Linux: How to Add Users and Create Users with useradd

Bybomber bot

As a Linux system administrator or power user, one of your core responsibilities is managing user accounts. Whether you‘re onboarding a new developer, granting limited access to a contractor, or installing a service that requires its own dedicated user, knowing how to create and manage users is essential.

In this comprehensive guide, we‘ll dive deep into user creation on Linux with the useradd command. We‘ll cover everything from basic account creation to advanced techniques like scripting user setup. By the end of this article, you‘ll be a master of Linux user management.

Why User Management Matters

Before we get into the mechanics of user creation, let‘s take a moment to discuss why careful user management is so important.

Security

Proper user management is critical for system security. Every account on your system is a potential attack vector. An attacker who compromises a user account may be able to escalate privileges, steal data, or use your system to launch attacks on other machines.

This is why the principle of least privilege is so important. Each user should only have the minimum permissions necessary to do their job. A developer probably doesn‘t need root access, and a web application certainly shouldn‘t run as the root user.

By creating dedicated user accounts for each person and service, and carefully controlling their permissions, you greatly reduce the potential impact of a security breach.

Resource Allocation

User accounts also play a key role in resource allocation. Linux uses user and group ownership to determine who can access files and how much disk space, CPU time, and memory each user can consume.

Creating separate accounts for each user ensures that one user‘s resource-intensive tasks won‘t impact other users. It also makes it easier to track resource usage and identify users or applications that are consuming more than their fair share.

Creating a Basic User Account

With that context in mind, let‘s dive into actually creating users. The primary tool for this is the useradd command.

The basic syntax looks like this:

useradd [options] USERNAME

For example, to create a user named "john", you would run:

sudo useradd john

Note the use of sudo. You need to have root privileges to create users, so you‘ll need to either log in as the root user or prefix the command with sudo.

This command will create a user named "john", but the account isn‘t very useful yet. By default, useradd:

  • Does not create a home directory
  • Does not set a password
  • Uses the default shell specified in /etc/default/useradd (usually /bin/sh)
  • Does not add the user to any groups beyond their own user group

Let‘s look at how to customize the account creation process.

Creating a Home Directory

Most users will want a home directory to store their files. You can tell useradd to create a home directory by passing the -m option:

sudo useradd -m john

This will create a home directory for john at /home/john.

If you want to use a non-standard location for the home directory, you can specify it with the -d option:

sudo useradd -m -d /var/www/john john

Now john‘s home directory will be /var/www/john.

Setting the Shell

The default shell for new users is set in the /etc/default/useradd file. To specify a different shell for a specific user, use the -s option:

sudo useradd -m -s /bin/bash john

This sets john‘s login shell to bash.

Adding Users to Groups

By default, useradd creates a new group with the same name as the user and makes this the user‘s primary group. The user is not added to any other groups.

To add the user to existing groups, use the -G option followed by a comma-separated list of groups:

sudo useradd -m -G developers,admins john

This adds john to the developers and admins groups, in addition to his own user group.

Setting the User ID

Every user on a Linux system has a unique numeric user ID (UID). Normally, you let useradd automatically assign the next available UID. However, there are times when you may want to specify the UID manually.

For example, when using networked systems like NFS, it‘s important that the same user has the same UID on all systems. You can ensure this by passing the -u option to useradd:

sudo useradd -u 1001 john

This sets john‘s UID to 1001, regardless of what the next automatic UID would have been.

Scripting User Creation

If you need to create many users at once, it‘s impractical to run useradd manually for each one. Instead, you can script the process.

Here‘s a simple example bash script that reads user names from a file and creates an account for each one:

#!/bin/bash

while IFS=, read -r username group
do
  sudo useradd -m -G "$group" "$username"
  sudo passwd "$username"
done < users.csv

This script reads from a file called users.csv, which should contain one line per user in the format username,group. For each line, it creates a user with the specified name, adds them to the specified group, and prompts for a password.

You could easily extend this script to set other options like the shell or home directory location.

Setting Password Expiry

It‘s good security practice to force users to change their passwords regularly. You can set a password expiry date when creating the user with the -e option:

sudo useradd -m -e 2023-12-31 john

This sets john‘s password to expire on December 31, 2023.

You can also set a default password expiry for all new users by editing the EXPIRE variable in /etc/default/useradd.

Creating System Users

Not all user accounts are for actual people. Many services, like web servers and databases, run under their own dedicated user accounts.

Creating a system user is similar to creating a regular user, but with a few key differences:

  • System users typically don‘t need a home directory
  • System users should have a shell of /usr/sbin/nologin to prevent interactive login
  • System user UIDs are typically below 1000

Here‘s an example of creating a system user for MySQL:

sudo useradd -r -s /usr/sbin/nologin mysql

The -r option tells useradd to create a system account. This automatically sets the shell to nologin and doesn‘t create a home directory.

User Configuration Files

When you create a new user, useradd copies initial configuration files like .bashrc and .profile from the /etc/skel directory to the user‘s home directory.

You can customize these files in /etc/skel to set up a default environment for all new users. For example, you might add a custom prompt or aliases to .bashrc.

Remember, these files are only copied for users who have a home directory. For system users or users without a home directory, you‘ll need to configure the environment in the systemd service file or similar.

