When you are running a dedicated server or VPS, it is unlikely that you are going to be the only user that needs to log into it. The chances are that there will be a team of users. While it’s easy to simply share the root password with all the users and have them all log in as the root user for access, this poses a number of potential security issues. Sharing passwords can allow an inexperienced user the ability to run dangerous commands on a system. Meaning that a mistake could become a time consuming problem, rather than a user’s annoyance. In this post we will look at ways to manage Linux users.
The first thing you’ll need to do is create user accounts for all of your users:
sudo useradd -m username
In the above line you can exchange ‘username’ for the username of the user account you wish to create. The -m flag tells Linux that you wish to have a home directory created for the user. The user won’t be able to log in until you set a password for the account:
sudo passwd username
Again, exchange ‘username’ for the username that you wish to use for the user.
For Debian and related distributions, such as Ubuntu, there’s an additional script called adduser that is a bit friendlier than useradd and walks you through creating the account and asks you for various bits of information while configuring them. Using the command itself is pretty similar as before:
sudo adduser username
As well as creating a user, deleting a user is another task you may need to perform. This again is straightforward using the userdel command:
sudo userdel username
It’s also possible to modify user accounts on a system by making use of the usermod command. This command is capable of making quite a number of changes to a user, so we’ll run through a number of the common use case scenarios.
First, we’ll start with renaming a user:
sudo usermod -l new_username old_username
This should be fairly self explanatory, the username following the -l flag is the new username to be assigned, and then we provide the original username at the end so usermod knows which user we are changing. While this changes the user’s name itself, it doesn’t rename their home directory. Renaming the home directory will need to be done manually.
One of the key aspects to working with multiple users in Linux is the use of groups. Groups are a key aspect of the Linux permissions system and allow an easy way to allow multiple users access to specific files without needing them to be given superuser access. Different groups can also be given different levels of administration access using sudo configuration.
See our previous article on managing users with sudo here.
Before we can do anything with a group, we first need to create it:
sudo groupadd usergroup
This will create a group on the system called usergroup. You can change usergroup to whatever you wish to name it. Removing a group is as simple as you might expect:
sudo groupdel usergroup
Once we have created a new group on a system, we’ll likely want to add users to it. This can again be done with the usermod command:
sudo usermod -aG usergroup username
The above command adds the user specified by username to the group specified by usergroup. This will add a secondary group for the user. You can also list all the user groups that you wish the user to be added to:
sudo usermod -G usergroup1,usergroup2,usergroup3 username
This will set the secondary groups or the user specified by username to the groups in the list. Any other secondary groups that the user is in will be removed and only the listed will be kept. To remove the user from all secondary groups you can use the following command:
sudo usermod -G “” username
An easy way to find which groups a user is in is by using the id command:
sudo id username
This will print the user’s id (UID) alongside the groups and these group IDs (GID) of the actual groups the user is participating in. This command can help when specifying a list of groups to remove a user from a specific one.
That about covers most of the basic and common user management tasks that you’ll face on a Linux server.
Never miss another post. Sign up for the weekly 100TB newsletter.
Originally published at blog.100tb.com.