Users must be managed in a way that each user has permissions to accomplish what is required while relinquishing only the minimum amount of privileges in order to prevent as many mistakes to the Operating System as possible by users. A user's privileges can be controlled by granting specific rights to specific users. By default, there is already a user administrative priveleges built into the Raspberry Pi. That default username is:

pi

This default user: pi also has a default password. The default password for pi is:

raspberry

It is imperative that a user change this default password as soon as possible with this command:

sudo passwd username

(sudo is an acryonym that means: superdoer. The sudo command allows a user with sudo privileges to execute administrative commands. However, a sudo user must authenticate access with a password from time to time.) The user will then be prompted to enter a new password and then verify the password by entering the password a second time.
Additional user identities can also be created and must be unique. Usernames must be all lower case. The command to create a new user is:

sudo adduser username

This command will first require that a password be created for this new user. This password will be how the user authenticates himself while logging on or while executing commands.
Some users may need adminstrative access in order to execute advanced commands. Great care is prudent when deciding who needs administrative access. Users with sudo access weild great power over the OS and sometimes mistakes are not repairable. In order to grant a user administrative priveleges, the user must be added to the sudo group. The command to add a user to the sudo group is:

sudo usermod -g sudo username

The first and most powerful user is: root. Root is able to accomplish any task and enjoys instant access to all privileges with no oversight. Extreme caution should be exercised while executing commands while logged in as root. It is a best practice to not log in as root. However, if required, only log in as root long enough to execute the required command, then log back on as another user. The command to assume root privileges is:

sudo su

The command to exit root access and return to sudo user is:

exit

Occasionally, a user must be deleted. The command to delete a user is:

sudo userdel username

When a user is created, a password is requested. A user can change this password with this command:

sudo passwd username

The user will be promted for a new password, then asked to repeat the password.
Sometimes a security requirement can be made easier if access to a folder or file is granted to a group of users, rather than only an individual user. In that case there is a need to create a group. Create a group with the following command:

sudo groupadd groupname

After the group is created, users can then be added to a group. If this group is going to be the users one and only primary group, then the command to add the user to a group is:

sudo usermod -g groupname username

If the user is going to be a member of multiple groups, then the command to add the user to the group is:

sudo usermod -G groupname1, groupname2, groupname3 username

Next: (Managing Files)

Webmaster: hardyjc@yahoo.com