Getting Started With Linux – Basic User Management
One of the most important security aspects of managing a server is making sure that each user has their own individual account and that their access rights match their role.This means that the actions of each individual user are both traceable and accountable.
In general, when we provide you with a Linux server you gain access as the root user, so the first thing you need to do is create user accounts for your other users. User and account management is spread across four main files, these are all plain text and can be edited in any text editor.
/etc/passwd This file contains details related to the user accounts.
/etc/shadow This file contains the encrypted passwords for the users.
/etc/group This file contains details related to groups.
/etc/gshadow This file contains secure group related details.
Fortunately, there are tools available to make this easier for you to manage. In Debian and Ubuntu you can use the adduser command, which is fairly simple, as it asks you for the user’s password and then asks you for any further optional information you may wish to provide. The command will then create the user account and group, set the password and create a home directory (where a user will keep their files and preferences).
So in the case that we want to create a user with the username of Alice, the command required would be…
adduser alice
After answering the questions, for which the defaults can be accepted with no issues, the user could log-in as Alice straight away.
In CentOS things are slightly more difficult in that the useradd command is used which, by default, will only create the user account. The -m flag is required to have the user’s home directory created and, after creating the user, you will need to set a password with the passwd command before it can be used. So again, to create a user called Alice you’d need to use the following commands…
useradd -m alice
passwd alice
Unless your users are all working in isolation you’ll want to create groups for them to work in. Again Debian and Ubuntu use a slightly different command to CentOS. In Debian and Ubuntu we use the addgroup command. So to create a group called testusers the command would be:
addgroup testusers
In Centos, the command is groupadd and works in pretty much the same way.
groupadd testusers
Finally, to add an existing user to the newly-created group you can use the usermod command. This is the same in Debian, Ubuntu and CentOS. So to add the user Alice to the testusers group the command would be…
usermod -aG testusers alice
Unfortunately, undoing this isn’t so easy. In Debian and Ubuntu you can use the deluser command to remove a user from a group.Though, be careful, as you can accidentally delete a user with the command. So to remove the alice user from the testusers group the command would be:
deluser alice testusers
In CentOS your options are to remove all secondary groups from the user as follows, after which you would need to add back in any other groups that are still required:
usermod -G “” alice
Alternately, you can manually edit the /etc/group file to remove the user from the group.
Deleting a user is much like creating one. In Debian and Ubuntu you would user the deluser command and in CentOS you would use userdel. So, for our examples below, to delete the user Alice in Debian and Ubuntu…
deluser alice
Now to delete the user alice in CentOS…
userdel alice
There you have it, user management nice and simple.