Linux User and Process Management: A Comprehensive Guide

Harsh ButaniHarsh Butani
6 min read

Table of contents

Understanding user permissions, groups, and process management is essential for anyone working with Linux. In this guide, we will cover how users and groups are structured in Linux, manage permissions, and dive deep into the intricacies of process management, including how processes are created and terminated.

Users and Groups in Linux

Linux systems use users and groups to manage access and permissions to files, directories, and resources. Each user has a unique identity (UID), and users can belong to one or more groups (GID) that determine what they can access on the system.

Users

  • A user represents an account that can log in or run processes on the system.

  • Each user has a home directory, typically in /home/username, where personal files are stored.

  • Users are identified by a UID (User ID), not just a username.

Groups

  • Groups are collections of users, identified by a GID (Group ID).

  • Groups help manage shared permissions among users, providing common access to files or processes.

For instance, files can be restricted to only members of certain groups, and users within that group inherit the same permissions to those files.

The Root User and Superuser Privileges

Linux has a special user known as root (also called superuser). The root user has unrestricted access to all files and commands. Operating as root can be dangerous, as any command can have system-wide effects, including accidentally deleting critical files.

Safely Running Commands as Root

There are two main ways to execute commands with superuser privileges:

  1. sudo: Temporarily grants root privileges for specific commands. It requires your password and provides safer, limited access.

     code$ sudo command

  2. su: Switches to the root user (or any other user). Running su without a username gives you a root shell where all subsequent commands are run as root. This is riskier because you stay in root mode until you explicitly log out.

     code$ su

Why Use sudo Over su?

  • Less Risk: sudo runs a single command as root, reducing the risk of making accidental system-wide changes.

  • Accountability: sudo logs each command you run with root privileges, providing a traceable history of changes.

Only users listed in the /etc/sudoers file can run commands as root using sudo. This file can be edited safely using the visudo command.

Understanding Important Linux Files:

Linux stores important user and group information in a few key files. Understanding these files is crucial for managing users and groups.

The /etc/passwd File

The /etc/passwd file stores information about all system users. Each line in this file corresponds to a user and contains:

  • Username

  • Password field (usually represented by "x" for security; the actual password is stored in /etc/shadow)

  • UID (User ID)

  • GID (Group ID)

  • GECOS field: Additional user information (like real name)

  • Home directory

  • Default shell (like /bin/bash)

The /etc/shadow File

The /etc/shadow file is more secure as it stores encrypted passwords and other password-related information. Access to this file requires superuser permissions. Each line contains:

  1. Username

  2. Encrypted password

  3. Date of last password change (days since Jan 1, 1970)

  4. Minimum and maximum password age

  5. Password warning and inactivity periods

  6. Account expiration date

The /etc/group File

The /etc/group file contains group-related information. Each line lists:

  1. Group name

  2. Group password (typically set to *)

  3. GID

  4. List of users in the group

User Management Commands in Linux

Linux provides several tools for managing users and groups. Here are the key commands:

  • Adding Users:

      code$ sudo useradd username

    Adds a new user and updates /etc/passwd and /etc/shadow.

  • Removing Users:

      code$ sudo userdel username

    Removes the user and their home directory.

  • Changing Passwords:

      code$ sudo passwd username

    Changes the password for a specific user.

Process Management in Linux

Processes in Linux represent running instances of programs. The kernel manages all processes, allocating CPU, memory, and I/O resources. Each process has a unique process ID (PID).

Viewing Running Processes

The ps command provides a snapshot of running processes:

ps

It shows:

  • PID: Process ID

  • TTY: Terminal associated with the process

  • STAT: Process status code

  • TIME: Total CPU usage time

  • CMD: Command that started the process

For a more detailed view of all processes (including those without a terminal), use:

ps aux

This provides additional information, including CPU and memory usage.

  • a: Shows all processes, including those of other users.

  • u: Displays user-oriented format.

  • x: Lists processes without an associated terminal (like daemon processes).

Real-Time Process Monitoring: top

The top command gives you a real-time, constantly updating list of processes:

code$ top

It shows processes with the highest CPU usage and other key stats, letting you monitor system performance.

Terminal Types in Linux: TTY and PTY

In Linux, there are two types of terminals:

  1. TTY (Regular Terminal): A full-screen command-line interface that provides direct interaction with the system (e.g., pressing Ctrl+Alt+F1 opens a TTY session).

  2. PTY (Pseudoterminal): A software-based terminal emulator used in desktop environments (like the terminal window in Ubuntu). Each new terminal window gets its own PTS number (e.g., pts/0, pts/1).

Process Creation and Termination

Forking and the Birth of a New Process

When a process needs to create a new one, it uses a system call called fork. The original process (parent) creates an almost identical copy called the child process, which gets a new PID.

  • The parent process continues running, and the child either:

    • Continues running the same program or

    • Replaces itself with a new program using the execve system call.

The very first process, init (PID 1), is created when the system boots. It is the ancestor of all other processes and runs with root privileges. When init starts, it launches all necessary system services.

Process Termination: Exiting Gracefully

When a child process finishes, it uses the _exit system call to release resources and notify the parent process. The parent must then acknowledge the termination using the wait system call.

  • If the parent doesn’t acknowledge the child's termination, the child process becomes a zombie (a partially terminated process waiting to be fully removed).

Orphan Processes and Zombie Processes

  • Orphan Processes: If a parent process terminates before its child, the orphaned process is adopted by init, which takes care of terminating it when done.

  • Zombie Processes: A zombie process occurs when the parent fails to call wait, leaving the child in a partially terminated state. Zombies don’t consume resources but can clutter the process table.

Conclusion

Mastering user and process management in Linux is crucial for maintaining a secure and efficient system. From managing users and groups to understanding process creation and termination, these fundamental concepts are key to navigating the Linux environment. Always ensure to use commands like sudo for safer root access and monitor processes regularly using tools like ps and top.

0
Subscribe to my newsletter

Read articles from Harsh Butani directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Linuxlinux for beginnersprocess management #UserManagementDevopsoperating system

Written by

Harsh Butani
Harsh Butani