{"id":35922,"date":"2024-11-28T08:21:55","date_gmt":"2024-11-28T07:21:55","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=35922"},"modified":"2024-11-28T08:21:59","modified_gmt":"2024-11-28T07:21:59","slug":"freebsd-basics-2-users-groups","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/","title":{"rendered":"FreeBSD basics \u2013 2 \u2013 Users & Groups"},"content":{"rendered":"\n

In the last post<\/a>, we’ve initially configured FreeBSD so that networking is up and running, additional packages can be installed, and the system was patched to the latest release. In this post we’ll look at how users and groups are managed in FreeBSD and what FreeBSD provides when it comes to additional security mechanisms.<\/p>\n\n\n\n

On Linux systems users are usually created with useradd<\/a>, and groups are created with groupadd<\/a>. There is also usermod<\/a> and groupmod<\/a>, which are used to modify users and groups. With FreeBSD you can do all those tasks with pw<\/a>, no matter if you want to manage users or groups:<\/p>\n\n\n

\nroot@freebsd14:~ $ pw\nusage:\n  pw [user|group|lock|unlock] [add|del|mod|show|next] [help|switches\/values]\n<\/pre><\/div>\n\n\n
By giving the “help” switch to a sub command you may easily check the syntax (or read the man page, of course):<\/p>\n\n\n
\nroot@freebsd14:~ $ pw group help\nusage:\n  pw group [add|del|mod|show|next] [help|switches\/values]\nroot@freebsd14:~ $ pw group add help\nusage: pw groupadd [group|gid] [switches]\n        -V etcdir      alternate \/etc location\n        -R rootdir     alternate root directory\n        -C config      configuration file\n        -q             quiet operation\n        -n group       group name\n        -g gid         group id\n        -M usr1,usr2   add users as group members\n        -o             duplicate gid ok\n        -Y             update NIS maps\n        -N             no update\n<\/pre><\/div>\n\n\n
A typical group would be created like this:<\/p>\n\n\n
\nroot@freebsd14:~ $ pw group add -n group1 -g 2001 \n<\/pre><\/div>\n\n\n
A new user with that group as the primary group would be:<\/p>\n\n\n
\nroot@freebsd14:~ $ pw user add -n user1 -u 2001 -c "a sample user" -d \/home\/user1 -g group1 -m -s \/usr\/local\/bin\/bash\nroot@freebsd14:~ $ id -a user1\nuid=2001(user1) gid=2001(group1) groups=2001(group1)\n<\/pre><\/div>\n\n\n
Another option you have is adduser<\/a>. This is basically a wrapper around “pw” and gives you an interactive way of creating users:<\/p>\n\n\n
\nroot@freebsd14:~ $ adduser \nUsername: user2\nFull name: second sample user\nUid (Leave empty for default): 2002\nLogin group [user2]: group2\nGroup group2 does not exist!\nLogin group [user2]: \nLogin group is user2. Invite user2 into other groups? []: group1\nLogin class [default]: \nShell (sh csh tcsh bash rbash nologin) [sh]: bash\nHome directory [\/home\/user2]: \nHome directory permissions (Leave empty for default): \nEnable ZFS encryption? (yes\/no) [no]: \nUse password-based authentication? [yes]: \nUse an empty password? (yes\/no) [no]: \nUse a random password? (yes\/no) [no]: \nEnter password: \nEnter password again: \nLock out the account after creation? [no]: \nUsername    : user2\nPassword    : *****\nFull Name   : second sample user\nUid         : 2002\nZFS dataset : zroot\/home\/user2\nClass       : \nGroups      : user2 group1\nHome        : \/home\/user2\nHome Mode   : \nShell       : \/usr\/local\/bin\/bash\nLocked      : no\nOK? (yes\/no) [yes]: yes\nadduser: INFO: Successfully created ZFS dataset (zroot\/home\/user2).\nadduser: INFO: Successfully added (user2) to the user database.\nAdd another user? (yes\/no) [no]: no\nGoodbye!\nroot@freebsd14:~ $ id -a user2\nuid=2002(user2) gid=2002(user2) groups=2002(user2),2001(group1)\n<\/pre><\/div>\n\n\n
