Create a User on Linux

Create a User on Linux

Create a User on Linux. It’s possible because Linux is a multi-user system that suggests that more than one person can simultaneously communicate with the same system. As a Linux user, you can manage others system’s users and groups by adding and excluding users and allocating them to distinct groups.

In this study, we will discuss ideas to create a user on Linux through the useradd command, also make sure that we understand how to set up a password for them.

The generic syntax for the useradd command is as follows:

useradd [OPTIONS] <user-name>

Exclusively root or users with sudo rights can use the useradd command to create a user on Linux.

When requested, useradd generates a new user according to arguments specified on the command line and the default values placed in the /etc/default/useradd file.

Also, the variables specified in this file vary from distribution to distribution, making the useradd command produce different results on different systems.

In addition, the useradd also uses the content of the /etc/login.defs file. This file includes configuration for the shadow password set such as password expiration policy, series of user identification IDs used when generating system, and conventional users. When will discuss how password works at the end of this post.

Create a User on Linux: Understanding /etc/login.defs file

The /etc/login.defs file gives default configuration data for any user account parameters. The useraddusermod, groupadd, and userdel, commands, and another user and group utilities use default values from this file. Every line consists of a directive name and connected value.

 The list below is some of /etc/login.defs directives:

  • Password aging
  • Position of user mailboxes
  • Smallest and highest values for automatic UID range (1000 to 60000)
  • Smallest and highest values for automatic GID range (1000 to 60000)
  • Whether a home folder should be generated when creating a new user.
  • The standard umask
  • Which encryption method is applied to encrypt passwords.

Note: If the USERGROUPS_ENAB directive in /etc/login.defs has a value equal to YES, a group is built for the user with the identical name as the username. Otherwise, if the directive is set to NO, the useradd command specifies the new user’s primary group to the value defined by the GROUP directive in the /etc/default/useradd file or with 100 as the standard value.

Create a User on Linux: Real Example

Let’s learn how to create a new user using the useradd command.

For example, to make a new user named bitslovers, you would run:

sudo useradd bitslovers

Note: When you perform the command above without any parameter, the user will be created using the configuration from /etc/default/useradd file.

What is Home Directory in Linux?

The Linux home directory is a folder for a specific user in a system and consists of personal files. It is commonly called the login directory. This folder is the initial place that happens after logging into a Linux system. 

The home directory is a personal working area for all the users except the root. There is a separate directory for each user.

The root user is the unique user who holds its home directory in a distinct location by default. The root user’s path is ‘/root/,’ where it controls all the directories and files.

Furthermore, if you would like to create the home directory from your new user, we need to tell the adduser which location we need to make the directory.

Note: Sometimes, we don’t want to create a home directory. There are some scenarios where we need to create a user for the system, such as just for running a specific application/command. So, in this case, we don’t need to create a home directory.

Also, remember that all Linux application runs using a particular user. And it’s good practice not to run applications as root for security reasons.

Create a user on Linux with a home directory

So, on most Linux distributions, creating a new user with useradd, the user’s home directory is not created automatically.

To create the home directory, add the option -m (or use –create-home) to generate the user home directory as /home/bitslovers, follow the example:

sudo useradd -m bitslovers

The previous command creates the new user’s home directory and also copies files from /etc/skel (this folder works as a template for new users) directory to the user’s home directory. If you look at the files in the /home/bitslovers directory, you will see the files:

ls -la /home/bitslovers/

Output:

drwxr-xr-x 2 bitslovers bitslovers 4096 Jan 11 11:12 .
 drwxr-xr-x 1 root  root  4096 Jan 12 09:12 ..
 -rw-r--r-- 1 bitslovers bitslovers 110 Apr  14  2021 .bash_logout
 -rw-r--r-- 1 bitslovers bitslovers 3551 Apr  24  2021 .bashrc
 -rw-r--r-- 1 bitslovers bitslovers 161 Apr  11  2021 .profile

Also, by default, the user can write, edit, and delete files and directories within the home directory.

