Introduction
This lab will guide you through basic user account management operations in Linux systems. You'll learn how to create, modify, and delete user accounts, as well as how to set and change passwords. These are fundamental skills for Linux system administration. Don't worry if you're new to Linux - we'll explain everything step by step!
Creating a New User
Let's start by creating a new user account named "joker".
- Open a terminal. In Linux, the terminal is a text interface where you can enter commands.
- Type the following command and press Enter:
sudo useradd joker
Let's break this down:
sudois a command that gives you temporary superuser (administrator) privileges. We use it because creating a new user requires these higher-level permissions.useraddis the command to create a new user.jokeris the username we're creating.
Note: If you try to run this command without sudo, you'll get a "permission denied" error. This is because regular users aren't allowed to create new user accounts - it's a task reserved for system administrators.
This highlights the difference between a superuser and a common user. As a common user, you can't create new user accounts, but by using sudo, you can temporarily elevate your privileges to perform this administrative task.
- To verify that the user was created, we'll examine the
/etc/passwdfile:
sudo grep -w 'joker' /etc/passwd
The /etc/passwd file is like a phonebook for user accounts. Each line represents one user account, with different pieces of information separated by colons (:).
You should see output similar to:
joker:x:5001:5001::/home/joker:/bin/sh
This line shows:
- Username: joker
- Password: x (the actual password is stored securely elsewhere)
- User ID: 5001
- Group ID: 5001
- Home Directory:
/home/joker, but it hasn't been created yet - Default Shell:
/bin/sh
Creating a User with a Home Directory
Now, let's create another user named "bob" and give them a home directory.
- Run the following command:
sudo useradd -m bob
The -m option tells the system to create a home directory for the user. A home directory is like a personal folder where a user can store their files and settings.
- Let's verify that the home directory was created:
sudo ls -ld /home/bob
You should see output similar to:
drwxr-x--- 2 bob bob 57 Jan 19 13:33 /home/bob
This output shows:
dat the start means it's a directoryrwxr-x---shows who can read, write, or execute in this directory- The two
bobentries show that both the user and group owner of this directory is bob 57is the size of the directory in bytesJan 19 13:33is when the directory was created/home/bobis the location of the directory
Setting a User Password
Now we need to set a password for our new users. Let's set a password for "joker".
- Run the following command:
sudo passwd joker
- You'll be asked to enter a new password twice. For this lab, use a simple password like "password123".
Important: The password will not be displayed as you type it. This is a security feature in Linux to prevent others from seeing your password as you type it. If you accidentally enter the wrong password, you can try again. Important: Remember this password! You'll need it later in the lab.
- If successful, you'll see a message saying "passwd: password updated successfully".
Note: In a real-world scenario, always use strong, unique passwords!
Behind the scenes, Linux stores encrypted passwords in a secure file called /etc/shadow. This is more secure than storing them in the /etc/passwd file where anyone could see them.
Modifying User Properties
Linux allows us to change various settings for a user account after it's been created. Let's change joker's home directory as an example.
- Run the following command:
sudo usermod -d /home/wayne joker
Here's what this does:
usermodis the command to modify user account settings-d /home/waynespecifies the new home directoryjokeris the user we're modifying
- Let's verify the change:
sudo grep -w 'joker' /etc/passwd
-w is used to match the whole word, and grep is used to search for the word in the file. You should see that joker's home directory has been updated in the output.
Changing User Shell
Another important setting we can modify is the user's default shell. The shell is the program that interprets and runs the commands you type in the terminal.
By default, the user 'joker' is using /bin/sh as their shell. While sh (Bourne Shell) is a basic shell that's present on most Unix-like systems, bash (Bourne Again Shell) offers more features and is generally more user-friendly.
Changing joker's shell to bash provides several benefits:
- More intuitive command-line interface
- Enhanced scripting capabilities
- Better customization options for the user's environment
Here's how to make the change:
- Change joker's default shell to bash:
sudo usermod -s /bin/bash joker
- Verify the change:
sudo grep -w 'joker' /etc/passwd
You should see /bin/bash at the end of joker's entry. This means bash is now joker's default shell.
