Creating accounts in linux

ChapterВ 1В Configuring and Managing Local Accounts

This chapter describes how to configure and manage local user and group accounts in Oracle Linux 8.

1.1В About User and Group Configuration

You use the useradd and groupadd commands to add and delete users and groups, as well as to modify settings such as passwords, home directories, login shells, and group membership

In an enterprise environment that might have hundreds of servers and thousands of users, user and group account information is more likely to be held in a central repository rather than in files on individual servers. You can configure user and group information on a central server and then retrieve this information by using services such as the Lightweight Directory Access Protocol (LDAP) or the Network Information Service (NIS). You can also create home directories on a central server and then automatically mount or access these remote file systems when the user logs in to a system.

1.2В About Files Storing User and Group Information

Unless you select a different authentication mechanism during installation or use the authselect command to create an authentication profile, Oracle Linux verifies a user’s identity by using the information that is stored in the /etc/passwd and /etc/shadow files.

The /etc/passwd file stores account information for each user such as his or her unique user ID (or UID , which is an integer), user name, home directory, and login shell. A user logs in using his or her user name, but the operating system uses the associated UID. When the user logs in, he or she is placed in his or her home directory and his or her login shell runs.

The /etc/group file stores information about groups of users. A user also belongs to one or more groups, and each group can contain one or more users. If you can grant access privileges to a group, all members of the group receive the same access privileges. Each group account has a unique group ID ( GID , again an integer) and an associated group name.

By default, Oracle Linux implements the user private group ( UPG ) scheme where adding a user account also creates a corresponding UPG with the same name as the user, and of which the user is the only member.

Only the root user can add, modify, or delete user and group accounts. By default, both users and groups use shadow passwords, which are cryptographically hashed and stored in /etc/shadow and /etc/gshadow respectively. These shadow password files are readable only by the root user. The root user can set a group password that a user must enter to become a member of the group. If a group does not have a password, a user can only join the group if the root user adds that user as a member.

A user can use the newgrp command to log into a new group or to change the current group ID during a login section. If the user has a password, he or she can add group membership on a permanent basis. See the newgrp(1) manual page.

The /etc/login.defs file defines parameters for password aging and related security policies.

For more information about the content of these files, see the group(5) , gshadow(5) , login.defs(5) , passwd(5) , and shadow(5) manual pages.

1.3В Changing Default Settings for User Accounts

To display the default settings for a user account, use the following command:

The following output is displayed:

INACTIVE : Specifies after how many days the system locks an account if a user’s password expires. If set to 0, the system locks the account immediately. If set to -1, the system does not lock the account.

SKEL : Defines a template directory, whose contents are copied to a newly created user’s home directory. The contents of this directory should match the default shell defined by SHELL .

You can specify options to useradd -D to change the default settings for user accounts. For example, to change the defaults for INACTIVE , HOME and SHELL :

If you change the default login shell, you would most likely also create a new SKEL template directory that contains contents that are appropriate to the new shell.

If you specify /sbin/nologin for a user’s SHELL , that user cannot log into the system directly but processes can run with that user’s ID. This setting is typically used for services that run as users other than root .

The default settings are stored in the /etc/default/useradd file.

For more information, see Section 1.9, “Configuring Password Ageing” and the useradd(8) manual page.

1.4В Creating User Accounts

To create a user account by using the useradd command:

Create a user account by using the useradd command:

You can specify options to change the account’s settings from the default ones.

By default, if you specify a user name argument but do not specify any options, useradd creates a locked user account using the next available UID and assigns a user private group (UPG) rather than the value defined for GROUP as the user’s group.

Assign a password to the account to unlock it as follows:

The command prompts you to enter a password for the account.

If you want to change the password non-interactively (for example, from a script), use the chpasswd command instead:

Alternatively, you can use the newusers command to create a number of user accounts at the same time.

For more information, see the chpasswd(8) , newusers(8) , passwd(1) , and useradd(8) manual pages.

1.4.1В About umask and the setgid and Restricted Deletion Bits

Users whose primary group is not a UPG have a umask of 0022 set by /etc/profile or /etc/bashrc , which prevents other users, including other members of the primary group, from modifying any file that the user owns.

A user whose primary group is a UPG has a umask of 0002. It is assumed that no other user has the same group.

