Mastering User Management on Ubuntu: The Ultimate Guide

Mastering User Management on Ubuntu: The Ultimate Guide

Learn how to efficiently manage your Ubuntu users as a system administrator From creating and adding users, to listing and assigning them to sudo, and finally removing them when necessary Follow these steps to ensure a smooth user management process from cradle to grave

Creating and Managing User Accounts on Ubuntu Linux

When using multi-user systems, each person who uses the computer must have a distinct user account with their own password and private data area. The root user manages these accounts by creating new ones and deleting old ones. Additionally, the system administrator role includes reviewing existing users and controlling access to root's elevated powers. On Ubuntu Linux, you can use commands such as "adduser" to create a new user, "deluser" to delete a user and their home directory, "usermod" to add them to groups, "passwd" to reset their password, and "visudo" to give them sudo privileges. As the system administrator, it's essential to be able to carry out these tasks quickly and efficiently.

There are two methods for creating new users via the command line: useradd and adduser. While both commands have similar names, useradd requires all the necessary account information to be provided on the command line, whereas adduser prompts the user for the required information. To create a new user with useradd, the following command format is used: sudo useradd -s /bin/bash -m -c "Mary Quinn" -Gdevelopment maryq. The "-s /bin/bash" option sets the default shell for the new user.

- Using useradd

Mastering User Management on Ubuntu: The Ultimate Guide


Create a home directory for the new user in the "/home/" directory. Providing the full name of the user with the "-c" option is optional but recommended. The new user is added to their account name group and can also be added to another pre-existing group using the "-G" option. The login name of the new user must be unique. Once the user has been created, set their password by entering the command "sudo passwd maryq" and following the prompt to enter the new password twice.

Mastering User Management on Ubuntu: The Ultimate Guide


To create a new user account using the adduser command, simply provide the desired login name as the argument.

For example: sudo adduser maxn

You will then be prompted to enter a password and provide the user's full name. You can choose to leave other optional fields such as room number, work phone, and home phone blank by pressing "Enter".

When adding a user to a group in Linux, it's important to note that you're actually adding them to an existing group. The group must already be created before adding a user.

To ensure that a user is added to a new group without losing their other group memberships, the usermod command with the -a (append) option and the -G (supplementary group) option must be used. Failure to use these options will result in the user being removed from their original group and may cause issues with file access and login. For example, to add the user "maxn" to the "development" group, the command "sudo usermod -a -G development maxn" can be used. The groups command can be used before and after to verify the changes, as shown in the output below:

groups maxn

sudo usermod -a -G development maxn

groups maxn

Mastering User Management on Ubuntu: The Ultimate Guide


This ensures that "maxn" is added to the "development" group without losing their other group memberships.

Reviewing and managing user accounts is an essential task for administrators. Fortunately, there are various ways to accomplish this. One method is to use the "less" command to view the "/etc/passwd" file, but this displays all system and process accounts as well.

To view only genuine user accounts, we can identify the unique numerical ID assigned to each account, which is stored in the "/etc/login.defs" file. By using the "grep" command to search for lines starting with "UID_MIN" or "UID_MAX," we can find the upper and lower limits of these IDs and list the corresponding user accounts.

How to List Users in Ubuntu

To view and manage user accounts, administrators can use various methods. One way is to access the "/etc/passwd" file using the "less" command. However, this displays all system and process accounts in addition to user accounts.

To view only genuine user accounts, administrators can search for the numerical ID assigned to each account, which is stored in the "/etc/login.defs" file. By using the "grep" command to search for lines starting with "UID_MIN" or "UID_MAX," administrators can identify the upper and lower limits of these IDs and list the corresponding user accounts.

Mastering User Management on Ubuntu: The Ultimate Guide


The user account IDs on this computer range from 1000 to 60000. To search the password databases for entries within this range, we can use the getent command with the following syntax: getent passwd {1000..60000}. However, this command may take a while to run since it checks all 59,000 user IDs. To reduce the time needed, we can use the cut command to extract the highest used user ID from the /etc/passwd file. By using the colon ":" as the field delimiter and extracting the third field, which is the user ID field, we can pipe the output through sort with the -g option to display the results in ascending numerical order. Don't forget to include the placeholders:

Mastering User Management on Ubuntu: The Ultimate Guide

Mastering User Management on Ubuntu: The Ultimate Guide

.

To grant sudo privileges to a user, they must be added to a specific group. This group is typically named "sudo" on Ubuntu and other distributions, but it's important to verify the name. The "sudo visudo" command opens the "/etc/sudoers" file, where you can locate the entry that allows members of the group to execute any command.

Mastering User Management on Ubuntu: The Ultimate Guide

In our case, it is “sudo.”

We’ll add user maryq to that group, using the usermod command that we used earlier.

groups maryq

sudo usermod -a -G sudo maryq

groups maryq

Mastering User Management on Ubuntu: The Ultimate Guide


The next time Mary logs in, she’ll be able to use the sudo command.

To avoid giving unnecessary access to sudo, it's important to specify the exact commands that a user needs to run. For instance, if Max only needs to install software using the apt command, granting him full sudo access is excessive. To add Max to the sudoers file, run the command "sudo visudo" and insert the following lines just above the last entry in the file:

# User Max can install software using apt

maxn ALL=(root) /usr/bin/apt

The first line is a comment, while the second line specifies Max's default user group (usually matching the user's login name). "ALL=" means this applies to all hosts on the network, and "(root)" allows members of the "maxn" group to assume root privileges for the named command, which is "apt."

Mastering User Management on Ubuntu: The Ultimate Guide


After making changes to the user’s sudo privileges, it’s important to ensure the security of their account by changing their password. To do this, simply use the “passwd” command with sudo, followed by the user’s username. Don’t forget to enter the new password twice to confirm it. If you’d like the user to choose their own password, you can use the “-e” option to force them to do so upon their next login.

To disable Max's user account, use the command sudo passwd -l maxn. However, before resorting to deleting the account altogether, consider locking it instead. This will allow you to review the user's files and data without permanently removing them from the system. If you do decide to delete the account, be sure to archive their home directory using a tool like tar if you may need to refer to their files later. It's worth noting that while Debian-based distributions use the deluser command for account removal, non-Debian distributions use userdel instead.

We can easily archive Max's home directory by utilizing the tar command. Simply enter the following command:

sudo tar cfjv max-normal-home-folder.tar.bz /home/maxn

It's important to note that there is no need for a hyphen before the command line options for tar. In this case, we have used "c" to create an archive file, "f" to specify the filename for the new archive file, and "j" to use bzip2 compression. Remember to keep the placeholders

Mastering User Management on Ubuntu: The Ultimate Guide

and

Mastering User Management on Ubuntu: The Ultimate Guide

in the output.

During the creation of the archive file, verbose output is provided for us to track the progress. Once completed, we can easily locate the file using the requested name. To delete a user, we can utilize the --remove-home option which will not only remove the user but also clear out any associated data. The command sudo deluser --remove-home maxn will accomplish this task. After executing the command, we receive a confirmation message, indicating that the user has been successfully removed.

Mastering User Management on Ubuntu: The Ultimate Guide

Mastering User Management on Ubuntu: The Ultimate Guide