How to specific Home Directory location?

The default location for home directories for any Linux distribution is under /home. So, the adduser also needs an extra argument if you would like to choose another location for the home directory. To achieve that, you use the option -d (or –home).

For example:

sudo useradd -m -d /usr/bitslovers bitslovers

How to find the Home Directory?

First, you need to log in on the terminal and become the user that you would like to find the home directory. Second, execute the command below:

cd ~

or

cd $HOME

How to create a User with a Specific User ID

In all Linux and Unix-like operating systems, each user has a unique UID (User identifier) and username.

Essential information about the UID: is a positive number and is unique on the system. In other words, each user holds a unique number (UID). In addition, the UID and different access control policies define the kinds of operations a user can make on system resources. 

It’s worth mentioning that most Linux distributions own the first 100 UIDs for system use.

Also, to guarantee that UID is unique, the system assigns the next UID available from the range of user IDs defined in the file /etc/login.defs.

For example, you can run useradd with the -u (or –uid) argument to create a new user with a specific UID. So, if you need to create a new user with a UID of 1001:

sudo useradd -u 1001 bitslovers

How to discover the User’s UID?

To discover the UID from an existing user, you can use the id command on Linux to display it, like the example below:

id -u bitslovers

Output:

1001

Add User to Group on Linux

How to create a user with a specific Group ID

When we are talking about Create a User on Linux, the group should be a topic.

So, add user to group on Linux is a way to organize units that can help adjust and manage user accounts in Linux. The fundamental purpose of groups is to determine a set of rights such as writing, reading, or even executing permission for a given resource that will be common between the users within the group.

The GIDs (group IDs) mean the Groups in Linux. Just like with UIDs, the first 100 GIDs are usually own for system use. Also, the GID of 0 belongs to the root group, and the GID of 100 regularly serves the users group.

If you look at the previous user bitslovers that we created before, the GID has the same number as UID. Thus it’s the default behavior of the useradd command.

Consequently, to specify a different GID, you can apply the argument -g (or –gid) with a specific group. Also, you have two approaches to do that, specify either the GID number or group name. However, make sure that the GID or group name need already exists.

If you need to create a Group, it’s straightforward, and we can use the addgroup command:

groupadd bitslovers

Now le’s shows how to create User on Linux, and set the login group to users type:

sudo useradd -g users bitslovers

So, this command above is the approach to add user to group on Linux. It’s pretty simple.

If you would like to check the GID for any user, you can follow the same approach to the UID, but this time we use the -g argument:

id -gn bitslovers

Creating a User and Assign Multiple Groups

On Linux, there are two categories of groups. The Primary Group is the one that is automatically created when a user is created and with a unique user UID concurrently a group, and as we saw before, with GID identical as the user UID is generated. The user is added to the group and becomes the principal and only part of the group.  secondary group is a group that you can build individually with the guidance of commands, and we can later add users to it by editing the group ID of users.

Thus, to specify a list of different groups, defining which the user will be added as a member uses the G (or –groups).

For example, let’s create a new user named bitslovers with primary group admin and secondary groups tomcat and postfix.

sudo useradd -g admin -G tomcat, postfix bitslovers

You can verify if the user was created and assigned to the groups correctly, executing the command below:

id bitslovers

Output:

uid=1001(bitslovers) gid=100(admin) groups=100(admin),11(tomcat),912(postfix)

Create a User on Linux: How to specify the Login Shell?

Creating a User with Specific Login Shell

As we saw before, most of the configuration to create a new user is from the /etc/default/useradd file. The majority of Linux distributions use as default the /bin/bash or /bin/sh as Login Shell. However, we can change using the option -s (or –shell) on the adduser command.

sudo useradd -s /usr/bin/bash bitslovers

How to check which is Login Shell for one user?

We can discover which Login Shell is configured for a specific user by looking in the /etc/passwd:

grep bitslovers /etc/passwd

Output

bitslovers:x :1001:1001::/home/bitslovers:/usr/bin/bash

How add extra information for a Linux user?