To grant users in the same group write access to files within the same directory, change the group ownership on the directory to the group, and set the setgid bit on the directory:

Files that are created in such a directory have their group set to that of the directory rather than the primary group of the user who creates the file.

The restricted deletion bit prevents unprivileged users from removing or renaming a file in the directory unless they own either the file or the directory.

To set the restricted deletion bit on a directory:

For more information, see the chmod(1) manual page.

1.5В Locking an Account

To lock a user’s account, use the passwd command with the -l option:

To unlock the account, specify the -u option:

For more information, see the passwd(1) manual page.

1.6В Modifying or Deleting User Accounts

To modify a user account, use the usermod command:

For example, to add a user to a supplementary group (other than his or her login group):

You can use the groups command to display the groups to which a user belongs, for example:

To delete a user’s account, use the userdel command:

For more information, see the groups(1) , userdel(8) and usermod(8) manual pages.

1.7В Creating Groups

To create a group by using the groupadd command:

Typically, you might want to use the -g option to specify the group ID (GID). For example:

For more information, see the groupadd(8) manual page.

1.8В Modifying or Deleting Groups

To modify a group, use the groupmod command:

To delete a user’s account, use the groupdel command:

For more information, see the groupdel(8) and groupmod(8) manual pages.

1.9В Configuring Password Ageing

To specify how users’ passwords are aged, edit the following settings in the /etc/login.defs file:

Maximum number of days for which a password can be used before it must be changed. The default value is 99,999 days.

Minimum number of days that is allowed between password changes. The default value is 0 days.

Number of days warning that is given before a password expires. The default value is 7 days.

For more information, see the login.defs(5) manual page.

To change how long a user’s account can be inactive before it is locked, use the usermod command. For example, to set the inactivity period to 30 days:

To change the default inactivity period for new user accounts, use the useradd command:

A value of -1 specifies that user accounts are not locked due to inactivity.

For more information, see the useradd(8) and usermod(8) manual pages.

1.10В Granting sudo Access to Users

By default, an Oracle Linux system is configured so that you cannot log in directly as the root user. You must log in as a named user before using either su or sudo to perform tasks as root . This configuration allows system accounting to trace the original login name of any user who performs a privileged administrative action. If you want to grant certain users authority to be able to perform specific administrative tasks via sudo , use the visudo command to modify the /etc/sudoers file.

For example, the following entry grants the user erin the same privileges as root when using sudo , but defines a limited set of privileges to frank so that he can run commands such as systemctl , rpm , and dnf :

For more information, see the su(1) , sudo(8) , sudoers(5) , and visudo(8) manual pages.

Copyright В© 2019, 2021 Oracle and/or its affiliates. Legal Notices

Источник

Linux: How To Create Multiple Users Accounts in Batch

The useradd command is used to create a new user or update default new user information from the command line. However, sometimes you need to create a large number of users or import usernames from a text file. You can use newusers command, which update and create new users in batch.

This is useful at universities or large corporate Linux networks. Adding users in batch saves the time.

Task: Set Password

Type the following command to change or set user password:
echo «username:password» | newusers
For example, change user password for vivek user:
echo «vivek:myUltraSecretPassword» | newusers

Task: Update and create new users in batch

newusers command reads a file of user name and clear-text password pairs and uses this information to update a group of existing users or to create new users. Each line is in the same format as the standard password file.

This command is intended to be used in a large system environment where many accounts are updated at a single time (batch mode). Since username and passwords are stored in clear text format make sure only root can read/write the file. Use chmod command:
# touch /root/batch-user-add.txt
# chmod 0600 /root/batch-user-add.txt

Create a user list as follows. Open file:
# vi /root/batch-user-add.txt

Append username and password:
user1:password:1001:513:Student Account:/home/user1:/bin/bash
user2:password:1002:513:Sales user:/home/user2:/bin/bash
user100:password:1100:513:Sales user:/home/user100:/bin/bash
tom:password:1110:501:Guest Account:/home/guest:/bin/menu
jerry:password:1120:501:Guest Account:/home/guest:/bin/menu

Источник

Create a user account and password for your new Linux distribution

Once you have enabled WSL and installed a Linux distribution from the Microsoft Store, the first step you will be asked to complete when opening your newly installed Linux distribution is to create an account, including a User Name and Password.

