Create a user:
To add a new user, use the useradd command:
You can just use useradd
user_name
, and it will do below:
- It edits /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files for the newly created User account.
- Creates and populate a home directory for the new user.
- Sets permissions and ownerships to home directory.
# useradd -m -g initial_group -G additional_groups -s login_shell username
Popular options:
-d
, or –home-dir HOME_DIR :
The new user will be created using HOME_DIR as the value for the user’s login directory. The default is to append the LOGIN name to BASE_DIR and use that as the login directory name.-m
, or –create-home:
creates the user home directory as/home/username
. Within their home directory, a non-root user can write files, delete them, install programs, and so on.-g
, –gid GROUP:
defines the group name or number of the user’s initial login group. If specified, the group name must exist; if a group number is provided, it must refer to an already existing group. If not specified, the behaviour of useradd will depend on theUSERGROUPS_ENAB
variable contained in/etc/login.defs
. The default behaviour (USERGROUPS_ENAB yes
) is to create a group with the same name as the username, withGID
equal toUID
.-p
, –password PASSWORD
The encrypted password, as returned by crypt(3). The default is to disable the password.Note: This option is not recommended because the password (or encrypted password) will be visible by users listing the processes.
You should make sure the password respects the system’s password policy.
-G
, –gropus GROUP1, GROUP2 … : introduces a list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening spaces. The default is for the user to belong only to the initial group.-s
, –shell SHELL :
defines the path and file name of the user’s default login shell. After the boot process is complete, the default login shell is the one specified here. Ensure the chosen shell package is installed if choosing something other than Bash.-b
, –base-dir BASE_DIR:
The default base directory for the system if -dHOME_DIR is not specified. BASE_DIR is concatenated with the account name to define the home directory. The BASE_DIR must exist otherwise the home directory cannot be created.If this option is not specified, useradd will use the base directory specified by the HOME variable in /etc/default/useradd, or /home by default.
Other options:
-c
, –comment COMMENT
Any text string. It is generally a short description of the login, and is currently used as the field for the user’s full name.-e
, –expiredate EXPIRE_DATE
The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.If not specified, useradd will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default.
Add a existing user to a group
sudo adduser <username> <groupname>
usermod
The command ‘usermod‘ is used to modify or change any attributes of a already created user account via command line. The command ‘usermod‘ is similar to that ‘useradd‘ or ‘adduser‘ but the login granted to an existing user.
Requirements
We must have existing user accounts to execute usermod command.
Only superuser (root) is allowed to execute usermod command.
The usermod command can be executed on any Linux distribution.
Must have basic knowledge of usermod command with options
Options of Usermod
The ‘usermod‘ command is simple to use with lots of options to make changes to an existing user. Let us see how to use usermod command by modifying some existing users in Linux box with the help of following options.
-c = We can add comment field for the useraccount.
-d = To modify the directory for any existing user account.
-e = Using this option we can make the account expiry in specific period.
-g = Change the primary group for a User.
-G = To add a supplementary groups.
-a = To add anyone of the group to a secondary group.
-l = To change the login name from tecmint to tecmint_admin.
-L = To lock the user account. This will lock the password so we can’t use the account.
-m = moving the contents of the home directory from existing home dir to new dir.
-p = To Use un-encrypted password for the new password. (NOT Secured).
-s = Create a Specified shell for new accounts.
-u = Used to Assigned UID for the user account between 0 to 999.
-U = To unlock the user accounts. This will remove the password lock and allow us to use the user account.
add a user to sudoer
Ubuntu:
usermod -aG sudo username
CentOS:
usermod -aG wheel username
User group related file list
When we execute ‘usermod‘ command in terminal, the following files are used and affected.
File | Purpose |
---|---|
/etc/shadow |
Secure user account information |
/etc/passwd |
User account information |
/etc/gshadow |
Contains the shadowed information for group accounts |
/etc/group |
Defines the groups to which users belong |
/etc/sudoers |
List of who can run what by sudo |
/home/* |
Home directories |
/etc/login.defs | Shadow password suite configuration. |
The sudoers
file located at: /etc/sudoers
, contains the rules that users must follow when using the sudo command. If you want a script to be run as a administrator in the crontab entry, do the following:
1.create a script which contains the command to be run in crontab.
2. use command sudo visudo
to open the file /etc/sudoers, which can not be edited directly by text editor.
3. add the following line in the end: myadminuser ALL=NOPASSWD: /home/me/myscript.sh
, then press ctrl +x to exit, type y to save, then type the /etc/sudoer to overwrite, then type to y to accept the overwriting. This change will not require user myadminuser to type password when he needs to run the myscript.sh as sudo user.
4. Use command crontab -e
, if you want to run a script every 5 minutes, add the line */5 * * * * sudo sh /home/me/myscript.sh
Reference
Work on Sudoer: https://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html