User admin basics

--- robots: noindex, nofollow lang: en-us breaks: true --- {%hackmd theme-dark %} # User Admin basics [TOC] ## Adding a new user ([Source](https://www.howtogeek.com/806104/create-linux-user/)) > sudo access implied ``` sudo useradd -s /bin/bash -m -c "User Name" user_id sudo passwd user_id ``` It's advisable to give users a temporary password and prompt them to change their password after first login: ``` sudo passwd --expire user_id ``` ## Linux Groups ([Source](https://linuxize.com/post/how-to-add-user-to-group-in-linux/)) Linux groups are organization units that are used to organize and administer user accounts in Linux. The primary purpose of groups is to define a set of privileges such as reading, writing, or executing permission for a given resource that can be shared among the users within the group. ### Creating a group and adding user in linux ``` sudo groupadd group_name # check if group was created groups | grep group_name # add current user to the group sudo usermod -aG group_name $USER # or using any user id sudo usermod -aG group_name user_id # activate the changes to groups newgrp group_name # check users already in the group getent group group_name # display complete user information id user_id # display the user’s supplementary groups groups user_id ``` >Note: It's possible to add an user to multiple groups at once `sudo usermod -aG group1,group2 user_id` ### Remove an user from group or a group itself ``` # remove user from group sudo gpasswd -d user_id group_name # remove entire group sudo groupdel group_name ``` ### Adding user to sudo group ([Source](https://unix.stackexchange.com/questions/591420/usermod-group-sudo-does-not-exist-in-centos)) ``` # On Debian-based distros sudo usermod -aG sudo user_id # On RHEL and OpenSUSE distros sudo usermod -aG wheel user_id ``` #### Using root passwd instead of own password ([Source](https://ostechnix.com/force-users-use-root-password-instead-password-using-sudo-command/)) If your password is hacked, the hacker still need to crack the root user password to get the root access on your system. Therefore, the sudo password and the root passwd must be different, ideally. > run `sudo visudo` and uncomment the following line: `# %wheel ALL=(ALL) ALL`. For a single user instead of a entire group of users > run `sudo visudo` and add/modify as shown in sudoers file after `root ALL=(ALL) ALL` line: ``` Defaults:user_id rootpw user_id ALL = (ALL) ALL ``` > Tip: The previous commands will open a Vim editor, hence use `i` to enter "insert mode" and after uncomment the line press `esc` then press enter after type `:wq`. Even #### Allow the user/group to run only specific commands via sudo ([Source](https://linuxize.com/post/how-to-add-user-to-sudoers-in-ubuntu/)) Via `/etc/sudoers` file, add the following line to allow only the mkdir and rmdir commands: ``` user_id ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir ``` Another option is to create a new config file in the `/etc/sudoers.d` directory using the following command: ``` echo "user_id ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/user_id ``` ## Bonus tip :memo: When using a device as e.g a server, suspending might not be needed or it could even be undesired. Any sleep state can be configured: ``` sudo mkdir /etc/systemd/sleep.conf.d sudo cat << EOF > /etc/systemd/sleep.conf.d/disable-suspend.conf { [Sleep] AllowSuspend=no AllowHibernation=no AllowSuspendThenHibernate=no AllowHybridSleep=no } EOF ``` Restart the machine: `sudo reboot`.