Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Ubuntu Server

You're reading from   Mastering Ubuntu Server Gain expertise in the art of deploying, configuring, managing, and troubleshooting Ubuntu Server

Arrow left icon
Product type Paperback
Published in Dec 2020
Publisher Packt
ISBN-13 9781800564640
Length 702 pages
Edition 3rd Edition
Arrow right icon
Author (1):
Arrow left icon
Jay LaCroix Jay LaCroix
Author Profile Icon Jay LaCroix
Jay LaCroix
Arrow right icon
View More author details
Toc

Table of Contents (26) Chapters Close

Preface 1. Deploying Ubuntu Server 2. Managing Users and Permissions FREE CHAPTER 3. Managing Software Packages 4. Navigating and Essential Commands 5. Managing Files and Directories 6. Boosting Your Command-line Efficiency 7. Controlling and Managing Processes 8. Monitoring System Resources 9. Managing Storage Volumes 10. Connecting to Networks 11. Setting Up Network Services 12. Sharing and Transferring Files 13. Managing Databases 14. Serving Web Content 15. Automating Server Configuration with Ansible 16. Virtualization 17. Running Containers 18. Container Orchestration 19. Deploying Ubuntu in the Cloud 20. Automating Cloud Deployments with Terraform 21. Securing Your Server 22. Troubleshooting Ubuntu Servers 23. Preventing Disasters 24. Another Book You May Enjoy
25. Index

Creating and removing users

Creating users in Ubuntu can be done with one of two commands: adduser and useradd. This can be a little confusing at first, because both of these commands do the same thing (in different ways) and are named very similarly. I'll go over the useradd command first and then I'll explain how adduser differs. You may even prefer the latter, but we'll get to that in a moment.

Using useradd

First, here's an example of the useradd command in action:

sudo useradd -d /home/jdoe -m jdoe

With this command, I created a user named jdoe. With the -d option, I'm clarifying that I would like a home directory created for this user, and following that, I called out /home/jdoe as the user's home directory. The -m flag tells the system that I would like the home directory to be created during the process; otherwise, I would've had to create the directory myself. Finally, I called out the username for my new user (in this case, jdoe).

As we go along in this book, there will be commands that require root privileges in order to execute. The preceding command was an example of this. For commands that require such permissions, I'll prefix the commands with sudo. When you see these, it just means that root privileges are required to run the command. For these, you can also log in as root (if root is enabled) or switch to root to execute these commands as well. However, as I mentioned before, using sudo instead of using the root account is strongly encouraged.

Now, list the storage of /home using the following command:

ls -l /home

You should see a folder listed there for our new user:

Figure 2.1: Listing the contents of /home after our first user was created

What about creating our user's password? We may have been asked for our current user's password due to using sudo, but we weren't asked for a password for the new user. To create a password for the user, we can use the passwd command. The passwd command defaults to allowing you to change the password for the user you're currently logged in as, but it also allows you to set a password for any other user if you run it as root or with sudo. If you enter passwd by itself, the command will first ask you for your current password, then your new password, and then it will ask you to confirm your new password again. If you prefix the command with sudo and then specify a different user account, you can set the password for any user you wish. An example of the output of this process is as follows:

Figure 2.2: Changing the password of a user

As you can see in the previous screenshot, you won't see any asterisks or any kind of output when you type a password using the passwd command. This is normal. Although you won't see any visual indication of input, your input is being recognized.

Now we have a new user and we were able to set a password for that user. The jdoe user will now be able to access the system with the password we've chosen. This user won't have access to sudo by default, but we'll cover how to change this later on in the chapter.

Using adduser

Earlier, I mentioned the adduser command as another way of creating a user. The difference (and convenience) of this command should become apparent immediately once you've used it. Go ahead and give it a try; execute adduser along with a username for a user you wish to create. An example run of this process is as follows:

Figure 2.3: Creating a user with the adduser command

In the preceding process, I executed sudo adduser dscully (commands that modify users require sudo or root) and then I was asked a series of questions regarding how I wanted the user to be created. I was asked for the password (twice), Full Name, Room Number, Work Phone, and Home Phone. In the Other field, I entered the comment Trust no one, which is a great mindset to adopt while managing users. The latter prompts prior to the final confirmation were all optional: I didn't have to enter Full Name, Room Number, and so on. I could've pressed Enter to skip those prompts if I wanted to. The only thing that's really required is the username and the password.