We can add extra information for a user by adding comments using the argument -c (or –comment) enables you to attach a brief description for the new user. Commonly, on the comment, we can add the user’s full name or contact information.

For example, we can create a user bitslovers with the text “User Admin to manage the Blog”:

sudo useradd -c "User Admin to Manage the Blog" bitslovers

Where are the comments saved? 

You can verify in /etc/passwd file:

/etc/default/useradd
bitslovers:x :1001:1001:User Admin to Manage the Blog:/home/bitslovers:/bin/bash

Also, the comment itself has a specific name: GECOS.

How define an expiry date for a User on Linux?

Sometimes to create a user on Linux, we need to configure temporary access to a server. And, the better approach is to set expiry date, so if we forget to disable or delete the user, the system will automatically disable the login for that user.

To achieve this goal, we use the argument -e (or –expiredate). Also, you must follow the proper date format YYYY-MM-DD. Let’s go for our example:

sudo useradd -e 2022-04-13 bitslovers

To verify the expiration date for one user, we can use the chage command to display this information:

sudo chage -l bitslovers

The output will look something like this:

Last password change                    : April 13 , 2021
 Password expires                    : never
 Password inactive                    : never
 Account expires                        : April 13, 2022
 Minimum number of days between password change        : 0
 Maximum number of days between password change        : 99999
 Number of days of warning before password expires    : 7

How to disable a user from logging in?

If you need to disable a user, in other words, blocking a user from logging in, use the –disabled-login argument.

adduser --disabled-login [OPTIONS] user

This argument inserts the password to ! which indicates “login is deactivated, the user will be incapable of login.”

However, remember that this will only block user login – you can still turn to this account from some other doing the su command.

How to create a System User on Linux?

First, let’s highlight vital information: there is no real technical distinction between the system and regular (standard) users. Typically system users are generated when installing the OS also new packages.

Like other features from the adduser command, we have a specific argument to create a system user, and for that, we can use the -r (or –system).

The argument -r (–system) allows the creation of a system user account. Let’s see how to do it:

sudo useradd -r bitslovers

Note: Specifically for the system users, there is no expiration date.

The file login.defs provide us the range of system user IDs, which is distinct from the range used for regular users.

How to change the default useradd configuration values?

All configuration that useradd uses is coming from on the file /etc/default/useradd. If you would like to change any default configuration, you can edit that file. And, if you would like to see the default configuration, you use the -D (or –default) argument to print out the configuration.

For example:

useradd -D

The output will look something like this:

 GROUP=100
 HOME=/home
 INACTIVE=-1
 EXPIRE=
 SHELL=/bin/sh
 SKEL=/etc/skel
 CREATE_MAIL_SPOOL=no

For example, if you would like to modify the shell login, you can do as the example below: 

sudo useradd -D -s /bin/bash

To verify the new changes:

sudo useradd -D | grep SHELL
SHELL=/bin/bash

Also, for each new user added to the system, automatically, the files /etc/passwd, etc/group, /etc/gshadow, /etc/group and /etc/shadow are updated.

The /etc/gshadow file can be read only by the root user and includes an encrypted password for all group and group association and administrator data. Like in the /etc/group file, all group data is on a separate line.

The /etc/shadow file stocks the actual password in an encrypted format (also like the hash of the password) for the user’s record with different fields associated with the user password. Understanding /etc/shadow file format is crucial for users to debug user account problems. 

Change password on Linux

Create a User on Linux also requires attention regarding security. So, change the password on Linux should be a must-have skill. For good practices, we should change the password frequently.

When we create or change the password on Linux, the encrypted passwords are in the /etc/shadow file.

Regular users only can change their passwords. The root user and users that have sudo rights, for example, can change passwords on Linux from another user’s and determine how the password can be defined or modified.

When we are change password on Linux, make sure you’re adopting a unique and robust password.