adduser also created a new ZFS file system for the new user (this did not happen with pw, and this is only done when the parent of the home directory is also ZFS):<\/p>\n\n\n
\nroot@freebsd14:~ $ df -h | grep user\nzroot\/home\/user2       24G    128K     24G     0%    \/home\/user2\n<\/pre><\/div>\n\n\n
All those defaults can be controlled, as you can ask adduser to create a template:<\/p>\n\n\n
\nroot@freebsd14:~ $ adduser -C\nUid (Leave empty for default): 2003\nLogin group []: group1\nEnter additional groups []: user2\nLogin class [default]: \nShell (sh csh tcsh bash rbash nologin) [sh]: bash\nHome directory [\/home\/]: \nHome directory permissions (Leave empty for default): \nEnable ZFS encryption? (yes\/no) [no]: \nUse password-based authentication? [yes]: \nUse an empty password? (yes\/no) [no]: \nUse a random password? (yes\/no) [no]: \nLock out the account after creation? [no]: \nPass Type   : yes\nClass       : \nGroups      : group1 user2\nHome        : \/home\/\nHome Mode   : \nShell       : \/usr\/local\/bin\/bash\nLocked      : no\nOK? (yes\/no) [yes]: yes\nRe-edit the default configuration? (yes\/no) [no]: \nGoodbye!\n<\/pre><\/div>\n\n\n
This created “\/etc\/adduser.conf”, which will be the template for new users created with adduser:<\/p>\n\n\n
\nroot@freebsd14:~ $ cat \/etc\/adduser.conf \n# Configuration file for adduser(8).\n# NOTE: only *some* variables are saved.\n# Last Modified on Tue Nov 26 16:04:34 CET 2024.\n\ndefaultHomePerm=\ndefaultLgroup=group1\ndefaultclass=\ndefaultgroups=user2\npasswdtype=yes\nhomeprefix=\/home\ndefaultshell=\/usr\/local\/bin\/bash\nudotdir=\/usr\/share\/skel\nmsgfile=\/etc\/adduser.msg\ndisableflag=\nuidstart=2003\n<\/pre><\/div>\n\n\n
So far there is nothing special, the commands are not the same as on Linux, but the concepts are very similar. What you might have noticed is, that there is something which is called a “login class”. Login classes are used to setup users environments and optionally put restrictions on resource usage. Those classes are defined in “\/etc\/login.conf” and the default class looks like this:<\/p>\n\n\n
\ndefault:\\\n        :passwd_format=sha512:\\\n        :copyright=\/etc\/COPYRIGHT:\\\n        :welcome=\/var\/run\/motd:\\\n        :setenv=BLOCKSIZE=K:\\\n        :mail=\/var\/mail\/$:\\\n        :path=\/sbin \/bin \/usr\/sbin \/usr\/bin \/usr\/local\/sbin \/usr\/local\/bin ~\/bin:\\\n        :nologin=\/var\/run\/nologin:\\\n        :cputime=unlimited:\\\n        :datasize=unlimited:\\\n        :stacksize=unlimited:\\\n        :memorylocked=64K:\\\n        :memoryuse=unlimited:\\\n        :filesize=unlimited:\\\n        :coredumpsize=unlimited:\\\n        :openfiles=unlimited:\\\n        :maxproc=unlimited:\\\n        :sbsize=unlimited:\\\n        :vmemoryuse=unlimited:\\\n        :swapuse=unlimited:\\\n        :pseudoterminals=unlimited:\\\n        :kqueues=unlimited:\\\n        :umtxp=unlimited:\\\n        :priority=0:\\\n        :ignoretime@:\\\n        :umask=022:\\\n        :charset=UTF-8:\\\n        :lang=C.UTF-8:\n<\/pre><\/div>\n\n\n
There are many more examples in that file, take your time and have a look at them to get an idea. If you change something in that file, you’ll need to re.generate the database with “cap_mkdb<\/a>“. There is the same concept for the password files. If you check “\/etc\/master.passwd” you see the hashed passwords (in Linux it is \/etc\/shadow), but if you check “\/etc\/passwd” there are no hashes anymore:<\/p>\n\n\n
