Creating and managing users

A brief description on user creation and management

Regular user creation

There are many types of users on a Linux system. Regular, system, and the all powerful super user. However, this guide is about making regular users. And giving them permissions to do things.

In order to create and mange users you'll need to use sudo or be root

pageSuper User

To create a user named bob:

sudo adduser bob

It is best practice to utilize adduser, this will create the user, their group, and their home directory. The useradd on Debian based systems is a low level tool designed for making system level users. Redhat based distros do not have this and will obfuscate the difference, and make regular users by default. TLDR; adduser not useradd.

The user is not alive but they don't have password! Therefore, won't be able to login.

To give the user a password:

sudo passwd bob
# you'll then be prompted to enter a password 
# don't panic when nothing appears when you type 
# this is a security function of linux

passwd is the actual command not a misspelling of "password" do not try to correct this. There are many "typos" that are built-in linux commands,

Once the user is created and a password is set you'll be able to login as bob

User bob has logged in but doesn't show up in the sudoers file let's troubleshoot:

sudo id bob
# this will return the following:
# uid=1001(bob) gid=1001(bob) groups=1001(bob)

# We know that we have sudo permissions so let's compare our
# permissions to bob's 

id
# this should return:
# uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal)

# Which group allows us sudo permissions? And how do we add bob?

Since we are utilizing a Redhat Distribution we need to add bob to the wheel group.

If you are unsure what distribution type you're on you can run cat /etc/os-release the ID Like section will tell you the closest relative to the actual distribution.

While the actual distro is belows Amazon Linux 2 we see the ID_LIKE is "centos rhel fedora"

centos is an open source copy of Red Hat. rhel is an abbreviation for Red Hat Enterpise Linux. And Fedora is the development OS from which Red Hat inherits its updates and changes.

An example of Debian based distributions would be Ubuntu, PopOs, Raspbian.

Enter the `usermod`

Usermod is a command that allows you to change the attributes of a user, generally this utilized to change either the primary group or add groups to the user to allow them certain permissions. The most popular is adding people to the pre-verified sudo group.

The syntax for usermod is like any other built-in command: command [options] (arguments) in the case of usermod the order of arguments is groups desired to be added followed by the user.

Now that we know our distribution, sudo group, and user to be changed we can give bob the permissions he needs.

sudo usermod -aG wheel bob # there are two options specified here 
# option `a` stands for append, this will allow us to add a group 
# without changing bob's primary group. This way bob gets to keep 
# being bob. 
# the `G` option actually stands for group this tells `usermod` that
# we want to edit the groups of the user at the end 
# we follow the options with our arguments - first the groups to add
# and lastly the user to add the groups to
# This command has no output and can be verified by the following: 

sudo id bob
# The ouput should be: 
# uid=1001(bob) gid=1001(bob) groups=1001(bob),10(wheel)
# Now bob should be able to run sudo in the same way as us

Deleting a user

We've given bob a lot of power, the same as us. If bob were to run sudo -i or sudo su - and actually become root he could do whatever he likes. Even more concerning is that bob has quit and now his user on the system needs to be removed. Leaving a user like bob who can utilize sudo is a threat to our security posture.

To clean up bob's home directory, mail directory, groups, and permissions:

sudo deluser -r bob # here we use the `-r` as an option. In this case 
# it means recursive. It'll delete all resources tagged for bob
# as well as the contents of his home and mail directories.

Please note that not all options mean the same thing in all commands this is even more true for non-bulit-in commands. Always refer to the man pages before utilizing any options. And check the official documentation for any command line tools you've installed.

PreviousSuper User NextHow to move around the filesystem

Last updated 2 years ago