Differences between revisions 4 and 5

Users in Linux

In Linux, user can refer to either a local user that a real person uses interactively or a system user that is used to identify system processes.

Contents

Users in Linux

Creating Users

The low-level useradd(8) command should be avoided.

Use the adduser(8) utility to create a user. Most systems default to creating a home directory simultaneously, but it can be forced by including the --create-home option.

adduser --create-home USERNAME

To add a new user with a custom home directory, try:

adduser --create-home --home /var/USERNAME USERNAME

This can be useful for creating special logins for services, such as git.

Privileged Users

Standard practice is to use the wheel group to manage users with superuser privileges. This is managed by the sudoers file.

## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL

Either use visudo or edit /etc/sudoers directly to ensure that this line is uncommented.

Therefore, to add a privileged user, try:

adduser --create-home --groups wheel USERNAME

Adding Users to Groups

The low-level usermod(8) command should be avoided. But for reference, the command would be usermod --append --groups GROUPNAME USERNAME.

Use the adduser(8) utility to add a user to a group. For example...

adduser USERNAME wheel

Creating System Users

There are a few considerations for creating a system user:

To have a system user and group ID assigned, use the --system option.
Generally a home directory isn't desirable, so suppress the creation of one using the -M option.
To prevent interactive logins, set the login shell to /sbin/nologin (or something similar) using the --shell option.

adduser --system -M --shell /sbin/nologin USERNAME

To secure an existing user against login, either use chsh(1) or edit /etc/passwd directly.

BusyBox

Note that the BusyBox(1) implementation of adduser(8) does not support the normal flags and options.

!BusyBox Option	'Normal' Option
`-h DIR`	Create home directory at `DIR`
`-G GROUP`	Add to existing group
`-S`	Set as system user
`-H`	Do not create a home directory

Configuration

adduser(8) and useradd(8) both look at /etc/default/useradd for a number of variables. The default login shell (SHELL), the base directory for home directory creation (HOME), and so on.

adduser(8) additionally looks to /etc/logins.def. Much of this file relates to interactive login configuration, but a short list of variables are used in user creation. UID_MIN and UID_MAX define the range for local user IDs, while SYS_UID_MIN and SYS_UID_MAX define the range for system user IDs. (The parallel GID_MIN, GID_MAX, SYS_GID_MIN, and SYS_GID_MAX variables do the same for group IDs.)

CategoryRicottone

-  ⇤ ← Revision 4 as of 2020-11-10 15:26:48 → 
  Size: 3311
  Editor: DominicRicottone
  Comment:
+   ← Revision 5 as of 2020-11-10 15:38:00 → ⇥
  Size: 3197
  Editor: DominicRicottone
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
-## page was renamed from LinuxUsers
= Linux Users =
+= Users in Linux =
-Line 4:
+Line 3:
-On a Linux installation, '''user''' generally refers to a '''local user''' that a real person logs in as. It can also refer to '''system users''' that are created to establish permission restrictions on system processes. There is no real difference between these.
+In Linux, '''user''' can refer to either a '''local user''' that a real person uses interactively or a '''system user''' that is used to identify system processes.
-Line 12:
+Line 11:
-== Adding Users ==
+== Creating Users ==
-Line 14:
+Line 13:
-The low-level `useradd` command should be avoided.
+The low-level `useradd(8)` command should be avoided.
-Line 16:
+Line 15:
-To add a new user, call `adduser`. Most systems default to creating a home directory simultaneously, but it can be forced by including the `--create-home` option.
+Use the '''`adduser(8)`''' utility to create a user. Most systems default to creating a home directory simultaneously, but it can be forced by including the `--create-home` option.
-Line 55:
+Line 54:
-The low-level `usermod` command should be avoided. But for reference, the command would be `usermod --append --groups GROUPNAME USERNAME`.
+The low-level `usermod(8)` command should be avoided. But for reference, the command would be `usermod --append --groups GROUPNAME USERNAME`.
-Line 57:
+Line 56:
-To escalate the permissions of a user, following from the explanation above, run:
+Use the '''`adduser(8)`''' utility to add a user to a group. For example...
-Line 67:
+Line 66:
-== Adding System Users ==
+== Creating System Users ==
-Line 69:
+Line 68:
-There are a few considerations to make when creating a '''system user''', but all of them are optional.
+There are a few considerations for creating a system user:
-Line 72:
+Line 71:
- * Generally a home directory isn't desireable, so suppress the creation of one using the `-M` option.
 * To prevent login, set the login shell to `/sbin/nologin` (or something similar) using the `--shell` option.
+ * Generally a home directory isn't desirable, so suppress the creation of one using the `-M` option.
 * To prevent interactive logins, set the login shell to `/sbin/nologin` (or something similar) using the `--shell` option.
-Line 79:
+Line 78:
-To secure an existing user against login, either use `chsh` or edit `/etc/passwd` directly.
+To secure an existing user against login, either use `chsh(1)` or edit `/etc/passwd` directly.
-Line 87:
+Line 86:
-Note that the BusyBox implementation of `adduser` does not support the normal flags and options.
+Note that the '''`BusyBox(1)`''' implementation of `adduser(8)` does not support the normal flags and options.
-Line 89:
+Line 88:
-||'''BusyBox Option'''||''' 'Normal' Option'''        ||
||`-h DIR`            ||Create home directory at `DIR`||
||`-G GROUP`          ||Add to existing group         ||
||`-S`                ||Set as system user            ||
||`-H`                ||Do not create a home directory||
+||'''!BusyBox Option'''||''' 'Normal' Option'''        ||
||`-h DIR`             ||Create home directory at `DIR`||
||`-G GROUP`           ||Add to existing group         ||
||`-S`                 ||Set as system user            ||
||`-H`                 ||Do not create a home directory||
-Line 101:
+Line 100:
-`adduser` and `useradd` both look at `/etc/default/useradd` for a number of variables. The default login shell (`SHELL`), the base directory for home directory creation (`HOME`), and so on.
+`adduser(8)` and `useradd(8)` both look at `/etc/default/useradd` for a number of variables. The default login shell (`SHELL`), the base directory for home directory creation (`HOME`), and so on.
-Line 103:
+Line 102:
-`adduser` additionally looks to `/etc/logins.def`. Much of this file relates to interactive login configuration, but a short list of variables are used in user creation. `UID_MIN` and `UID_MAX` define the range for local user IDs, while `SYS_UID_MIN` and `SYS_UID_MAX` define the range for system user IDs. (The parallel `GID_MIN`, `GID_MAX`, `SYS_GID_MIN`, and `SYS_GID_MAX` variables do the same for group IDs.)
+`adduser(8)` additionally looks to `/etc/logins.def`. Much of this file relates to interactive login configuration, but a short list of variables are used in user creation. `UID_MIN` and `UID_MAX` define the range for local user IDs, while `SYS_UID_MIN` and `SYS_UID_MAX` define the range for system user IDs. (The parallel `GID_MIN`, `GID_MAX`, `SYS_GID_MIN`, and `SYS_GID_MAX` variables do the same for group IDs.)

Diff for "Linux/Users"