\nroot@freebsd14:~ $ egrep "^root|^user1|^user2" \/etc\/master.passwd\nroot:$6$rwisdlYvWBHh7XE\/$UjQ7zuTqdDXKSjxCjNph6KBWAn.S5lfwal4FsZGWBJsKDsvbfWSJ3asp7BOa9o09iRVNWrpgXKqxh2J9RnUZs\/:0:0::0:0:Charlie &:\/root:\/bin\/sh\nuser1:*:2001:2001::0:0:a sample user:\/home\/user1:\/usr\/local\/bin\/bash\nuser2:$6$HdjGHoWTrlJChtkn$dLkcSNPn8.O98\/rjm91GhGM7lxHb1rrumK0.SSXtO.\/5jr0LqddyG7Es8ijqVuge9cDdmwz0BF3q5uGq7ERDn\/:2002:2002::0:0:second sample user:\/home\/user2:\/usr\/local\/bin\/bash\n\nroot@freebsd14:~ $ egrep "^root|^user1|^user2" \/etc\/passwd \nroot:*:0:0:Charlie &:\/root:\/bin\/sh\nuser1:*:2001:2001:a sample user:\/home\/user1:\/usr\/local\/bin\/bash\nuser2:*:2002:2002:second sample user:\/home\/user2:\/usr\/local\/bin\/bash\n<\/pre><\/div>\n\n\n
The reason is that normal users are not allowed to read “\/etc\/master.passwd” but still can get basic account information out of “\/etc\/passwd”. So there needs to be a way to generate the second one out of the first one, and this is done with “pwd_mkdb<\/a>“. In the same way as “cap_mkdb<\/a>” does it for the login classes, this one does it for the password databases:<\/p>\n\n\n
\nroot@freebsd14:~ $ ls -l \/etc\/*pwd*.db\n-rw-r--r--  1 root wheel 40960 Nov 26 15:58 \/etc\/pwd.db\n-rw-------  1 root wheel 40960 Nov 26 15:58 \/etc\/spwd.db\n<\/pre><\/div>\n\n\n
The result are binaries and faster to process than the text representation of the base files. In addition the “\/etc\/passwd” file is created out of the master file without the sensitive information.<\/p>\n\n\n\n
Let’s do a simple test show how this works. The password database files currently have these timestamps:<\/p>\n\n\n
\nroot@freebsd14:~ $ ls -la \/etc\/*pwd*.db\n-rw-r--r--  1 root wheel 40960 Nov 27 14:06 \/etc\/pwd.db\n-rw-------  1 root wheel 40960 Nov 27 14:06 \/etc\/spwd.db\nroot@freebsd14:~ $ ls -la \/etc\/*passwd*\n-rw-------  1 root wheel 2124 Nov 27 14:01 \/etc\/master.passwd\n-rw-r--r--  1 root wheel 1781 Nov 26 15:58 \/etc\/passwd\n<\/pre><\/div>\n\n\n
Changing the shell of “user2” using “pw” will update all the files at once:<\/p>\n\n\n
\nroot@freebsd14:~ $ grep user2 \/etc\/passwd \nuser2:*:2002:2002:second sample user:\/home\/user2:\/usr\/local\/bin\/bash\nroot@freebsd14:~ $ pw user mod user2 -s \/bin\/sh\nroot@freebsd14:~ $ grep user2 \/etc\/master.passwd \nuser2:$6$HdjGHoWTrlJChtkn$dLkcSNPn8.O98\/rjm91GhGM7lxHb1rrumK0.SSXtO.\/5jr0LqddyG7Es8ijqVuge9cDdmwz0BF3q5uGq7ERDn\/:2002:2002::0:0:second sample user:\/home\/user2:\/bin\/sh\nroot@freebsd14:~ $ ls -la \/etc\/*passwd*\n-rw-------  1 root wheel 2112 Nov 27 14:16 \/etc\/master.passwd\n-rw-r--r--  1 root wheel 1757 Nov 27 14:16 \/etc\/passwd\nroot@freebsd14:~ $ ls -la \/etc\/*pwd*.db\n-rw-r--r--  1 root wheel 40960 Nov 27 14:16 \/etc\/pwd.db\n-rw-------  1 root wheel 40960 Nov 27 14:16 \/etc\/spwd.db\n<\/pre><\/div>\n\n\n
On the other hand, if we change the shell of “user2” back to bash manually in “\/etc\/master.passwd”:<\/p>\n\n\n
\n# open, change manually back to \/usr\/local\/bin\/bash and save\nroot@freebsd14:~ $ grep user2 \/etc\/master.passwd \nuser2:$6$HdjGHoWTrlJChtkn$dLkcSNPn8.O98\/rjm91GhGM7lxHb1rrumK0.SSXtO.\/5jr0LqddyG7Es8ijqVuge9cDdmwz0BF3q5uGq7ERDn\/:2002:2002::0:0:second sample user:\/home\/user2:\/usr\/local\/bin\/bash\n<\/pre><\/div>\n\n\n
… the other files have not been touched and still show the old timestamp:<\/p>\n\n\n
\nroot@freebsd14:~ $ ls -l \/etc\/*pwd*\n-rw-r--r--  1 root wheel 40960 Nov 27 14:16 \/etc\/pwd.db\n-rw-------  1 root wheel 40960 Nov 27 14:16 \/etc\/spwd.db\nroot@freebsd14:~ $ ls -l \/etc\/*passwd*\n-rw-------  1 root wheel 2124 Nov 27 14:47 \/etc\/master.passwd\n-rw-r--r--  1 root wheel 1757 Nov 27 14:16 \/etc\/passwd\n<\/pre><\/div>\n\n\n
In this case we need to run “pwd_mkdb<\/a>” manually to get this done:<\/p>\n\n\n
\nroot@freebsd14:~ $ pwd_mkdb -p \/etc\/master.passwd\nroot@freebsd14:~ $ ls -l \/etc\/*pwd*\n-rw-r--r--  1 root wheel 40960 Nov 27 14:52 \/etc\/pwd.db\n-rw-------  1 root wheel 40960 Nov 27 14:52 \/etc\/spwd.db\nroot@freebsd14:~ $ ls -l \/etc\/*passwd*\n-rw-------  1 root wheel 2124 Nov 27 14:47 \/etc\/master.passwd\n-rw-r--r--  1 root wheel 1769 Nov 27 14:52 \/etc\/passwd\nroot@freebsd14:~ $ grep user2 \/etc\/passwd \nuser2:*:2002:2002:second sample user:\/home\/user2:\/usr\/local\/bin\/bash\n<\/pre><\/div>\n\n\n
