Situatie
The system administrator role includes creating users, deleting users, and reviewing existing users. They also control who can, and cannot, use root
‘s elevated powers. Here’s how to do that on Ubuntu Linux.
What to Know About Managing Users in Ubuntu
Multi-user systems require a distinct user account for each person who uses the computer. Each users has their own password, and their own private area for data. Normal users cannot access another user’s data. The root
user can access anything, of course.
It’s the root user who manages user accounts. They must create an account when a new user needs to use the computer, and they delete old accounts when they’re no longer required.
Apart from creation and deletion, other changes may be required during the lifetime of the account. The user may forget their password, and need it to have it reset. They may join another department or team and need to be added to the appropriate user group. They may even be promoted and be awarded root privileges. These common tasks fall on the system administration team. If you’re the administrator on duty—or the only one in the team—you’re expected to complete these tasks quickly and easily.
Here’s a round-up of how to carry out these common tasks on Ubuntu. Because they use standard tools, you can use them on other distributions too, but we’ll be featuring Ubuntu in the screenshots.
Solutie
How to Create a User in Ubuntu
There’s two built-in command line methods of creating new users. They have very similar names, one is useradd
, and the other is adduser
.
The useradd
command needs all the information required to create the new account to be provided on the command line. The adduser
command takes a different approach. It prompts you for the information it needs to create the new account.
Using useradd
To add a new user with useradd
, use a command in this format.
sudo useradd -s /bin/bash -m -c "Mary Quinn" -Gdevelopment maryq
The options and parameters we used are:
- -s /bin/bash: This sets the default shell for this new user.
- -m: This creates a home directory in the “/home/” directory, for the new user.
- -c “Mary Quinn”: The full name of the new user. This is optional, but useful.
- -Gdevelopment: The new user is added to a group with the same name as their account name. The
-G
option allows us to also add them to another, pre-existing group. The groups must already exist. This new user will be a member of the “development” group. - maryq: The login name of the new user. This must be unique.
That creates the user, but we still need to set their password. We do this by passing the account login name to the passwd
command.
sudo passwd maryq
You’re prompted for the new password, which you must enter twice.
Using adduser
To add a new user with the adduser
command, we provide the login name of the account we’re going to create.
sudo adduser maxn
You’re prompted for the password, and the full name of the new user.
If you want, you can hit “Enter” when you’re prompted for the optional “Full Name”, “Room Number”, “Work Phone”, “Home Phone”, and “Other” fields. These will be left blank.
How to Add a User Group in Ubuntu
Usually, when you’re adding a user to a group in Linux, you’re actually adding them to an additional group. The group must already exist.
We do this using the usermod
command. The important thing is to make sure you use the -a
(append) option together with the -G
(supplementary group) option. If you don’t, the user is made a member of the new group, but their other group memberships are removed.
This’ll cause a lot of problems, because they won’t be a member of their own primary group and they won’t be able to access their own files—if they’re even able to log in.
To add maxn
to the development group, we use the -a
(append) and the -G
(supplementary group) options with the name of the group we’re adding them to. We’ll use the groups
command before and after, so that we can see what changes were made.
groups maxn
sudo usermod -a -G development maxn
groups maxn
As we can see, the user maxn
has been added to the “development” group, and he remains a member of his other groups, too.
How to List Users in Ubuntu
Keeping track of user accounts is part of the administrator’s role, too. Thankfully reviewing the list of existing user accounts isn’t a problem, and there are several ways to do it.
We can use less to look inside the “/etc/passwd” file, but that shows all of the system and process “user” accounts as well as those used by actual, organic people.
less /etc/passwd
All user accounts have a unique, numerical ID. The lowest and highest values that can be used as an ID are stored in the “/etc/login.defs” file. If we discover those values we can list the accounts that have values between these two limits. That’ll list the genuine user accounts for us.
