Creating and managing users
A brief description on user creation and management
Regular user creation
There are many types of users on a Linux system. Regular, system, and the all powerful super user. However, this guide is about making regular users. And giving them permissions to do things.
In order to create and mange users you'll need to use sudo
or be root
To create a user named bob:
sudo adduser bob
The user is not alive but they don't have password! Therefore, won't be able to login.
To give the user a password:
sudo passwd bob
# you'll then be prompted to enter a password
# don't panic when nothing appears when you type
# this is a security function of linux
Once the user is created and a password is set you'll be able to login as bob
User bob has logged in but doesn't show up in the sudoers file let's troubleshoot:
sudo id bob
# this will return the following:
# uid=1001(bob) gid=1001(bob) groups=1001(bob)
# We know that we have sudo permissions so let's compare our
# permissions to bob's
id
# this should return:
# uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal)
# Which group allows us sudo permissions? And how do we add bob?
Since we are utilizing a Redhat Distribution we need to add bob to the wheel
group.

Enter the `usermod`
Usermod is a command that allows you to change the attributes of a user, generally this utilized to change either the primary group or add groups to the user to allow them certain permissions. The most popular is adding people to the pre-verified sudo group.
The syntax for usermod is like any other built-in command: command [options] (arguments)
in the case of usermod
the order of arguments is groups desired to be added followed by the user.
Now that we know our distribution, sudo group, and user to be changed we can give bob the permissions he needs.
sudo usermod -aG wheel bob # there are two options specified here
# option `a` stands for append, this will allow us to add a group
# without changing bob's primary group. This way bob gets to keep
# being bob.
# the `G` option actually stands for group this tells `usermod` that
# we want to edit the groups of the user at the end
# we follow the options with our arguments - first the groups to add
# and lastly the user to add the groups to
# This command has no output and can be verified by the following:
sudo id bob
# The ouput should be:
# uid=1001(bob) gid=1001(bob) groups=1001(bob),10(wheel)
# Now bob should be able to run sudo in the same way as us
Deleting a user
We've given bob a lot of power, the same as us. If bob were to run sudo -i
or sudo su -
and actually become root he could do whatever he likes. Even more concerning is that bob has quit and now his user on the system needs to be removed. Leaving a user like bob who can utilize sudo is a threat to our security posture.
To clean up bob's home directory, mail directory, groups, and permissions:
sudo deluser -r bob # here we use the `-r` as an option. In this case
# it means recursive. It'll delete all resources tagged for bob
# as well as the contents of his home and mail directories.
Last updated
Was this helpful?