At least from my point of view it is not advisable to do it like this. If you want to edit users manually, instead of manually editing the master file you should use “vipw<\/a>“. This at least does some sanity checks for you and is automatically rebuilding the password databases. Otherwise us “pw<\/a>” or “chpass<\/a>“.<\/p>\n\n\n\n
The final topic for this post is something that very much reminds of PostgreSQL’s pg_hba.conf<\/a>, which is called “login access control table” in FreeBSD. As in PostgreSQL, you can define who, from where, networked or not, is either accepted to login or not. Have a look at “\/etc\/login.access” to get an idea how that looks like. Here are some examples from that file:<\/p>\n\n\n
\n# Disallow console logins to all but a few accounts.\n#\n#-:ALL EXCEPT wheel shutdown sync:console\n#\n# Disallow non-local logins to privileged accounts (group wheel).\n#\n#-:wheel:ALL EXCEPT LOCAL .win.tue.nl\n#\n# Some accounts are not allowed to login from anywhere:\n#\n#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL\n#\n# All other accounts are allowed to login from anywhere.\n<\/pre><\/div>\n\n\n
That’s it for today. In the next post we’ll look at services are managed in FreeBSD.<\/p>\n","protected":false},"excerpt":{"rendered":"
In the last post, we’ve initially configured FreeBSD so that networking is up and running, additional packages can be installed, and the system was patched to the latest release. In this post we’ll look at how users and groups are managed in FreeBSD and what FreeBSD provides when it comes to additional security mechanisms. On […]<\/p>\n","protected":false},"author":29,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[42],"tags":[2718,2256,46],"type_dbi":[3471],"class_list":["post-35922","post","type-post","status-publish","format-standard","hentry","category-operating-systems","tag-bsd","tag-freebsd","tag-linux-unix","type-freebsd"],"acf":[],"yoast_head":"\nFreeBSD basics \u2013 2 \u2013 Users & Groups - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FreeBSD basics \u2013 2 \u2013 Users & Groups\" \/>\n<meta property=\"og:description\" content=\"In the last post, we’ve initially configured FreeBSD so that networking is up and running, additional packages can be installed, and the system was patched to the latest release. In this post we’ll look at how users and groups are managed in FreeBSD and what FreeBSD provides when it comes to additional security mechanisms. On […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-28T07:21:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-28T07:21:59+00:00\" \/>\n<meta name=\"author\" content=\"Daniel Westermann\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@westermanndanie\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Westermann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/freebsd-basics-2-users-groups\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/freebsd-basics-2-users-groups\\\/\"},\"author\":{\"name\":\"Daniel Westermann\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"headline\":\"FreeBSD basics \u2013 2 \u2013 Users & Groups\",\"datePublished\":\"2024-11-28T07:21:55+00:00\",\"dateModified\":\"2024-11-28T07:21:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/freebsd-basics-2-users-groups\\\/\"},\"wordCount\":703,\"commentCount\":0,\"keywords\":[\"BSD\",\"FreeBSD\",\"Linux\\\/UNIX\"],\"articleSection\":[\"Operating systems\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/freebsd-basics-2-users-groups\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/freebsd-basics-2-users-groups\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/freebsd-basics-2-users-groups\\\/\",\"name\":\"FreeBSD