From the output, we can see that the adduser command performed quite a bit of work for us. The command defaulted to using /home/dscully as the home directory for the user, the account was given the next available User ID (UID) and Group ID (GID) of 1002, and it also copied files from /etc/skel into our new user's home directory. In fact, both the adduser and useradd commands copy files from /etc/skel, but adduser is more verbose regarding the actions it performs.

Don't worry if you don't understand UID, GID, and /etc/skel yet. We'll work through those concepts soon.

In a nutshell, the adduser command is much more convenient in the sense that it prompts you for various options while it creates the user without requiring that you memorize command-line options. It also gives you detailed information about what it has done. At this point, you may be wondering why someone would want to use useradd at all, considering how much more convenient adduser seems to be. Unfortunately, adduser is not available on all distributions of Linux. It's best to familiarize yourself with useradd in case you find yourself on a Linux system that's not Ubuntu.

It may be interesting for you to see what exactly the adduser command is. It's not even a binary program—it's a shell script. A shell script is simply a text file that can be executed as a program. You don't have to worry too much about scripting now, as we will cover it in Chapter 6, Boosting Your Command-Line Efficiency. In the case of adduser, it's a script written in Perl, which is a programming language that is sometimes used for administrative tasks. Since it's not binary, you can even open it in a text editor in order to view all the code that it executes behind the scenes. However, make sure you don't open the file in a text editor with root privileges, to ensure that you don't accidentally save changes to the file and break the script. The following command will open adduser in a text editor on an Ubuntu Server system:

nano /usr/sbin/adduser

Use your up/down arrows as well as the Page Up and Page Down keys to scroll through the file. When you're finished, press Ctrl + x on your keyboard to exit the text editor.

Those of you with keen eyes will likely notice that the adduser script is calling useradd to perform its actual work. So either way, you're either directly or indirectly using useradd.

Now that we know how to create users, it will be useful to understand how to remove them as well.

Removing users

Removing access is very important when a user no longer needs to access a system, as unmanaged accounts often become a security risk. To remove a user account, we'll use the userdel command.

Before removing an account, though, there is one very important question you should ask yourself. Will you still need access to the user's files? Most companies have retention policies in place that detail what should happen to a user's data when he or she leaves the organization. Sometimes, these files are copied into an archive for long-term storage. Often, a manager, coworker, or a new hire will need access to the former user's files, perhaps to continue working on a project where they left off. It's important to understand this policy ahead of managing users. If you don't have a policy in place that outlines retention requirements for files when users resign, you should probably work with your management and create one.

By default, the userdel command does not remove the contents of the user's home directory. Here, we use the following command to remove dscully from the system:

sudo userdel dscully

We can see that the files for the dscully user still exist by entering the following command:

ls -l /home

The preceding commands will result in the following outputs:

Figure 2.4: The home directory for the user dscully still exists, even though we removed the user

With the /home directory for dscully still existing, we're able to move the contents of this directory anywhere we would like to. If we had a directory called /store/file_archive, for example, we could easily move the files there:

sudo mv /home/dscully /store/file_archive

Of course, it's up to you to create the directory where your long-term storage will ultimately be, but you get the idea.

If you weren't already aware, you can create a new directory with the mkdir command. You can create a directory within any other directory that your logged-in user has access to. The following command will create the file_archive directory I mentioned in the preceding example:

sudo mkdir -p /store/file_archive

The -p flag simply creates the parent directory if it didn't already exist.

If you do actually want to remove a user's home directory at the same time that you remove an account, just add the -r option. This will eliminate the user and their data in one shot:

sudo userdel -r dscully

To remove the /home directory for the user after the account was already removed (if you didn't use the -r parameter the first time), use the rm -r command to get rid of it, as you would any other directory:

sudo rm -r /home/dscully

It probably goes without saying, but the rm command can be extremely dangerous. If you're logged in as root or using sudo while using rm, you can easily destroy your entire installed system if you're not careful. DO NOT run this command, but as a hypothetical example, the following command (while seemingly innocent at first glance) will likely completely destroy your entire filesystem:

sudo rm -r / home/dscully

Notice the typo: I accidentally typed a space after the first forward slash. I literally accidentally told my system to remove the contents of the entire filesystem. If that command was executed, the server probably wouldn't even boot the next time we attempted to start it. All user and program data would be wiped out. If there was ever any single reason for us to be protective over the root account, the rm command is certainly it!

At this point, we understand how to add and remove users. In the next section, we'll look deeper into passwords.

You have been reading a chapter from
Mastering Ubuntu Server - Third Edition
Published in: Dec 2020
Publisher: Packt
ISBN-13: 9781800564640
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image