Users and Groups

Users

Get root user

su root OR sudo -s

Show users: less /etc/passwd

kacperbak:x:1000:1000:Kacper Bak,,,:/home/kacperbak:/bin/bash

Show users: less /etc/group

sudo:x:27:kacperbak
kacperbak:x:1000:

File modes

User, Group, All

Set user execute mode

sudo chmod u+x fileName

Set all write mode

sudo chmod a+w fileName

Set group read mode

sudo chmod g+r fileName

Non privileged user

For security reasons it is very important to run services like a webserver or database as a user with very low privileges. This will prevent the exploitation of security flaws of the service. The following points should be matched for this user:

No login shell for this user.
Use only a home directory if necessary.
Disable the user login.
Add to a group with low privileges like nogroup.

Create a non privileged user

useradd -g nogroup -N -M -s /bin/false -c "Apache Tomcat" tomcat

Table 1. Possible Tomcat user
Command/Parameter	Description
`useradd`	not interactive like `adduser` but available on most Unix distributions.
`-g nogroup`	add user to group `nogroup`
`-N`	do not create a user group with the same name as user, but respect the `-g` flag.
`-M`	no home directory
`-s /bin/false`	set a non login shell
`-c "Apache Tomcat"`	a comment about the created user.
`tomcat`	username

Table 2. Further alternatives
Command/Parameter	Description
`-d /opt/tomcat/temp`	set `/opt/tomcat/temp` as a home directory

User should be unable to login from login shell and su tomcat.

getent passwd tomcat

should result in containing :!:

tomcat:!:17174:0:99999:7:::

Sources

https://linux.die.net/man/8/adduser
https://wiki.ubuntuusers.de/adduser/
http://unix.stackexchange.com/questions/96892/what-does-adduser-disabled-login-do
Brittain, Darwin - Tomcat The Definitive Guide, Page 4, ISBN 978-0-596-10106-0