This User Name and Password is specific to each separate Linux distribution that you install and has no bearing on your Windows user name.

Once you create a User Name and Password, the account will be your default user for the distribution and automatically sign-in on launch.

This account will be considered the Linux administrator, with the ability to run sudo (Super User Do) administrative commands.

Each Linux distribution running on the Windows Subsystem for Linux has its own Linux user accounts and passwords. You will have to configure a Linux user account every time you add a distribution, reinstall, or reset.

Linux distributions installed with WSL are a per-user installation and can’t be shared with other Windows user accounts.

Update and upgrade packages

Most distributions ship with an empty or minimal package catalog. We strongly recommend regularly updating your package catalog and upgrading your installed packages using your distribution’s preferred package manager. For Debian/Ubuntu, use apt:

Windows does not automatically update or upgrade your Linux distribution(s). This is a task that most Linux users prefer to control themselves.

Reset your Linux password

To change your password, open your Linux distribution (Ubuntu for example) and enter the command: passwd

You will be asked to enter your current password, then asked to enter your new password, and then to confirm your new password.

Forgot your password

If you forgot the password for your Linux distribution:

Open PowerShell and enter the root of your default WSL distribution using the command: wsl -u root

If you need to update the forgotten password on a distribution that is not your default, use the command: wsl -d Debian -u root , replacing Debian with the name of your targeted distribution.

Once your WSL distribution has been opened at the root level inside PowerShell, you can use this command to update your password: passwd where is the username of the account in the DISTRO whose password you’ve forgotten.

You will be prompted to enter a new UNIX password and then confirm that password. Once you’re told that the password has updated successfully, close WSL inside of PowerShell using the command: exit

If you are running an early version of Windows operating system, like 1703 (Creators Update) or 1709 (Fall Creators Update), see the Using older version of Windows and WSL in the Troubleshooting guide.

Источник

Add and Manage User Accounts in Ubuntu 20.04 LTS

User management becomes a critical consideration when you want to add multiple users to the system. If user management on your system is not effective, you may have to compromise security and access to the private and sensitive information on your system. This article introduces simple techniques you can use to have effective control over user management. It covers user and group management procedures, both from the user interface and from the command line, that you can perform with very simple steps.

We run the commands and processes described in this article on an Ubuntu 20.04 system. Please note that you must have root privileges to perform the tasks described here. So let’s first understand what root is?

Understanding the root user

Before we start with user management, it is important to know something about the root user in Linux. By default, Ubuntu does not allow the root user to log in directly (however, other Linux distributions such as Debian and CentOS allow direct root login); therefore, Ubuntu has created a functionality called “sudo” that allows you to perform various administrative operations. With the sudo command, you must specify a password, which helps keep the user in charge of all actions as an administrator. By default, the first user created during the installation of Ubuntu is given the sudo privileges. It is given full root privileges and is added to the list of sudoers in the /etc/sudoers file.

It is important to note that you must be an authorized sudoer user to perform all the user management operations explained in this article.

Managing Users

You can add users to the Ubuntu system through the UI; however, advanced user management needs to be done through the command line.

Adding a User through the GUI

Please follow these steps in order to add a user through Ubuntu’s graphical interface:

Open the Account Settings dialog either through Ubuntu Dash or by clicking the down-arrow located at the top right corner of your Ubuntu screen. Click your username and then select Account Settings as follows:

The following Users dialog will open. Please note that all the fields will be disabled by default. You will need to provide authentication in order to work further with this dialog. Click the Unlock button located in the top right corner of the Users dialog.

The following Authentication dialog will open for you to provide authentication information as an administrator because only this way you will be able to create or edit user accounts:

Advertisement

Please provide your password and then click the Authenticate button. You will now be able to see that all the fields in the Users dialog are enabled for you to work on:

Click the Add User button. The following Add User dialog will open for you to enter details of the new user you want to create:

You can specify if you want to create a Standard or an Administrative user through this dialog. It is also important to know that it is not a good security practice to leave the password field empty for the new user. This way any user can log in and access private and secure data on your system.

Click the Add button which will only be enabled when you have provided all the valid information in the Add User dialog.

