Skip to main content

👤 Lesson 3.1: Users, Groups, and sudo

Linux is a multi-user system from the ground up — here's how it manages who's who.

🎯 Learning Objectives

  • Understand the difference between regular users and root
  • Use sudo to run commands with elevated privileges
  • Create, modify, and delete user accounts
  • Work with groups to organize access
  • Inspect user and group information

Estimated Time: 40 minutes

📑 In This Lesson

Why Users Matter

Linux was designed from the start as a multi-user operating system. Even on your personal laptop where you're the only human, Linux uses multiple user accounts internally:

  • Your account — the one you log in with
  • root — the all-powerful administrator
  • System accounts — used by services like the web server, print service, and database

Every file is owned by a user and a group. Every process runs as a user. This is the foundation of Linux security — it ensures that one user can't accidentally (or intentionally) mess with another user's files or crash system services.

graph TD A["Linux System"] --> B["root
(UID 0)
Full access to everything"] A --> C["Your Account
(UID 1000+)
Full access to your own files"] A --> D["System Accounts
(UID 1–999)
Run services like www-data, mysql"] style B fill:#ef4444,stroke:#b91c1c,color:#fff style C fill:#3b82f6,stroke:#2563eb,color:#fff style D fill:#6366f1,stroke:#4338ca,color:#fff

Who Am I?

Several commands reveal information about your current identity:

# Your username
whoami
# Output: ray

# Your user ID (UID) and group memberships
id
# Output: uid=1000(ray) gid=1000(ray) groups=1000(ray),4(adm),27(sudo),1001(docker)

# All users currently logged in
who
# Output: ray  tty1  2026-04-14 09:00

# More detail about logged-in users
w

💡 Understanding UIDs

Every user has a numeric User ID (UID). On Ubuntu:

  • UID 0 — always root
  • UID 1–999 — system/service accounts
  • UID 1000+ — regular human users

The first user account you create during installation typically gets UID 1000.

The Root Account

root is the superuser — the administrator with unlimited power over the entire system. Root can read, write, and delete any file, install or remove software, start or stop any service, and create or destroy user accounts.

🔴 Never Log In as Root

On Ubuntu, the root account is locked by default — you can't log in as root directly. This is intentional. Running everything as root means every typo, every mistake, and every piece of malware has full system access. Instead, Ubuntu gives you sudo.

🐧 Distro Differences

Ubuntu / Mint: Root is locked; your user is in the sudo group by default. Fedora: You set a root password during install but still use sudo for most tasks. Arch: You set up root during install and must manually add your user to the wheel group for sudo access.

sudo — Superuser Do

sudo lets you run a single command with root privileges. It's like saying "run this one command as the administrator":

# Update the package list (requires root)
sudo apt update

# Install software (requires root)
sudo apt install htop

# Edit a system configuration file
sudo nano /etc/hostname

# Restart a service
sudo systemctl restart ssh

When you run sudo, it asks for your password (not root's). After you enter it, sudo remembers you for about 15 minutes so you don't have to keep typing it.

graph LR A["You type:
sudo apt update"] --> B{"Enter YOUR
password"} B -->|Correct| C["Command runs
as root"] B -->|Wrong| D["Access denied"] C --> E["sudo remembers you
for ~15 minutes"] style C fill:#22c55e,stroke:#166534,color:#fff style D fill:#ef4444,stroke:#b91c1c,color:#fff

Useful sudo Tricks

# Re-run the last command with sudo (when you forgot)
sudo !!

# Open a root shell (use sparingly!)
sudo -i

# Run a command as a different user
sudo -u www-data whoami
# Output: www-data

# Check what sudo commands you're allowed to run
sudo -l

# Edit a file safely with sudoedit
sudoedit /etc/hosts

⚠️ sudo -i and sudo su

Both open a root shell where every command runs as root. This is occasionally useful but dangerous — you lose the safety net of having to type sudo before each privileged command. Exit the root shell with exit as soon as you're done.

✅ The sudo !! Trick

Forgot to type sudo? Instead of retyping the whole command, just run sudo !!. The !! is a Bash shortcut that expands to "the last command you ran." So sudo !! means "run that last command again, but as root this time."

Managing Users

Adding a User

# The Ubuntu-friendly way (interactive, creates home directory)
sudo adduser newperson
# Prompts for password, full name, etc.

# The low-level way (non-interactive, more manual)
sudo useradd -m -s /bin/bash newperson
# -m = create home directory
# -s = set default shell

# Set a password for the new user
sudo passwd newperson

💡 adduser vs useradd

On Ubuntu/Debian, adduser is a friendly wrapper that walks you through setup. useradd is the low-level tool that does exactly what you tell it (and nothing more). For most tasks, adduser is easier and safer.

🐧 Distro Differences

Ubuntu / Debian: Use adduser (interactive) or useradd (low-level). Fedora / Arch: Only useradd is available by default; there is no adduser wrapper. Always use useradd -m to ensure a home directory is created.

Modifying a User

# Change a user's default shell
sudo usermod -s /bin/zsh ray

# Add a user to a group (without removing them from other groups)
sudo usermod -aG docker ray

# Lock a user account (disable login)
sudo usermod -L baduser

# Unlock a user account
sudo usermod -U baduser

# Change a user's home directory
sudo usermod -d /home/newhome -m ray

🔴 The -aG Trap

When adding a user to a group, always use -aG (append to groups). Using just -G replaces all the user's groups with the one you specified — which can lock you out of sudo!