Related Commands

While useradd is the primary tool for creating users, there are a few related commands you should know:

  • passwd: Sets a user‘s password. Example: sudo passwd john
  • userdel: Deletes a user account. Example: sudo userdel john
  • usermod: Modifies an existing user account. Example: sudo usermod -a -G managers john
  • chsh: Changes a user‘s login shell. Example: chsh -s /bin/zsh
  • chfn: Changes a user‘s GECOS field (name, office, phone, etc.). Example: chfn -o "Room 101"

Each of these commands has its own set of options – consult their man pages for full details.

User Management Best Practices

Effective user management is more than just knowing the useradd options. Here are some best practices to keep in mind:

  1. Follow the principle of least privilege: Only give users the permissions they need to do their jobs. Regularly audit user permissions and remove any that are no longer necessary.

  2. Use strong passwords: Enforce password complexity requirements and regular password changes. Consider using a password manager to generate and store strong passwords.

  3. Audit user accounts regularly: Review your user accounts periodically. Remove or disable accounts that are no longer needed, like those of former employees.

  4. Separate system and user accounts: Use dedicated system accounts for services, and never use these accounts for interactive login.

  5. Use groups for permissions management: Rather than managing permissions on a per-user basis, assign users to groups and manage permissions at the group level.

  6. Monitor user activity: Use tools like last, w, and auditd to monitor user logins and activity. Investigate any suspicious behavior.

  7. Use centralized user management when possible: If you have many Linux machines, consider using a centralized user management system like LDAP or Active Directory to ensure consistent user accounts across all systems.

Real-World Example: Onboarding a New Developer

Let‘s walk through a real-world example to tie all these concepts together. Suppose you‘re onboarding a new developer, Alice, to your team. Here‘s how you might set up her user account:

  1. Create the user with a home directory and add her to the necessary groups:

    sudo useradd -m -G developers,devops alice

  2. Set her password:

    sudo passwd alice

  3. Set a password expiry date to force a change every 90 days:

    sudo chage -M 90 alice

  4. Customize her bash prompt by editing /etc/skel/.bashrc before step 1.

  5. Give her ownership of her home directory:

    sudo chown -R alice:alice /home/alice

  6. Set appropriate permissions on sensitive directories:

    sudo chmod -R o-rwx /home/alice

  7. Provide Alice with instructions on how to log in and change her password.

By following these steps, you ensure that Alice has a secure, properly configured account with access to the resources she needs to do her job.

Conclusion

User management is a core responsibility for any Linux administrator. The useradd command, along with related tools like passwd, usermod, and userdel, provide a powerful toolkit for creating and managing user accounts.

By understanding the various useradd options and following user management best practices, you can ensure that your Linux system remains secure and that your users have the resources they need to be productive.

Remember, effective user management is an ongoing process. Regularly auditing your user accounts, monitoring for suspicious activity, and adjusting permissions as needed are all essential tasks for maintaining a healthy Linux system.

References

Similar Posts

AWS Embraces KVM: A Deep Dive for Developers

Bybomber bot

As a seasoned full-stack developer and long-time AWS user, I‘ve spent countless hours honing my craft on EC2 instances. From deploying complex microservices to training massive ML models, EC2 has been my go-to platform for its unmatched scalability, reliability, and ever-expanding feature set. So when AWS recently announced a major shift in the underlying virtualization…

The Best Linux Examples: Mastering the Linux Command Line

Bybomber bot

Linux is far more than just an operating system. It‘s a powerful platform for computing of all kinds that offers unparalleled flexibility and control to users. In the hands of a knowledgeable developer or system administrator, Linux can be used to accomplish virtually any computing task, often with greater efficiency and customization than other operating…

Linux Server Tutorial – How to Login, Communicate, and Transfer Files

Bybomber bot

Linux servers power much of the internet and IT infrastructure around the world. In fact, over 96% of the top 1 million web servers run on Linux according to W3Techs. If you‘re a developer, system administrator, or aspiring IT professional, familiarizing yourself with Linux servers is an essential skill. In this tutorial, we‘ll cover the…

How to Create a Virtual IT Workspace: A Full-Stack Developer‘s Guide

Bybomber bot

As a full-stack developer and IT consultant with over 15 years of experience, I‘ve seen first-hand how virtualization has revolutionized the way we work in IT. Virtual workspaces provide unparalleled flexibility, allowing developers and IT pros to create isolated environments tailored to their exact needs. In this comprehensive guide, I‘ll share my expertise on leveraging…

How to View and Monitor Linux Processes: The Ultimate Guide

Bybomber bot

As a full-stack developer and Linux power user, you know that processes are the lifeblood of any system. Each running program, whether it‘s a web server, database, or script, is represented by one or more processes. Keeping an eye on these processes is crucial for maintaining the performance and stability of your Linux servers and…

Mastering File Comparison on the Command Line: An In-Depth Guide to Linux‘s Vimdiff

Bybomber bot

As a seasoned full-stack developer, I can attest that a significant portion of my time is spent comparing files. Whether it‘s reviewing a colleague‘s code changes, merging branches, or troubleshooting bugs, diffing is an essential part of the development workflow. Consider these statistics: The average developer spends 30% of their time reviewing code. (Source) Comparing…