# User & Group Management ==================================================================================== ### Adding Users ==================================================================================== #### Adding Users To add a user, the useradd command can be used. ``` useradd username ``` If you want to create a user with it's own home directory, this can be done using the -m flag: ``` useradd -m username ``` The default contents of a users home directory are defined within the /etc/skel directory, please see [HERE ](https://bookstack.b4sed.xyz/link/29#bkmrk-%2Fetc%2Fskel)for more info on this. ------------------------------------------------------------------------------------------------------------------------------------------------ #### Adding a system user ``` useradd -r username ``` Once created, you'll want to restrict the account by disabling the ability for login, as mentioned here ------------------------------------------------------------------------------------------------------------------------------------------------ ##### Default options There are lots of different options that can be set when creating users and groups, the default options can be viewed using the below command: ``` useradd -D ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Additional options: ##### -e -expires ``` -e 2023/12/31 ``` ##### -c - comment ``` -c "full name" ``` ##### -s -shell ``` -s /bin/sh ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Groups When creating a user, you can also specify groups to add the user to, this is done using the -G flag: ``` useradd -G groupname username ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Comments When creating a user, you can also opt to add a comment using the -c flag, for example this could be a name: ``` useradd -c "comment" username ``` ==================================================================================== ### Passwords ==================================================================================== #### Set Password Once a user has been created, you can add a password using the passwd command: ``` passwd username ``` Once run, you'll be prompted to enter a new password ------------------------------------------------------------------------------------------------------------------------------------------------ #### Changing password Changing a users password can be done using the passwd command when signed in as that user. You can either SSH to the server directly using the required user, or access as root and use su- username to access the user. Once accessed, the passwd command can be run alone to change the password: ``` passwd ``` You can also change a users password using root: ``` passwd username ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Additional Options: [chage ](https://linux.die.net/man/1/chage) ##### Checking user password metrics (password expiration, last time password changed) ``` chage -l username ``` ##### Forcing password change at logon ``` chage -d 0 username ``` ##### Temporary Password When setting a password, you're able to set a temporary placeholder password that can be used to log in by the user, upon logging in the user will be prompted to change to a password of their choice. This can be achieved by using the -e flag after setting a password ``` passwd username #set as temp password passwd -e #sets password as expired ``` ==================================================================================== ### Deleting Users ==================================================================================== #### Deleting Users Users can be deleted using the userdel command: ``` userdel username ``` The above command only removes the user from the system, without removing their home directory. Remove user and home directory ``` userdel -r username ``` ==================================================================================== ### Modifying Users ==================================================================================== Post Creation, users can be modified using the usermod command. #### Add User To Group ``` usermod -a -G groupname username ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Lock/Unlock Users Lock User Login ``` usermod -L username ``` Unlock User Login ``` usermod -U username ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Disable login access ``` usermod -s /sbin/nologin username ``` or we can use the change shell (chsh) command: ``` chsh -s /bin/nologin username ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Change User Home Directory ``` usermod -d /pathtonewhome username chown username:usergroup /pathtonewhome ``` ==================================================================================== ### Groups ==================================================================================== #### Viewing Groups ``` groups username ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Creating Groups New groups can be created using the groupadd command: ``` groupadd groupname ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Managing group users Users can be added/removed from a group with 2 main methods, 1. They can be added when initially created, as mentioned [above](https://bookstack.b4sed.xyz/link/27#bkmrk-groups) 2. They can be added after creation using the usermod command, as mentioned [above](https://bookstack.b4sed.xyz/link/27#bkmrk-add-user-to-group) 3. They can be added using the gpasswd command. ##### Add a user to a group ``` gpasswd -a username groupname ``` ##### Removing a user from a group ``` gpasswd -d username groupname ``` ##### Add user to a group as an admin ``` gpasswd -A username groupname ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Deleting groups Groups can be removed using the groupdel command, note that this doesn't delete the users that are part of this group. ``` groupdel groupname ``` ------------------------------------------------------------------------------------------------------------------------------------------------ ### Modifying Groups There are various group properties that can be modified using the groupmod command. ------------------------------------------------------------------------------------------------------------------------------------------------ #### Change Group Name ``` groupmod -n newname oldname ``` ------------------------------------------------------------------------------------------------------------------------------------------------ #### Change Group ID ``` groupmod -g NEWID groupname ```