Pluralsight Logo
Author avatar

Gabriel Cánepa

Author badge Author

Getting Started with User Management for Linux Administration

Gabriel Cánepa

Author BadgeAuthor
  • Jul 30, 2018
  • 5 Min read
  • 60 Views
  • Jul 30, 2018
  • 5 Min read
  • 60 Views
linux administration
linux add user to group
linux permissions
superuser

Set Up

For additonal context to set up your workspace, please view the previous guide in this series: User and Group Management in Linux .

Getting Started with User Management

While we're logged as pluralsight, let's add another user account called student with a password of our choice. You can skip the second command if the first one prompts you to enter the password for student:

1
2
sudo adduser student
sudo passwd student

If everything went as expected, a new user and a primary group called student were created with a unique user and group id, respectively. Additionally, the new user is assigned a personal directory (/home/student in this case) and a login shell (/bin/bash by default).

Using usermod we can change the home directory to another existing one, edit the login shell, and an add an optional comment on the user (such as full name or employee information) as explained next.

To change the home directory to /Users/student (this directory must exist), use the --home (or its short equivalent -d) option:

1
sudo usermod --home /Users/student student

If the user prefers to use /bin/sh as login shell (or company policies require employees to use it), the --shell (or -s) flag will do the trick:

1
sudo usermod --shell /bin/sh student

To add a descriptive comment to the user account, use --comment (or -c), followed by the comment enclosed between double quotes. For example, you can do

1
sudo usermod --comment "Account used for Pluralsight guide" student

The above commands can be grouped into one as follows:

1
sudo usermod --home /Users/student --shell /bin/sh --comment "Account used for Pluralsight guide" student

In Fig. 1 we see the contents of /etc/passwd before and after modifying the user information:

As you can see in these examples, the syntax of usermod consists in invoking the command followed by one or more options (with their corresponding values) and the user account they should be applied to.

In addition to changing the user's home directory, login shell, and descriptive comment, usermod also allows you to lock (and unlock) an account and set its expiration date. To do so, use --lock (or -L), --unlock (or -U), and --expiredate (or -e), respectively. The expiration date must be specified using the YYYY-MM-DD format.

For example, to lock student, do:

1
sudo usermod --lock student

If we now try to login as student, we will get an Authentication failure error, as shown in Fig. 2. After unlocking the account with

1
sudo usermod --unlock student

we will be able to use the account again, as also observed in Fig. 2:

When an user is locked, an exclamation sign ! is placed before the encrypted password in /etc/shadow, thus disabling the account.

To set the expiration date of student to October 31, 2017, do

1
sudo usermod --expire-date 2017-10-31 student

The changes can then be viewed with

1
sudo chage -l student

By the way, you can use chage to enforce a password change policy. As a safety measure, it is important to have users change their passwords after a given period of time. For example, to force student to change his password every 60 days, do:

1
sudo chage --maxdays 60 student

Fig. 3 shows student's password information after performing the above changes:

In man chage you can find more information about other useful password expiration tasks.

If an account needs to be deleted for good, use

1
sudo userdel -r

followed by the corresponding username. In this example, the use of -r will ensure that all the user's files are removed as well. If you want to keep such files for some reason, omit that option.

Groups

In Linux, groups can be defined as a way to organize users that need the same type of access to a directory or file.

To create a new group named finances, do

1
addgroup finances

To remove it from the system, use

1
delgroup finances

The information for the new group is stored in /etc/group, where each line shows the name of the group and the user accounts that are associated with it.

It is important that you practice the commands and examples outlined in this section until you feel confident using them. Then proceed to the next Guide where we will be adding and removing users to and from groups, and granting or preventing access to files and directories.

Next Steps

Please continue on to the next guide in this Linux Permissions.

0