M14 - Users and Groups: CLI

Permissions

Users and Groups: CLI

Inspect identities, groups, and local accounts from the command line, starting with safe read-first commands before making account changes.

40 min INTERMEDIATE BOTH Curriculum-reviewed

Prerequisites

Module M12 - Who Owns What: Users and Groups Module M13 - Users and Groups: GUI

What you should be able to do after this

Identify the current account from the CLI.
Inspect group membership and local account information.
Understand why read-first account inspection should come before account modification.

Why This Matters

The CLI gives you a clearer view of identity than many graphical tools do.

More importantly, it lets you inspect accounts on machines that may not even have a desktop environment.

For this stage, focus on safe observation first. Creating or deleting accounts comes later and should be practiced deliberately.

1. Ask the System Who You Are

The most basic identity question is still useful: who is the current user?

whoami

whoami id groups

These commands answer slightly different questions:

whoami shows the current username
id shows numeric identifiers and group membership on Linux
groups focuses on group names

2. Inspect Local Accounts

Once you know your own identity, the next step is to inspect what other local accounts exist.

Get-LocalUser Get-LocalGroupMember -Group “Administrators” net user

getent passwd | head getent group | head

You do not need to memorize every field yet. Learn to recognize the big picture: the machine has multiple identities and many of them are service accounts rather than human users.

3. Modification Comes After Understanding

It is tempting to jump straight to useradd, usermod, or account deletion commands. Resist that urge until the read-first side is comfortable.

Beginner Safety Rule

If the command can lock someone out or remove access, practice it on a disposable machine or VM first. Inspection commands are where your foundation should begin.

That rule matters because user and group changes affect sign-in, file ownership, service behavior, and privilege boundaries.

What to Ignore for Now

domain joining and enterprise directory tools
password aging policies in detail
full account lifecycle automation

The goal here is not advanced account administration yet. It is understanding how to inspect identity from the terminal safely.

Before You Move On

You are ready when you can:

identify the current user from the CLI
inspect local users or groups on your platform
explain why account modification should start on a test system

Next, we connect identity to the actual permission models that decide access.

Study flow

Read for understanding first, practice immediately after, then mark complete only when you can explain the idea back in your own words.

Permission labs Command library

Self-check

Which commands help you answer who you are and which groups you belong to?
Why is it wise to inspect first and modify later when working with accounts?

If not yet, do one more practice pass before you move forward.

Move on when

Use CLI commands to identify your current user and one group membership without notes.
Explain why account creation and deletion should usually happen on a test machine first.

Completion matters only if you can do these without leaning on the page.

Review rhythm

After you finish, come back tomorrow for a short no-notes recall pass.

Use spaced recalls around day 1, day 3, day 7.
Try to explain the main idea before reopening the page.
Do one related lab or command lookup from memory, not recognition alone.
Re-read only the parts you could not retrieve cleanly.

Learning context

Best for

Need structureIT / support / sysadminSerious hands-on operatorStarting from zero

Pathways

Career operator pathFoundations firstFoundations with structured review

Study fit

Beginner-safe Prerequisites are strongly recommended Balanced lesson and reference

This lesson is paced to support newer learners without assuming too much prior system experience.

This lesson is meant to teach the idea and still leave you with usable command and workflow recall.

Topics

whoamiidGet-LocalUserGet-LocalGroupMembernet usergroupsgetent

Use right after this lesson

Lab LAB-USER-03 - The Almighty Sudo Lab LAB-USER-04 - Group Dynamics & File Modes Library whoami Library id Library groups Library Get-LocalUser Library Get-LocalGroupMember Library net user

On this page