Linux : User Group Management (Day 5)

Local User Accounts

• useradd

The useradd command is used to create a new user account in Linux.

Syntax:

useradd [options] USERNAME        

Options:

• -d HOME_DIR: Specify the user’s home directory.
• -u UID: Assign the user ID for the account.
• -g GID: Assign a primary group ID.
• -G GROUPS: Assign supplementary groups.
• -s SHELL: Assign the login shell.
• -c COMMENT: Add a description for the user account.

Example:

sudo useradd -d /home/newuser -u 1101 -g users -G wheel,storage -s /bin/bash -c "New User Account" newuser        

• userdel

The userdel command is used to delete a user account and related files.

Syntax:

userdel [options] USERNAME        

Options:

• -r: Remove home directory and mail spool.
• -f: Force removal of files, even if the user is logged in.

Example:

sudo userdel -r olduser        

• usermod

The usermod command is used to modify an existing user account.

Syntax:

usermod [options] USERNAME        

Options:

• -d HOME_DIR: Change the user’s home directory.
• -l NEW_LOGIN: Change the username.
• -L: Lock the user account.
• -U: Unlock the user account.
• -G GROUPS: Change supplementary groups.
• -a: Append the user to supplementary groups.

Example:

sudo usermod -d /home/updateduser -l updateduser -G wheel,storage oldusername        

These commands must be run with root privileges, so you may need to use sudo. Always double-check the command and options before executing to avoid system issues. Remember to replace USERNAME, HOME_DIR, UID, GID, GROUPS, SHELL, COMMENT, NEW_LOGIN, and other placeholders with actual values based on your requirements.

Local Groups & Groups Memberships :

• groupadd

The groupadd command creates a new group.

Syntax:

groupadd [options] GROUPNAME        

Options:

• -g GID: Specify the group ID for the new group.
• -r: Create a system group.

Example:

sudo groupadd -g 1001 developers        

• groupdel

The groupdel command deletes a group.

Syntax:

groupdel GROUPNAME        

Example:

sudo groupdel oldgroup        

• groupmod

The groupmod command modifies a group’s attributes.

Syntax:

groupmod [options] GROUPNAME        

Options:

• -g GID: Change the group ID.
• -n NEW_GROUPNAME: Change the group name.

Example:

sudo groupmod -n newname oldname        

• groups

The groups command displays the groups a user is a member of.

Syntax:

groups [username]        

Example:

groups username        

• usermod

To manage group memberships, you can use the usermod command to add or remove a user from groups.

Syntax:

usermod [options] USERNAME        

Options:

• -aG GROUPS: Add the user to supplementary groups.
• -G GROUPS: Set the user’s supplementary groups.

Example:

sudo usermod -aG developers username        

• gpasswd

Another tool for managing group memberships is gpasswd.

Syntax:

gpasswd [options] GROUP        

Options:

• -a USER: Add a user to the group.
• -d USER: Remove a user from the group.

Example:

sudo gpasswd -a username developers        

These commands should be executed with root privileges, so you may need to use sudo. Always check the command and options before executing to avoid system issues. Replace GROUPNAME, GID, NEW_GROUPNAME, username, GROUPS, and other placeholders with actual values based on your requirements.

Managing access to the root account

• Checking Root Account Status

To check if the root account is locked or unlocked, you can use the passwd command with the -S option:

sudo passwd -S root        

If the output shows ‘L’, the account is locked. If it shows ‘P’, it has an active password and is unlocked

• Locking and Unlocking Root Account

To lock the root account, preventing login:

sudo passwd -l root        

To unlock the root account:

sudo passwd -u root        

• Changing Root Password

To change the root password:

sudo passwd root        

• Granting Sudo Privileges

Instead of using the root account, it’s safer to grant sudo privileges to a regular user. This allows the user to execute commands with root-level permissions without logging in as root.

To add a user to the sudo group:

sudo usermod -aG sudo username        

• Configuring Sudoers File

For more granular control, you can edit the /etc/sudoers file using visudo:

sudo visudo        

Here, you can specify which commands a user can run and whether a password is required.

• Using Sudo Command

Users with sudo privileges can execute commands as root by prefixing them with sudo:

sudo <command>        

• Disabling Root SSH Login

To prevent the root user from logging in via SSH, edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config        

Change the PermitRootLogin directive to no and restart the SSH service:

sudo systemctl restart sshd        

Remember to replace username with the actual username and <command> with the command you wish to run as root. Always verify changes to system configurations to avoid unintended consequences.