Skip to content

X386 – Ubuntu & Python

Ubuntu and Python Documentation

  • Home
  • About
  • Contact
  • License
  • Privacy Policy

User and Group Administration on Ubuntu

Posted on 13/07/2020 - 29/03/2021 by exforge

UserAndGroupAdminOnUbuntu: User and Group Administration on Ubuntu 20.04

Copyright (C) 2020 Exforge exforge@x386.xyz

# This document is free text: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
# This document is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.
 

Specs

# Aimed for Ubuntu 20.04 Servers, but works fine on Ubuntu 18.04 Server and
#   on for all Ubuntu Desktops (Ubuntu, Kubuntu, Xubuntu, Lubuntu etc) too
#
# Based on the book Mastering Ubuntu Server 2nd Ed. by Jay LaCroix
#   This book has introduced me to Ubuntu Server and I have to thank him for this
#   excellent book. 
https://www.packtpub.com/networking-and-servers/mastering-ubuntu-server-second-edition
#
 

1. User Add and Delete

# 1.1. Add a new user jdoe and create home folder
sudo useradd -d /home/jdoe -m jdoe
#
# 1.2. Change user's password
sudo passwd jdoe
#
# 1.3. Delete a user
sudo userdel jdoe
#   remove home directory too
sudo userdel -r jdoe
 

2. Where the user information stored

# 2.1. User account information is stored in two special text files
cat /etc/passwd
sudo cat /etc/shadow
#
# 2.2. /etc/passwd file
#__________________________________
exforge:x:1000:1000:Exforge,,,:/home/exforge:/bin/bash
username:pw:UID:GID:Name,Surname,XX:homefolder:shell
#__________________________________
#
# 2.3. /etc/shadow file
# Passwords are stored as hashed in shadow file
#__________________________________
#  exforge:$6$z09H4l.6$h....A/tDL0:18221:0:99999:7:::
#  username:pwHash:DatesSinceLastPwChange:MinDaysToChangePw:
#   MaxDaysToChangePw:DaysBeforeUserWarnedToChangePw:
#   DaysToPwExpire:DaysToUserDisable
#__________________________________
#
# 2.4. User pw information extracted from /etc/shadow
sudo passwd -S username
#
# 2.5. Default contents for home folders:
#   Contents of /etc/skel folder is distributed to
#      created user's home directory
 

3. root user

# 3.1. root account is locked by default in Ubuntu
#   to give a pw to (and unlock) root
sudo passwd
#
# 3.2. switch to root account without unlocking it
sudo -i
#
# 3.3. switch to another user (if you know pw)
su - username
#
# 3.4. switch to another user (if you don't know pw)
sudo su - username
 

4. Batch user add

# 4.1. Create a text file for users
touch users.txt
# 4.2. Change the permissions of the file
chmod 600 users.txt
# 4.3. Add users information to the file
nano users.txt
#___________________________________
user1:password:::User1:/home/user1:/bin/bash
user2:password:::User2:/home/user2:/bin/bash
user3:password:::User3:/home/user3:/bin/bash
#___________________________________
#username:passwd:uid:gid:full name:home_dir:shell
#
# 4.4. Process file to add users
sudo newusers users.txt
#   You can check users from /etc/passwd
# 4.5. It is a good idea to change passwords of the users
sudo passwd user1
 

5. Group Management

# 5.1. List of groups
groups
#   or
cat /etc/group  
# it is similar to /etc/password
#
# 5.2. Add a new group
sudo groupadd admins
#
# 5.3. Delete a group
sudo groupdel admins
#
# 5.4. List members of a group
getent group groupname
#
# 5.5. Add a user to a group
# -a append new group to groups of user
# -G as a secondary group
sudo usermod -aG admins myuser
sudo usermod -a -G admins myuser
#    or
sudo gpasswd -a <username> <group>
#
# 5.6. Change users primary group
sudo usermod -g admins myuser
#
# 5.7. Remove user from a group
sudo gpasswd -d <username> <grouptoremove>
 

6. User manipulation

# 6.1. Change username
#   first change home directory
sudo usermod -d /home/jsmith jdoe -m
#   then change username
sudo usermod -l jsmith jdoe
#
# 6.2. Lock a user
sudo passwd -l <username>
# 6.3. unlock
sudo passwd -u <username>
#
# 6.4. Password expiration info
sudo chage -l <username>
# 6.5. Password requirements configuration
sudo apt install libpam-cracklib
sudo nano /etc/pam.d/common-password
 

7. sudo Group

# Members of sudo group can use sudo command
# 7.1. Configuration of sudo group members
sudo visudo
#__________________________________
%sudo	ALL=(ALL:ALL) ALL
#__________________________________
# sudo group members
#  can use sudo from any terminal
#  can use sudo to impersonate any user
#  can use sudo to impersonate any group
#  can use sudo for any command
#__________________________________
charlie  ubuntu-server=(dscully:admins) /usr/bin/apt
#__________________________________
#  user charlie, 
#   can only use sudo on ubuntu_server
#   can only impersonate dscully user
#   can only impersonate admins group
#   can only run /usr/bin/apt
#  For a user to sudo without passwd
#_____________________
ansible ALL=(ALL) NOPASSWD: ALL
#_____________________
#
# 7.2. List granted sudo privileges
sudo -l
 

Posted in Ubuntu

Post navigation

Keepalived On Ubuntu
Ansible On Ubuntu
Proudly powered by WordPress | Theme: micro, developed by DevriX.