Holding a secure password is the most critical point you can do to defend your account. Frequently a strong password contains:

  • At least 16 characters and one uppercase letter.
  • One special character.
  • One number.
  • One lowercase letter.

The user can only log in if we define a password. The passwd command can help us to achieve that goal.

The example below expects that you have permission to use sudo privileges.

To change password on Linux from another user account, you can execute the passwd command, followed by the user name. For example, to change the password of a user called bitslovers, perform the following command:

For example:

sudo passwd bitslovers

Enter and confirm the password. 

Or, if you would like to change your password, you can follow this example:

passwd

Enter and confirm the password. 

Those methods to change password on Linux also works on the most distribution like Ubuntu, Debian, Fedora, Mint, CentOS, and all variants from them.

Require User to Change Password at Next Login

The standard behavior, passwords are set never to expire. To ask and force a user to change their password the next event they log in, we can use the passwd command with argument –expire with the user name:

sudo passwd --expire bitslovers

The command above will instantly expire the user password.

On the next log in the users will show them a message forcing them to change the password.

Add User to Sudo

Create a User on Linux, using adduser also allows us to provide more privileges by add user to Sudo.

sudo is a command that allows the trusted users to perform commands as root (admin) or using a different user.

Let’s see two approaches to give sudo rights to a user. Let’s see The first approach that consists of adding the user to the sudoers file. Regarding the content of this file, it has information that checks which users and groups have access to use sudo privileges and the level of the rights.

The second approach is to add the user to the sudo group defined in the sudoers file. Frequently, on all Debian-based variations like Ubuntu and Linux Mint, members of the “sudo” group can execute the sudo command.

Editing sudoers file

To define sudo privileges, we need to change the sudoers files located on /etc/sudoers.

Appending the user to this file enables you to give customized access to the commands and set custom protection policies.

We can configure the user sudo access by changing the sudoers file or generating a new configuration file in the /etc/sudoers.d folder. The files inside this folder are added to the sudoers file.

Using visudo add user to sudo group

It’s recommended to use the visudo command to edit the /etc/sudoers file. Because this command verifies the file for syntax mistakes when you save it, if there are any mistakes, the visudo will not save the file. Otherwise, if you use a regular text editor to open the file, a syntax mistake may lose the sudo access.

Usually, visudo utilizes vim editor to open the /etc/sudoers. If you are not familiar with vim, and you would like to edit the file with another text editor like nano, switch the default editor by executing the command below:

EDITOR=nano visudo

For example, if you need to allow the bitslovers user to run sudo commands without asking for a password. So, you open the /etc/sudoers file:

visudo

At the end of the file, append the following line:

bitslovers ALL=(ALL) NOPASSWD:ALL

Do not skip to change bitslovers with the user name that you would like to give sudo access, and then save the file.

Add user to sudo group without visudo

Instead of editing the sudoers file, our second approach to add user to sudo can achieve the same result by creating a new file with the authorization rules in the /etc/sudoers.d folder. In other words, add the corresponding rule as you would insert to the sudoers file:

 echo "bitslovers ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/bitslovers

Add User to Sudo in Ubuntu is an uncomplicated task; all you have to do is add the user to the “sudo” group.

So, we have covered a lot in this article. Let’s resume:

1 – We learned how to use adduser with examples.

2 – Add user to group on Linux, using the adduser command.

3 – Add user to sudo group. To accomplish this, we can’t use adduser. Instead, we need to use the visudo command. 

4 – Also, we have learned add user to sudoers files.

Conclusion

Both adduser and addgroup commands have an excellent learning curve, but that doesn’t imply they are challenging to understand. You can start with seeing the arguments that support you do your job and know others regularly. We have already described some of the arguments here. 

Also, the best part to learn those command is that we can use in many others Linux distributions and even the arguments are the same, so we are free to jump to any Linux that you would like to.

Leave a Comment

Your email address will not be published. Required fields are marked *

Free PDF with a useful Mind Map that illustrates everything you should know about AWS VPC in a single view.