The new user will now be created and you will be able to see it in the Users dialog as follows:

Adding A User Through the Command Line

The Ubuntu command line gives more control to an administrator to perform user management operations. Please follow the following steps in order to add a user through the command line:

1. Open the Terminal by pressing Ctrl+Alt+T or through the Ubuntu Dash.
2. Enter the following command in order to add a new user:

You will be required to enter a password for sudo. The command will ask to type and retype password (for re-confirmation) for the new user. You can choose to provide or ignore entering biodata of the new user as it is optional.

Enter Y if the information you provided is correct and then hit the Enter key.

The new user will now be created on your Ubuntu system.

Listing All Users

As an Ubuntu administrator, you can view the list of users added to your system through the following command:

In this image, sana is the administrator, guest is the user we created through the UI, and guest user is the user we created through the command line.

Locking/Unlocking User Accounts

Ubuntu lets you temporarily lock and unlock any user account through the following commands:

The locked user will not be able to log on to the system until the time he/she is in the locked state.

Giving Root Privilege to a User

If you want to give root privilege to a user, you will need to edit the visudo file that contains the list of sudoers on your system.

Open the visudo file through the following command:

This command will open the visudo file in the Nano editor.

Add the following lines in the file:

This line will give full root rights to the specified user.

These lines will create a group of users that you can then assign command aliases to.

Exit the file through Ctrl+X, and then enter Y and Enter in order to save the changes you made to the visudo file.

The ‘guest’ user from our example will now be able to perform all the root operations.

Deleting a User Through the Command Line

You can delete a user through the command line by using the following command:

In this example, we have deleted the guest user. Please remember that if a user is deleted from a group which has no more members, that user group will also automatically be deleted.

Deleting a User Through the GUI

You can perform the simple task of deleting a user through the graphical interface as follows:

1. Open the Account Settings dialog either through Ubuntu dash or by clicking the down-arrow located at the top right corner of your Ubuntu screen. Click your username and then select Account Settings.
2. The Users dialog will open. Please note that all the fields will be disabled. You will need to provide authentication in order to work further with this dialog. Click the Unlock button located in the top right corner of the Users dialog.
3. Select the username of the user you want to delete and then click the Remove User button as follows:

You will be asked if you want to discard or keep the removed user’s files from your system through the following dialog

You can choose to delete or keep the files through the respective buttons. The user will then be deleted from your system

Deleting/archiving a Deleted User’s Home Folder

When you delete a user from your system, its home folder may still reside on your computer depending on the choice you made while deleting the user. You can delete this folder manually or archive it. A new user that you create with the same user ID or group ID as that of the deleted user will now be able to access his/her folder. You may want to change these UID/GID values to something more appropriate, such as the root account, You can even choose to relocate the folder to avoid future conflicts through the following commands:

Managing Groups

Ubuntu lets you create groups for the users on your system. This way you can assign administrative rights and file access to an entire group rather than a single user at a time.

You can perform Group Management on Ubuntu 18 only through the command line.

Adding a Group

In order to add a new user group, please enter the following command:

Example:

A new group will be created and a unique group ID(GID) will be assigned to it.

Adding Users to a Group

You can add an already existing user to a group through the following command:

Example:

Viewing Group Information

In order to view members of a group, use the following command:

You can use the following command to list the group members along with their GIDs

The gid output represents the primary group assigned to a user. Please read further to know what is a primary and secondary group.

Changing Primary Group Of a User

A user can be a part of one or multiple groups; one of it being the primary group and the others are the secondary groups. In the output of the id command, the gid indicates the primary group of the user. In order to change the primary group of a user, use the following command:

Example:

You can now see that the new gip fetched through the id command is that of the newly assigned primary group.

Assigning Group While Creating a User

You can assign a group to a user simultaneously while creating a new user as follows:

Example:

Set or change the password for the user

Please note that this new user has not been assigned a password. It is not a good security practice, therefore you should assign the password to this new user as soon as possible through the following command:

Example:

The new user will now have a password.

Please see in the following UI image how a user account has been disabled by the system before it is assigned a password.

Listing All Groups

You can list all the groups residing on your system through the following command:

Deleting a Group

In order to delete a user group from your system, you can use the following command:

This article explained how you can manage users and groups on your Ubuntu system for effective rights and privilege control. You can manage users as an administrator or give administrative rights to other users to perform these operations through the helpful steps described in this tutorial.

Karim Buzdar

About the Author: Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn

Источник