Product SiteDocumentation Site

Chapter 3. Managing Users and Groups

3.1. User Accounts Tool
3.1.1. Configuring an Account
3.1.2. Adding a New User
3.1.3. Removing a User
3.2. User Manager Tool
3.2.1. Adding a New User
3.2.2. Adding a New Group
3.2.3. Modifying Group Properties
3.3. User and Group Management Tools
3.3.1. Command Line Configuration
3.3.2. Explaining the Process
3.4. Standard Users
3.5. Standard Groups
3.6. User Private Groups
3.6.1. Group Directories
3.7. Shadow Passwords
3.8. Additional Resources
3.8.1. Installed Documentation
The control of users and groups is a core element of Fedora system administration. Users can be either people (meaning accounts tied to physical users) or accounts which exist for specific applications to use. Groups are logical expressions of organization, tying users together for a common purpose. Users within a group can read, write, or execute files owned by that group.
Each user is associated with a unique numerical identification number called a userid (UID); likewise, each group is associated with a groupid (GID).
A user who creates a file is also the owner and group owner of that file. The file is assigned separate read, write, and execute permissions for the owner, the group, and everyone else. The file owner can be changed only by the root user, and access permissions can be changed by both the root user and file owner.
Fedora also supports access control lists (ACLs) for files and directories which allow permissions for specific users outside of the owner to be set. For more information about ACLs, refer to the Access Control Lists chapter of the Fedora Storage Administration Guide.

3.1. User Accounts Tool

The User Accounts configuration tool allows you to view, modify, add, and delete local users. To run the utility, either select ApplicationsSystem ToolsSystem Settings from the Activities menu and click the User Accounts icon, or click your name on the panel and choose My Account from the drop-down menu.
The User Accounts configuration tool
The User Accounts configuration tool
Figure 3.1. The User Accounts configuration tool

The main window of the User Accounts configuration tool is divided into two parts: The left side of the window contains a list of available user accounts. The right side provides details on a particular account.
By default, the tool only allows you to change certain settings regarding your account. This is because only root is allowed to configure users and groups. To unlock the configuration tool for all kinds of changes, click the Unlock button in the bottom-left corner of the window, and provide the root password when prompted.

3.1.1. Configuring an Account

To change the image associated with an account, click the icon next to the account name and either select a picture from the drop-down list, or click Browse for more pictures... to use an image from your local drive.
To change the name associated with an account, click the name next to the icon to edit it.
To change the account type, use the Account type drop-down list. However, this change requires the configuration tool to be unlocked even if it is your account.
To change the default language for an account, click the button next to the Language label, and select the desired language from the list.
To change the password, click the button next to the Password label. A dialog box will appear, allowing you to set the new password. Note that the current password must be provided in order to confirm the change. Once done, click the Change button to save the change.
Changing the password
Changing the password
Figure 3.2. Changing the password

Password security advice

It is advisable to use a much longer password, as this makes it more difficult for an intruder to guess it and access the account without permission. It is also recommended that the password not be based on a dictionary term: use a combination of letters, numbers and special characters.
Finally, to set up automatic login for a particular account, enable the Automatic Login switch. The configuration tool must be unlocked to make this change.

3.1.2. Adding a New User

To add a new user, make sure the configuration tool is unlocked, and click the + button (that is, the plus sign) below the account list. A dialog box as shown in Figure 3.3, “Creating a new account” will appear.
Creating a new account
Creating a new account
Figure 3.3. Creating a new account

Take the followign steps to create an account:
  1. Select an account type from the Account type drop-down list. Available account types are Administrator and Standard (the default option).
  2. Fill in the Full name input field to set the name associated with the account. This name will be used by the login manager, and will be displayed on the panel.
  3. Either select a suggested username from the Username drop-down list, or fill in the corresponding input field.
  4. Click the Create button to confirm the settings.
Fedora uses a user private group (UPG) scheme. The UPG scheme does not add or change anything in the standard UNIX way of handling groups; it offers a new convention. Whenever you create a new user, a unique group with the same name as the user is created.
When a new account is created, default configuration files are copied from the /etc/skel/ directory into the new home directory.

3.1.3. Removing a User

To remove a user, make sure the configuration tool is unlocked, select the desired account from the account list, and click the button (that is, the minus sign) below the account list. A dialog box as shown in Figure 3.4, “Removing an account” will appear.
Removing an account
Removing an account
Figure 3.4. Removing an account

To delete files and directories that belong to the user (that is, the home directory, mail spool, and temporary files), click the Delete Files button. To keep these files intact and only delete the user account, click Keep Files. To abort the deletion, click Cancel.