To find out the upper and lower limits, we’ll use grep
to search through the “/etc/login.defs” file. We’re searching for lines that start with either “UID_MIN” or “UID_MAX.”
grep -E '^UID_MIN|^UID_MAX' /etc/login.defs
On this computer the range of user account IDs is from 1000 to 60000. Armed with this knowledge we can use the getent
command to search the password databases for entries with values in the range from 1000 to 60000.
getent passwd {1000..60000}
That’s much more useful but, because it’s checking 59,000 user IDs, it does take a while to run. We can reduce that time by finding out the highest used user ID, and searching up to that value.
We’ll use the cut
command and use the colon “:
” as the field delimiter. We’ll extract the third field from the “/etc/passwd” file, which is the user ID field. We’ll pipe the output through sort
, and use the -g
(general numerical sort) option to display the results in ascending numerical order.
cut -d: -f3 /etc/passwd | sort -g
Anything between 1000 and 60000 is a valid human account. The highest value on this computer that meets those criteria 1003. Slotting that value into our getent
command speeds things up dramatically.
getent passwd {1000..1003}
How to Add a User to sudo on Ubuntu
Those few users who are able to use the sudo
command are all members of a particular group. To award sudo
privileges to someone, you must add them to that group. On Ubuntu—and many other distributions—the name of that group is “sudo” but it might be something else, like “wheel”, so it’s best to check.
The sudo visudo
command opens an editor and loads the “/etc/sudoers” file. Scroll down until you see an entry similar to “Allow members of group sudo to execute any command” and take a note of the group name.
sudo visudo
In our case, it is “sudo.”
We’ll add user maryq
to that group, using the usermod
command that we used earlier.
groups maryq
sudo usermod -a -G sudo maryq
groups maryq
The next time Mary logs in, she’ll be able to use the sudo
command.
If the user has a specific need for sudo
and no more, giving them unlimited access to sudo
is overkill. Let’s say Max needs to be able to install software using the apt
command, but doesn’t need full sudo
access.
We need to add him to the “/etc/sudoers” file, and specify the command he can run with sudo
.
sudo visudo
Scroll through the file and insert these lines just above the last entry in the file.
# User Max can install software using apt maxn ALL=(root) /usr/bin/apt
The first line is a comment. The second line starts with the name of Max’s default user group. This usually matches the user’s login name. The “ALL=” means this applies all hosts on this network. The “(root)” means members of the “maxn” group can assume root privileges for the named commands, and the only named command is “apt
.”
Note that there’s a Tab immediately after “maxn”, not a series of spaces.
Save your changes. When Max next logs in he’ll be able to run the apt
command with sudo
. He won’t be able to use sudo
with any other command.
How to Change a User Password on Ubuntu
Changing a user’s password is easy. You’ll need to use sudo
with the passwd command.
sudo passwd maxn
You’re asked to enter the password twice to ensure it is typed correctly. The next time the user logs in, they’ll need to use their new password.
If you don’t want to pick the user’s password, use the -e (expire) option. This forces the user to choose their own new password the next time they log in.
sudo passwd -e maxn
How to Remove a User on Ubuntu
Ubuntu and other Debian-derived distributions have the deluser
command to remove a user from your system. Distributions that are not based on Debian use the userdel
command instead.
Before you use the nuclear option, do you really want to delete them? You could just lock them out. That leaves you free to review their files and so forth.
If you’re determined to delete them but might want to refer to their files and data, archive their home directory using a tool such as tar
.
Let’s use Max’s user account maxn
as an example.
To lock him out we can use the passwd
command with the -l
(lock) option.
sudo passwd -l maxn
To archive his home directory we’ll use tar
.
sudo tar cfjv max-normal-home-folder.tar.bz /home/maxn
Note there’s no hyphen “-” before the command line options to tar
. We used:
- c: Create an archive file.
- f: The filename for the new archive file.
- j: Use bzip2 compression.
- v: Provide verbose output as the archive is created.
The archive file is created for us, with our requested name.
ls
To perform the deletion of the user, we’ll use the --remove-home
option to clear out their data at the same time.
sudo deluser --remove-home maxn
Max is history.
On a non-Debian distribution the command is:
sudo userdel --remove maxn
From Cradle to Grave
As a system administrator you’ve got complete power over regular users. From creating them, managing them, and ultimately deleting them, the command line lets you do it all.
Leave A Comment?