UserAndGroupAdminOnUbuntu: User and Group Administration on Ubuntu 20.04
Copyright (C) 2020 Exforge exforge@x386.xyz
# This document is free text: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
# This document is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# Aimed for Ubuntu 20.04 Servers, but works fine on Ubuntu 18.04 Server and
# on for all Ubuntu Desktops (Ubuntu, Kubuntu, Xubuntu, Lubuntu etc) too
#
# Based on the book Mastering Ubuntu Server 2nd Ed. by Jay LaCroix
# This book has introduced me to Ubuntu Server and I have to thank him for this
# excellent book.
https://www.packtpub.com/networking-and-servers/mastering-ubuntu-server-second-edition
#
# 1.1. Add a new user jdoe and create home folder
sudo useradd -d /home/jdoe -m jdoe
#
# 1.2. Change user's password
sudo passwd jdoe
#
# 1.3. Delete a user
sudo userdel jdoe
# remove home directory too
sudo userdel -r jdoe
2. Where the user information stored
# 2.1. User account information is stored in two special text files
cat /etc/passwd
sudo cat /etc/shadow
#
# 2.2. /etc/passwd file
#__________________________________
exforge:x:1000:1000:Exforge,,,:/home/exforge:/bin/bash
username:pw:UID:GID:Name,Surname,XX:homefolder:shell
#__________________________________
#
# 2.3. /etc/shadow file
# Passwords are stored as hashed in shadow file
#__________________________________
# exforge:$6$z09H4l.6$h....A/tDL0:18221:0:99999:7:::
# username:pwHash:DatesSinceLastPwChange:MinDaysToChangePw:
# MaxDaysToChangePw:DaysBeforeUserWarnedToChangePw:
# DaysToPwExpire:DaysToUserDisable
#__________________________________
#
# 2.4. User pw information extracted from /etc/shadow
sudo passwd -S username
#
# 2.5. Default contents for home folders:
# Contents of /etc/skel folder is distributed to
# created user's home directory
# 3.1. root account is locked by default in Ubuntu
# to give a pw to (and unlock) root
sudo passwd
#
# 3.2. switch to root account without unlocking it
sudo -i
#
# 3.3. switch to another user (if you know pw)
su - username
#
# 3.4. switch to another user (if you don't know pw)
sudo su - username
# 4.1. Create a text file for users
touch users.txt
# 4.2. Change the permissions of the file
chmod 600 users.txt
# 4.3. Add users information to the file
nano users.txt
#___________________________________
user1:password:::User1:/home/user1:/bin/bash
user2:password:::User2:/home/user2:/bin/bash
user3:password:::User3:/home/user3:/bin/bash
#___________________________________
#username:passwd:uid:gid:full name:home_dir:shell
#
# 4.4. Process file to add users
sudo newusers users.txt
# You can check users from /etc/passwd
# 4.5. It is a good idea to change passwords of the users
sudo passwd user1
# 5.1. List of groups
groups
# or
cat /etc/group
# it is similar to /etc/password
#
# 5.2. Add a new group
sudo groupadd admins
#
# 5.3. Delete a group
sudo groupdel admins
#
# 5.4. List members of a group
getent group groupname
#
# 5.5. Add a user to a group
# -a append new group to groups of user
# -G as a secondary group
sudo usermod -aG admins myuser
sudo usermod -a -G admins myuser
# or
sudo gpasswd -a <username> <group>
#
# 5.6. Change users primary group
sudo usermod -g admins myuser
#
# 5.7. Remove user from a group
sudo gpasswd -d <username> <grouptoremove>
# 6.1. Change username
# first change home directory
sudo usermod -d /home/jsmith jdoe -m
# then change username
sudo usermod -l jsmith jdoe
#
# 6.2. Lock a user
sudo passwd -l <username>
# 6.3. unlock
sudo passwd -u <username>
#
# 6.4. Password expiration info
sudo chage -l <username>
# 6.5. Password requirements configuration
sudo apt install libpam-cracklib
sudo nano /etc/pam.d/common-password
# Members of sudo group can use sudo command
# 7.1. Configuration of sudo group members
sudo visudo
#__________________________________
%sudo ALL=(ALL:ALL) ALL
#__________________________________
# sudo group members
# can use sudo from any terminal
# can use sudo to impersonate any user
# can use sudo to impersonate any group
# can use sudo for any command
#__________________________________
charlie ubuntu-server=(dscully:admins) /usr/bin/apt
#__________________________________
# user charlie,
# can only use sudo on ubuntu_server
# can only impersonate dscully user
# can only impersonate admins group
# can only run /usr/bin/apt
# For a user to sudo without passwd
#_____________________
ansible ALL=(ALL) NOPASSWD: ALL
#_____________________
#
# 7.2. List granted sudo privileges
sudo -l