Deleting a User

# Remove a user (keep their home directory)
sudo deluser oldperson

# Remove a user AND their home directory
sudo deluser --remove-home oldperson

# Low-level version
sudo userdel -r oldperson

Groups

Groups let you organize users so you can grant access to resources (files, directories, devices) to multiple people at once instead of one by one.

# See your groups
groups
# Output: ray adm sudo docker

# See another user's groups
groups www-data
# Output: www-data : www-data

# Detailed group info
id ray
# Output: uid=1000(ray) gid=1000(ray) groups=1000(ray),4(adm),27(sudo),999(docker)

Managing Groups

# Create a new group
sudo groupadd developers

# Add a user to the group
sudo usermod -aG developers ray

# Remove a user from a group
sudo gpasswd -d ray developers

# Delete a group
sudo groupdel developers

💡 When Do Group Changes Take Effect?

Group changes don't take effect until the user logs out and back in (or opens a new terminal session). If you just added yourself to a group and need it immediately, run newgrp groupname to activate it in the current shell.

Important Default Groups on Ubuntu

Group Purpose
sudo Members can use sudo to run commands as root
adm Can read system log files in /var/log
www-data Used by the web server (Apache/Nginx)
docker Can run Docker containers without sudo
plugdev Can access removable devices (USB drives, etc.)

🐧 Distro Differences

Ubuntu / Debian: The sudo group is called sudo. Fedora / Arch / RHEL: The equivalent group is called wheel. Same purpose, different name.

Key Configuration Files

Linux stores user and group data in plain-text files:

File Contains Example Entry
/etc/passwd User accounts (name, UID, home dir, shell) ray:x:1000:1000:Ray:/home/ray:/bin/bash
/etc/shadow Encrypted passwords (root-only) ray:$6$abc...xyz:19827:0:99999:7:::
/etc/group Group definitions and memberships sudo:x:27:ray
/etc/sudoers Who can use sudo and how %sudo ALL=(ALL:ALL) ALL 
# View your entry in /etc/passwd
grep $USER /etc/passwd

# List all groups you belong to from /etc/group
grep $USER /etc/group

# View shadow file (requires root)
sudo cat /etc/shadow | grep $USER

🔴 Never Edit /etc/sudoers Directly

Always use sudo visudo to edit the sudoers file. It checks your syntax before saving — a typo in this file can lock everyone out of sudo entirely.

Exercises

🏋️ Exercise 1: Know Yourself

Run these commands and study the output:

whoami
id
groups
grep $USER /etc/passwd
💡 What to Look For

Note your UID (probably 1000), your primary group (same name as your username), and additional groups like sudo. The /etc/passwd entry shows your home directory and default shell.

🏋️ Exercise 2: Create a Test User

# Create a new user
sudo adduser testbuddy

# Verify the account exists
id testbuddy
grep testbuddy /etc/passwd

# Switch to the new user
su - testbuddy
# (Enter the password you set)

whoami
# Output: testbuddy

# Return to your own account
exit
💡 Tip

su - username switches to that user's account and loads their environment. Don't forget the - (dash) — without it, you stay in the current directory with the current environment variables.

🏋️ Exercise 3: Groups in Action

# Create a group
sudo groupadd testers

# Add testbuddy to the group
sudo usermod -aG testers testbuddy

# Verify
groups testbuddy
# Output: testbuddy : testbuddy testers

# Clean up: remove testbuddy and the group
sudo deluser --remove-home testbuddy
sudo groupdel testers

🏋️ Exercise 4: sudo Exploration

# See what you're allowed to run with sudo
sudo -l

# Try a command without sudo, then with
cat /etc/shadow
# Output: Permission denied

sudo cat /etc/shadow
# Output: (contents of the shadow file)

# Try the !! shortcut
apt update
# Output: Permission denied
sudo !!
# Runs: sudo apt update

Knowledge Check

❓ Question 1

What does sudo do?

❓ Question 2

Why should you use usermod -aG instead of usermod -G?

❓ Question 3

Which file stores user account information like username, UID, home directory, and shell?

❓ Question 4

On Ubuntu, what is the name of the group whose members can use sudo?

Quick Reference

Command What It Does Example
whoami Print your username whoami
id Show UID, GID, and groups id ray
sudo Run a command as root sudo apt update
sudo !! Re-run last command as root sudo !!
adduser Create a user (interactive) sudo adduser bob
usermod -aG Add a user to a group sudo usermod -aG docker ray
deluser Remove a user sudo deluser --remove-home bob
groupadd Create a group sudo groupadd devs
groups List your group memberships groups
visudo Safely edit sudoers file sudo visudo

Summary

🎉 Key Takeaways

  • Linux is multi-user — every file and process is owned by a user
  • root (UID 0) has unlimited power; on Ubuntu it's locked by default
  • sudo runs a single command as root — much safer than logging in as root
  • adduser creates users interactively; usermod modifies them
  • Groups organize users for shared access — always use -aG when adding to groups
  • User data lives in /etc/passwd, passwords in /etc/shadow, groups in /etc/group
  • Edit sudoers only with visudo — never directly

🍎 On macOS

sudo, whoami, id, and groups all work the same way on macOS. However, macOS uses Directory Services instead of /etc/passwd and /etc/shadow. User management is typically done through System Settings → Users & Groups or the dscl command — adduser/useradd/deluser are not available on macOS.

🚀 What's Next?

Now that you know who users are, the next lesson covers what they're allowed to do — file permissions, the rwx system, and chmod.