UserAndGroupAdminOnDebianUbuntu: User and Group Administration on Debian and Ubuntu
# - This document is free text: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# - This document is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# - You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#-- 1.1. Add a new user jdoe and create home folder
sudo useradd -d /home/jdoe -m jdoe
#
#-- 1.2. Change user's password
sudo passwd jdoe
#
#-- 1.3. Delete a user
sudo userdel jdoe
# remove home directory too
sudo userdel -r jdoe
#-- 2.1. /etc/passwd file
exforge:x:1000:1000:Exforge,,,:/home/exforge:/bin/bash
username:pw:UID:GID:Name,Surname,XX:homefolder:shell
#
#-- 2.2. /etc/shadow file
# Passwords are stored as hashed in shadow file
# exforge:$6$z09H4l.6$h....A/tDL0:18221:0:99999:7:::
# username:pwHash:DatesSinceLastPwChange:MinDaysToChangePw:
# MaxDaysToChangePw:DaysBeforeUserWarnedToChangePw:
# DaysToPwExpire:DaysToUserDisable
#
#-- 2.3. User pw information extracted from /etc/shadow
sudo passwd -S username
#
#-- 2.4. Default contents for home folders:
# Contents of /etc/skel folder is distributed to created user's home directory
#-- 3.1. root account is locked by default in Ubuntu. It is optional in
# Debian.
# To give a pw to (and unlock) root
sudo passwd
#
#-- 3.2. switch to root account without unlocking it
sudo -i
#
#-- 3.3. switch to another user (if you know pw)
su - username
#
#-- 3.4. switch to another user (if you don't know pw)
sudo su - username
#-- 4.1. Create a text file for users
touch users.txt
#
#-- 4.2. Change the permissions of the file
chmod 600 users.txt
#
#-- 4.3. Add users information to the file
nano users.txt
user1:password:::User1:/home/user1:/bin/bash
user2:password:::User2:/home/user2:/bin/bash
user3:password:::User3:/home/user3:/bin/bash
#username:passwd:uid:gid:full name:home_dir:shell
#
#-- 4.4. Process file to add users
sudo newusers users.txt
# You can check users from /etc/passwd
#
#-- 4.5. It is a good idea to change passwords of the users
sudo passwd user1
#-- 5.1. List of groups
groups
# or
cat /etc/group
# it is similar to /etc/password
#
#-- 5.2. Add a new group
sudo groupadd admins
#
#-- 5.3. Delete a group
sudo groupdel admins
#
#-- 5.4. List members of a group
getent group groupname
#
#-- 5.5. Add a user to a group
# -a append new group to groups of user
# -G as a secondary group
sudo usermod -aG admins myuser
sudo usermod -a -G admins myuser
# or
sudo gpasswd -a <username> <group>
#
#-- 5.6. Change users primary group
sudo usermod -g admins myuser
#
#-- 5.7. Remove user from a group
sudo gpasswd -d <username> <grouptoremove>
#-- 6.1. Change username
# First change home directory
sudo usermod -d /home/jsmith -m jdoe
# Then change username
sudo usermod -l jsmith jdoe
#
#-- 6.2. Lock a user
sudo passwd -l <username>
#
#-- 6.3. unlock
sudo passwd -u <username>
#
#-- 6.4. Password expiration info
sudo chage -l <username>
#
# Members of sudo group can use sudo command
#-- 7.1. Configuration of sudo group members
sudo visudo
%sudo ALL=(ALL:ALL) ALL
# sudo group members
# can use sudo from any terminal
# can use sudo to impersonate any user
# can use sudo to impersonate any group
# can use sudo for any command
charlie ubuntu-server=(dscully:admins) /usr/bin/apt
# user charlie,
# can only use sudo on ubuntu_server
# can only impersonate dscully user
# can only impersonate admins group
# can only run /usr/bin/apt
#
# For a user to sudo without passwd
ansible ALL=(ALL) NOPASSWD: ALL
#
#-- 7.2. List granted sudo privileges
sudo -l