Linux User Management
From KevinWiki
| Contents | 
Add a new user on Linux
Use THIS!!!
Details: https://www.linode.com/docs/security/securing-your-server
$ adduser yourusername $ usermod -a -G sudo yourusername
Now, use the new username to log in.
Essential
One way to add a new user on Linux is using useradd command.
$ useradd <username>
# You probably need to use Sudo command. $ sudo useradd <username>
With Home Directory
However, the user added will have neither the password nor the home directory. If you want to specify the home directory, you can use -d option. If you also want to create home directory and set it for the user when adding a new user, you can use -m option with -d.
$ useradd -d <home directory path> -m <username> $ useradd -d /home/newuser -m newuser
With Specifying Login Shell
After using useradd above, you may realise that the new user's login shell is not the one you want him or her to have. So in order to specify the login shell, you can -s option.
$ useradd -d <home directory path> -m <username> -s <shell> $ useradd -d /home/newuser -m newuser -s /bin/bash
Set User Password
$ passwd USERNAME Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
To get valid login shell list, check out /etc/shells file.
$ cat /etc/shells # /etc/shells: valid login shells /bin/csh /usr/bin/es /usr/bin/ksh /bin/ksh /usr/bin/rc /usr/bin/tcsh /bin/tcsh /usr/bin/esh /usr/bin/screen /bin/sh /bin/dash /bin/false /bin/bash /bin/rbash
  useradd Help Result 
$ useradd --help Usage: useradd [options] LOGIN Options: -b, --base-dir BASE_DIR base directory for the new user account home directory -c, --comment COMMENT set the GECOS field for the new user account -d, --home-dir HOME_DIR home directory for the new user account -D, --defaults print or save modified default useradd configuration -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP for the new user account -G, --groups GROUPS list of supplementary groups for the new user account -h, --help display this help message and exit -k, --skel SKEL_DIR specify an alternative skel directory -K, --key KEY=VALUE overrides /etc/login.defs defaults -m, --create-home create home directory for the new user account -o, --non-unique allow create user with duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new user account -r, --system create a system account -s, --shell SHELL the login shell for the new user account -u, --uid UID force use the UID for the new user account
Modify User
Change Home Directory
$ sudo usermod -d /userhome/path/ <username>
  usermod Help Result 
$ usermod --help 
Usage: usermod [options] LOGIN
Options:
  -c, --comment COMMENT         new value of the GECOS field
  -d, --home HOME_DIR           new home directory for the user account
  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS
                                mentioned by the -G option without removing
                                him/her from other groups
  -h, --help                    display this help message and exit
  -l, --login NEW_LOGIN         new value of the login name
  -L, --lock                    lock the user account
  -m, --move-home               move contents of the home directory to the
                                new location (use only with -d)
  -o, --non-unique              allow using duplicate (non-unique) UID
  -p, --password PASSWORD       use encrypted password for the new password
  -s, --shell SHELL             new login shell for the user account
  -u, --uid UID                 new UID for the user account
  -U, --unlock                  unlock the user account
Remove User
Essential
A simple way to remove the existing Linux user is using userdel command.
$ userdel <username>
# You probably need to use Sudo command. $ sudo userdel <username>
Also Remove Home Directory
$ userdel -r <username> $ userdel -r newuser
  userdel Help Result 
$ userdel --help Usage: userdel [options] LOGIN Options: -f, --force force removal of files, even if not owned by user -h, --help display this help message and exit -r, --remove remove home directory and mail spool
Sudoer
  Add User to sudo List 
-To add a uer to sudo list, run the command below
$visudo
-Add the username after root
# User privilege specification root,username ALL=(ALL) ALL
i -> edit -> ESC -> : -> wq
If sudo -s in new Ubuntu doesn't add user's HOME to the environment, add the following line to /etc/sudoers.
Defaults env_keep += "HOME"
WARNING: This can be dangerous so please read https://askubuntu.com/a/1187000 first.
Disable root User ID
- Do not forget to have at least one sudoer user before running this.
$ passwd -l root
  passwd Help Result 
$ passwd --help 
Usage: passwd [options] [LOGIN]
Options:
  -a, --all                     report password status on all accounts
  -d, --delete                  delete the password for the named account
  -e, --expire                  force expire the password for the named account
  -h, --help                    display this help message and exit
  -k, --keep-tokens             change password only if expired
  -i, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --lock                    lock the named account
  -n, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -q, --quiet                   quiet mode
  -r, --repository REPOSITORY   change password in REPOSITORY repository
  -S, --status                  report password status on the named account
  -u, --unlock                  unlock the named account
  -w, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
  -x, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS
Root Login
If you need a persistent root login, use
$ sudo -i
References
[RootSudo]
Kick Out User Logged in
How to
-Check the processes of the user whom you want to kick out, then kill the user's login shell (e.g. bash)
-To display all the processes belong to the user.
$ ps aux | grep ${USER} 
-To display only PIDs and processes belong to the user
$ ps aux | grep ${USER} | awk '{print $2 " " $11}' | sort -gr 
-To kill the process
$ sudo kill -s 9 <PID number>
Example
# username is 'user'
$ ps aux | grep ${USER} 
root     19087  0.0  0.7  67964  2904 ?        Ss   13:32   0:00 sshd: user  [priv]
user     19089  0.0  0.4  67964  1724 ?        S    13:32   0:00 sshd: user@pts/0
user     19090  0.0  0.6  19336  2248 pts/0    Ss   13:32   0:00 -bash
user     19100  0.0  0.2  15056  1088 pts/0    R+   13:32   0:00 ps aux
user     19101  0.0  0.2   5160   828 pts/0    S+   13:32   0:00 grep user
$ ps aux | grep ${USER} | awk '{print $2 " " $11}' | sort -gr 
19105 sort
19104 awk
19103 grep
19102 ps
19090 -bash
19089 sshd:
19087 sshd:
-awk option.
#print the 2nd and the 11th columns print $2 " " $11 (sort options -g, --general-numeric-sort compare according to general numerical value -r, --reverse reverse the result of comparisons)
-Kill the bash
$ sudo kill -s 9 19090
To Kick out Another Login of Yours
$ who user pts/0 2008-08-24 13:25 user pts/1 2008-08-24 12:50 <= to kick this out.
$ ps a PID TTY STAT TIME COMMAND 2552 tty1 Ss+ 0:00 /sbin/getty 38400 tty1 18988 pts/1 Ss+ 0:00 -bash 19044 pts/0 Ss 0:00 -bash 19078 pts/0 R+ 0:00 ps a
$ kill -s 9 18988
$ who user pts/0 2008-08-24 13:25
$ ps a PID TTY STAT TIME COMMAND 2552 tty1 Ss+ 0:00 /sbin/getty 38400 tty1 19044 pts/0 Ss 0:00 -bash 19080 pts/0 R+ 0:00 ps a

