Managing Users in Linux

Posted byweirdphish

Creating users in Linux is fairly straightforward and achieved as most things in Linux are, via the command line. To create a user account locally, make sure you sudo and run a command like the one below:

>sudo useradd ffugazi -c "Fred Fugazi" -e 2020/06/01 -s /bin/dash -d /home/gred_fugazi -m

OK, so what do all the command line options do?

-c Full Name
-e Expiry date
-s Detault Shell
-d Home directory
-m Create home dirtectory

To check the user has been created correctly you can check the /etc/passwd file and look for the home directory’s existence. The home drive will be created by copying the /etc/skel folder.

If you want to check the default settings being applied to an account this can be done by running this command:

>useradd -D

The file /etc/login.defs also contain settings used to set things like min and max password ages amongst others.

The login.defs file can also be modified to ensure that a user’s home directory is created each time by default by changing the create_home setting from no to yes.

CREATE_HOME     yes

Although the user account has been created the user will not be able to logon without a password being set. To do this run:

>sudo passwd username

You will be prompted to enter a password and confirm it.

Let’s check the account’s password expiration policy, we can do that with the chage command.

>sudo chage -l ffugazi

If we want to change the password expiration policy we can do so again with chage – see screenshot below.

-m Minimum password age in days
-M Maximum password age in days
-E Account expiry date
-W Warning days

Let’s say that we need to change something with our user account, for example, let’s say the user has changed their name. If we want to change the username to fjones we would run the below command.

> sudo usermod -l fjones ffugazi

Let’s say our new fjones account has done something suspicious and we want to lock the account, this can also be done with the usermod command.

> sudo usermod -L fjones

Looking at the /etc/shadow file allows us to check the account status. The highlighted ! after fjones: shows that the account is locked.

Let’s say we’ve now checked out what fjones was doing and it’s all OK so we want to unlock the account.

>sudo usermod -U fjones

This time the ! has gone showing that the account is active.

If we want to change the default shell that a user has access to, this can also be changed. This can also be set to no shell for non-interactive user accounts.

>sudo chsh -s /sbin/nologin fjones

Removing users is equally easy and done with the userdel command.

> sudo userdel -r fjones