basics \u2013 2 \u2013 Users & Groups - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"datePublished\":\"2024-11-28T07:21:55+00:00\",\"dateModified\":\"2024-11-28T07:21:59+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/freebsd-basics-2-users-groups\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/freebsd-basics-2-users-groups\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/freebsd-basics-2-users-groups\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FreeBSD basics \u2013 2 \u2013 Users & Groups\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\",\"name\":\"Daniel Westermann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"caption\":\"Daniel Westermann\"},\"description\":\"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\\\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/westermanndanie\"],\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/daniel-westermann\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"FreeBSD basics \u2013 2 \u2013 Users & Groups - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/","og_locale":"en_US","og_type":"article","og_title":"FreeBSD basics \u2013 2 \u2013 Users & Groups","og_description":"In the last post, we’ve initially configured FreeBSD so that networking is up and running, additional packages can be installed, and the system was patched to the latest release. In this post we’ll look at how users and groups are managed in FreeBSD and what FreeBSD provides when it comes to additional security mechanisms. On […]","og_url":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/","og_site_name":"dbi Blog","article_published_time":"2024-11-28T07:21:55+00:00","article_modified_time":"2024-11-28T07:21:59+00:00","author":"Daniel Westermann","twitter_card":"summary_large_image","twitter_creator":"@westermanndanie","twitter_misc":{"Written by":"Daniel Westermann","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/"},"author":{"name":"Daniel Westermann","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"headline":"FreeBSD basics \u2013 2 \u2013 Users & Groups","datePublished":"2024-11-28T07:21:55+00:00","dateModified":"2024-11-28T07:21:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/"},"wordCount":703,"commentCount":0,"keywords":["BSD","FreeBSD","Linux\/UNIX"],"articleSection":["Operating systems"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/","url":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/","name":"FreeBSD basics \u2013 2 \u2013 Users & Groups - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2024-11-28T07:21:55+00:00","dateModified":"2024-11-28T07:21:59+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/freebsd-basics-2-users-groups\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"FreeBSD basics \u2013 2 \u2013 Users & Groups"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66","name":"Daniel Westermann","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","caption":"Daniel Westermann"},"description":"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.","sameAs":["https:\/\/x.com\/westermanndanie"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/daniel-westermann\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/35922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=35922"}],"version-history":[{"count":23,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/35922\/revisions"}],"predecessor-version":[{"id":35949,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/35922\/revisions\/35949"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=35922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=35922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=35922"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=35922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}