to afford to do the things in Windows that you can in Linux for free.

vgrisham's picture
Submitted by vgrisham on

My account is the account created on install. I can create users and am apparently a superuser. When I try to install software (firestarter) however using apt-get, I get a message that says:

E: Could not open lock file /var/lib/dpkg/lock - open (13 Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

What am I doing wrong?

Thanks in advance.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

apt-get needs to be run as root. In ubuntu, that means the command would be:
sudo apt-get

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

to not have to type "sudo" in front of every command, you can type "sudo -s" and you will be root, and you can type all commands normally.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

What is the point of this article if you use the GUI?
The comments are more useful than the article it self.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I have installed a fresh copy of UBUNTU. In login screen I enter the correct user name and the password. Even then its not accepting the username and password and so i am not able to login. Could you please suugestme how exactly i can know about the login username and password.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I also installed ubuntu without any problems. It never asked for a username or password, but now I want to start and all it does is asking username and password.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I renamed my administrator account and changed the default home dir. now i cannot log in as the home dir doesn't exist. I have created a new user but only with limited rights. is therte a way i can restore my orginal login?

BobT_KY's picture
Submitted by BobT_KY (not verified) on

I did this as well and had to startup a failsafe terminal session (use F10 when logging in to get safe mode menu options). I then used "su" to switch to root. Created /home/new__username and used "chown" new_username /home/new_username. I then had to hard shut down the PC (could not figure out how to exit the root temrinal session, tried "exit" "quit," ctrl-z, ctrl-c etc.) and logged in as new_username and all was ok.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

in my ubuntu mouse is not deteacting so help me to activate my mouse

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

1. check to see if it's plugged in.
2. check to see if it works on a nother computer.
3. try rebooting
4. come back here.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

i installled ubuntu, i did this thing with the admin settings. but i cant get acces in the internet settings. it beheaviour like i dont done the step before. i cant type my ip adres, my username and anything else. what to do?

MRais's picture

Hmmm.

Actually, I have been writing so many user guides that I ended up just using "John Smith" and/or "John" as simple example users.

Note that I use "John Smith" more like "John Doe" than someone specific like "Captain John Smith". ;)

newlyweds's picture
Submitted by newlyweds on

I have some folders i cant get into with my initial user priviledges. I am very new to using another type of operating system such as linux but with ubuntu it is a fairly easy transition thus far. My friend is a tech nerd and is the one who installed it for me but he is deployed and i want to try to resolver this my self.

here is the issue.

I have two folders that are designer within my hardware for mass storage but I do not have read, write, or execute permissions to them is there a way that I can essentually give myself aka my account the neccessary permissions to them. my friend believe they fall into the root permissions or something like that.

Any help would be amazing!!! when replying please refer to my username. LOL thanks

jpmd's picture
Submitted by jpmd on

This tutorial is excellent: clear and easy to follow.

I'm curious, however, how to do all this from a terminal window. I built a LAMP server with Ubuntu 8.04 and I want to avoid installing the GUI if I can.

I'm using PuTTY to access the Ubuntu box remotely, hoping to make it a headless web server.

I'm pretty new to the whole Linux thing, as you can tell.

Thanks for your help!

John

Author information

Mark Rais's picture

Biography

Mark Rais dedicates his time and energy to promoting free software technology, especially among the poor and where a technology divide exists. He serves as senior editor for reallylinux.com. You can contact him at "markr" followed by the "at" symbol and then "reallylinux.com".