User accounts

Revision as of 16:16, 7 December 2023 by Mhan (talk | contribs) (→‎Set a directory writable by a certain group)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Groups

Add a new group

$ sudo addgroup webdev
or
$ sudo groupadd webdev

Delete a group

$ sudo delgroup webdev
or
$ sudo groupdel webdev

Add a user to a group

$ sudo adduser username groupname
or
$ sudo useradd -G groupname username  // for a new user
or
$ sudo usermod -a -G groupname username // for an existing user

Remove a user from a group

$ sudo gpasswd -d username groupname

List a user's groups

$ id -Gn username

Check a user's primary group

$ getent group username

Change a user's primary group

$ sudo usermod -g groupname username

Check user's group assignments

$ id username
or
$ groups username
or
$ id -Gn username

Set a directory writable by a certain group

Turn on the SGID bit for the root folder

$ sudo chmod g+s www

Make /srv/www folder readable/writable/executable by dev group

$ sudo setfacl -d -m g:dev:rwx /srv/www

Add a user account

$ sudo useradd -d /home/jsmith -m jsmith -G webdev
$ sudo passwd jsmith

Delete a user account

Force removal and delete files

$ sudo userdel -fr username

or

$ sudo deluser -remove-home username

Lock or unlock a user account

$ sudo passwd -l username
$ sudo passwd -u username

Adding sudoers

A file can be added for groups of users or specific users to /etc/sudoers.d/ directory. This line would make someone a sudoer with no password requirement.

jsmith ALL=(ALL) NOPASSWD:ALL

If you want the user to type a password.

jsmith ALL=(ALL:ALL) ALL

Updating sudoers file safely

  • Last checked on Ubuntu 16.04.01 LTS (xenial)

The command visudo checks the validity of the sudoers file before making the actual update to the file, and this is the recommended way of editing the file because one can potentially lose sudo privileges unintentionally.

$ sudo visudo

Instead editing /etc/sudoers file I usually create a file at /etc/sudoers.d/localusers so I edit that instead.

$ sudo visudo -f /etc/sudoers.d/localusers

Changing the default editor used for visudo

I'm a VIM user, but many of the distros default to nano for newcomers to Linux systems. You can use the following command to change the default editor that is loaded for visudo and for many other apps.

$ sudo update-alternatives --config editor