Managing Users in Debian Linux
I’ve used webmin for most of my user administration in the past just because of the ease of use, however I’ve been trying to move away from webmin and do everything myself from the command line lately so I’ve gotten back into adding users and managing passwords and groups from the command line. Because there are so many commands within Linux, it’s hard to remember all the commands unless you use them on a daily basis, so I’ve decided to document the process here to make it easier for myself to remember as well as to help out anyone else looking for similar information.
Also, these instructions will work on pretty much any flavour of Linux, I just happen to be working off Debian 4.0 right now, but they’re all standard *nix commands so if you are working off any other distribution you should be fine.
When I was first learning Linux, my instructor said that one thing that makes Linux different from Windows is that Linux assumes you know what you’re doing from the start. Specifically when you’re logged in as root, you get very cryptic messages if at all, for the sole reason that the command line assumes you know what you’re doing and don’t need any sort of notice or confirmation. Keep this in mind whenever you do anything from the command line.
Overview of User Administration in Linux
Users on a Linux server are organized into groups – with each user able to be included in multiple groups.
You’ll need to add a user to setup FTP accounts, e-mail accounts (if you use sendmail), and in order to give anyone shell access to your server.
Adding Users in Linux
Command: adduser. To add users to use the useradd command, "there also may be a useradd command on your server (however adduser is recommended) ". The following command will add a user named ‘jgoddard’ on your server.
adduser jgoddard
That command adds a new user to the server with entries in the /etc/passwd, and /etc/shadow files.
jgoddard:x:1000:1000:JARROD:/home/jgoddard:/bin/bash
/etc/passwd File Format
This line is added to your /etc/passwd file with the user’s details separated by colons, as indicated in the following list.
- The first field is your username, jgoddard
- an x is used to represent your password (in older versions of unix/linux, you used to have your encrypted password stored here but due to security issues it’s now been moved to your /etc/shadow file
- your user id
- your default group id
- the user’s full name or comment
- user’s home directory
- user’s default shell
Editing Users in Linux
To edit a user in Linux, use the usermod command. Typically, this is done to change their shell, home directory, or add the user to a new group. I really don’t use this command often – as there are alternatives to most user editing functions. For example, to change a users password, use the passwd command.
passwd jgoddard
You will be prompted for the new password, and then again to confirm the new password. If you are not logged in as root, you can only use this command to change your own password, and you must also confirm your existing password first.
Managing New Groups
To create new groups, use the groupadd command, it’s usage is pretty simple.
groupadd powerusers
Will add a new group called powerusers. If you want to now add users to this group, you will need to use the usermod command.
usermod -G powerusers -a jgoddard
Remember to use the capital G to set the group you want to add a user to and the -a switch to set the user you want added to the group. This will add jgoddard to the powerusers group, but it won’t set powerusers as jgoddard’s primary group. To change jgoddard’s primary group, use a lowercase g.
If you want to delete a group use the groupdel command.
groupdel powerusers
These group settings are stored in the /etc/group file. To see the changes in your groups just look at the /etc/group file. Each line in the file will list the group details separated by colons ( : ). First is the group name, followed by the group password (represented by an X, the password is stored in the /etc/gshadow file), and finally followed by a comma-separated list of users who are members of that group. If you have a lot of groups on your server, you can just grep the file to grab the row of the file for the group your looking for.
cat /etc/group | grep powerusers
Will show just the line from the group file for powerusers. If you want to see any group that a certain user is a part of then just use the following command:
cat /etc/group | grep jgoddard
This will outline any rows in the line that include the username jgoddard.
Viewing User Details in Linux
Finally, if you just want to view user information for users in Linux, use the finger command.
finger jgoddard
Will output the login name, name, home directory, and shell as well as some other information on the user.
Login: jgoddard Name: JARROD
Directory: /home/jgoddard Shell: /bin/bash
On since Wed Apr 30 03:05 (UTC) on pts/0 from s01060015e968076b.ok.shawcable.net (messages off)
New mail received Wed Mar 26 20:03 2008 (UTC)
Unread since Sat Mar 22 00:03 2008 (UTC)
No Plan.
May 2nd, 2008 at 11:56 am
It’s better to use adduser instead useradd.
There’re many differences by default –some very important and with great impact as UIDs– as you can see in /etc/adduser.conf vs /etc/default/useradd
May 2nd, 2008 at 12:04 pm
P.S. Just in case you have some doubt about it, from ‘man useradd’:
‘…useradd is a low level utility for adding users. On Debian, administrators should usually use adduser(8) instead’.
May 2nd, 2008 at 12:21 pm
Thanks for the tip. I’ll update the post.
May 4th, 2008 at 5:35 pm
[...] Administering and Managing Users in Linux using Debian | JarrodGoddard.com (tags: debian tutorial) [...]
July 12th, 2009 at 11:15 pm
Hi All,
I have one issue with the guest account i want to disable it as it is giving vulnerability in the network.may i know how i can do it.any help will be appreciated.
Thanks
Sameer