After making this change, joker will have access to the more feature-rich bash environment whenever they log in or open a new terminal session.
Adding a User to a Group
In Linux, we use groups to organize users and manage permissions. One important group is the sudo group, which gives users administrative privileges. Let's add joker to the sudo group as an example.
Why would we add a user to the sudo group?
- System administration: Users in the sudo group can perform system-wide administrative tasks.
- Software installation: Sudo group members can install and update software packages.
- Configuration changes: They can modify system configuration files.
- User management: They can create, modify, or delete other user accounts.
You might wonder: "Why add someone to the sudo group when we can always use the 'sudo' command?" Here's why:
- Convenience: Users in the sudo group can use sudo without needing to know the root password. They use their own password instead.
- Granular control: System administrators can configure sudo to allow specific users to run only certain commands with superuser privileges.
- Accountability: Unlike sharing the root password, sudo logs who ran what command, improving security and traceability.
- Security: It's generally more secure to have named accounts with sudo access than to share the root password among multiple admins.
In a real-world scenario, you would typically add a user to the sudo group if:
- They are a system administrator or IT staff member who needs to perform regular maintenance tasks.
- They are a developer who needs to install specific software or make system changes for their work.
- They are a power user who needs elevated privileges for certain tasks, but you don't want to give them the root password.
Remember, adding a user to the sudo group gives them significant power over the system, so this should be done cautiously and only when necessary.
Now, let's add joker to the sudo group:
- Run this command:
sudo usermod -aG sudo joker
Here's what this does:
usermodis the command to modify user accounts-aGmeans "append to Group" (add to a group without removing from other groups)sudois the group we're adding the user tojokeris the user we're modifying
- Verify the change:
groups joker
You should see sudo listed among joker's groups.
- To see the effect of this change, we need to switch to the joker user and try a command that requires sudo privileges:
su - joker
This command switches from your current user (labex) to the joker user. You will be prompted to enter joker's password. Remember, this is the password you set earlier (password123). As you type the password, you won't see any characters on the screen - this is a security feature.
- Once logged in as joker, let's try to view a file that normally requires root privileges:
sudo cat /etc/shadow
Enter joker's password again when prompted. You should be able to see the contents of the /etc/shadow file, which is usually only accessible to root. This confirms that joker now has sudo privileges.
- After you're done, type
exitto return to your original user account (labex).
Note: In a production environment, you should be very careful about who you add to the sudo group. With great power comes great responsibility!
Locking and Unlocking User Accounts
Sometimes, you might need to temporarily disable a user account without deleting it.
- Lock the joker account:
sudo passwd -l joker
The -l option locks the password.
- Try to switch to the joker user:
su - joker
You'll be asked for a password. Enter the password you set for joker earlier ("password123" if you followed our suggestion).
You should see an "authentication failure" message. This means the account is successfully locked.
- Now, let's unlock the account:
sudo passwd -u joker
The -u option unlocks the password.
- Try switching to the joker user again:
su - joker
Enter the password when prompted. This time, you should be able to switch to the joker user successfully.
Type exit to return to your original user account before continuing to the next step.
Deleting a User
Finally, let's learn how to delete a user. We'll delete the "bob" user we created earlier.
- Delete bob and their home directory:
sudo userdel -r bob
The userdel command deletes user accounts. The -r option removes the user's home directory and mail spool.
- Verify that the user has been deleted:
sudo grep -w 'bob' /etc/passwd
sudo ls -ld /home/bob
Both commands should return no results. This means the user and their home directory have been successfully removed.
Summary
Congratulations! You've completed the Linux User Account Management lab. You've learned how to:
- Create new user accounts
- Set user passwords
- Modify user properties like home directory and default shell
- Add users to groups
- Lock and unlock user accounts
- Delete user accounts
You've also been introduced to important Linux concepts like the /etc/passwd file, home directories, shells, and user groups. These are fundamental skills for Linux system administration. Remember, in real-world scenarios, always follow your organization's security policies when managing user accounts.
