|
Size: 2853
Comment:
|
← Revision 8 as of 2023-06-29 16:52:38 ⇥
Size: 1690
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| On a Linux installation, '''user''' generally refers to a '''local user''' that a real person logs in as. It can also refer to '''system users''' that are created to establish permission restrictions on system processes. There is no real difference between these. | A '''user''' can refer to either a '''local user''' that a real person uses interactively or a '''system user''' that is used to set permissions on system processes. |
| Line 11: | Line 11: |
| == Adding Users == | == Creating Users == |
| Line 13: | Line 13: |
| The low-level `useradd` command should be avoided. To add a new user, call `adduser`. Most systems default to creating a home directory simultaneously, but it can be forced by including the `--create-home` option. {{{ adduser --create-home USERNAME }}} To add a new user with a custom home directory, try: {{{ adduser --create-home --home /var/USERNAME USERNAME }}} This can be useful for creating special logins for services, such as `git`. |
See [[AddUser|adduser(8)]] and [[UserAdd|useradd(8)]]. The former is simpler and can be used interactively. |
| Line 33: | Line 19: |
| Standard practice is to use the `wheel` group to manage users with superuser privileges. This is managed by the sudoers file. | Standard practice is that privileged users are in the `wheel` group. This is managed by the sudoers file. |
| Line 42: | Line 28: |
| Therefore, to add a privileged user, try: {{{ adduser --create-home --groups wheel USERNAME }}} ---- == Adding Users to Groups == The low-level `usermod` command should be avoided. But for reference, the command would be `usermod --append --groups GROUPNAME USERNAME`. To escalate the permissions of a user, following from the explanation above, run: |
Therefore, to escalate a user's privileges, try |
| Line 62: | Line 34: |
| ---- | |
| Line 65: | Line 36: |
| === Custom Groups === | |
| Line 66: | Line 38: |
| == Adding System Users == | To create a custom group, see [[AddGroup|addgroup(8)]] and [[GroupAdd|groupadd(8)]]. The former is simpler. |
| Line 68: | Line 40: |
| There are a few considerations to make when creating a '''system user''', but all of them are optional. * To have a system user and group ID assigned, use the `--system` option. * Generally a home directory isn't desireable, so suppress the creation of one using the `-M` option. * To prevent login, set the login shell to `/sbin/nologin` (or something similar) using the `--shell` option. |
Then to add a user to that group, try: |
| Line 75: | Line 43: |
| adduser --system -M --shell /sbin/nologin USERNAME | adduser USERNAME GROUPNAME |
| Line 77: | Line 45: |
To secure an existing user against login, either use `chsh` or edit `/etc/passwd` directly. |
|
| Line 86: | Line 52: |
| `adduser` and `useradd` both look at `/etc/default/useradd` for a number of variables. The default login shell (`SHELL`), the base directory for home directory creation (`HOME`), and so on. | `adduser(8)` and `useradd(8)` both look at `/etc/default/useradd` for a number of variables. The default login shell (`SHELL`), the base directory for home directory creation (`HOME`), and so on. |
| Line 88: | Line 54: |
| `adduser` additionally looks to `/etc/logins.def`. Much of this file relates to interactive login configuration, but a short list of variables are used in user creation. `UID_MIN` and `UID_MAX` define the range for local user IDs, while `SYS_UID_MIN` and `SYS_UID_MAX` define the range for system user IDs. (The parallel `GID_MIN`, `GID_MAX`, `SYS_GID_MIN`, and `SYS_GID_MAX` variables do the same for group IDs.) | `adduser(8)` additionally looks to `/etc/logins.def`. Much of this file relates to interactive login configuration, but a short list of variables are used in user creation. `UID_MIN` and `UID_MAX` define the range for local user IDs, while `SYS_UID_MIN` and `SYS_UID_MAX` define the range for system user IDs. (The parallel `GID_MIN`, `GID_MAX`, `SYS_GID_MIN`, and `SYS_GID_MAX` variables do the same for group IDs.) |
Linux Users
A user can refer to either a local user that a real person uses interactively or a system user that is used to set permissions on system processes.
Creating Users
See adduser(8) and useradd(8). The former is simpler and can be used interactively.
Privileged Users
Standard practice is that privileged users are in the wheel group. This is managed by the sudoers file.
## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL) ALL
Either use visudo or edit /etc/sudoers directly to ensure that this line is uncommented.
Therefore, to escalate a user's privileges, try
adduser USERNAME wheel
Custom Groups
To create a custom group, see addgroup(8) and groupadd(8). The former is simpler.
Then to add a user to that group, try:
adduser USERNAME GROUPNAME
Configuration
adduser(8) and useradd(8) both look at /etc/default/useradd for a number of variables. The default login shell (SHELL), the base directory for home directory creation (HOME), and so on.
adduser(8) additionally looks to /etc/logins.def. Much of this file relates to interactive login configuration, but a short list of variables are used in user creation. UID_MIN and UID_MAX define the range for local user IDs, while SYS_UID_MIN and SYS_UID_MAX define the range for system user IDs. (The parallel GID_MIN, GID_MAX, SYS_GID_MIN, and SYS_GID_MAX variables do the same for group IDs.)