Hermit Notebook

Memo of basic user management commands on Debian

Memo of basic user management commands on Debian

Reminder: you can left-scroll and right-scroll the long code blocks

Create users and groups

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# create group "bar"
sudo groupadd bar

# create system group "bar"
groupadd -r bar

# create user "foo" with a home dir
sudo useradd -m foo \
&& sudo passwd foo

# create user "foo" with default settings from
# /etc/default/useradd
sudo useradd foo \
&& sudo passwd foo

# create user "foo" with "bar" as its primary group
# and to also belong groups "docker" and "sudo"
sudo useradd -g bar -G docker,sudo foo

# creat user "foo" with shell "zsh"
sudo useradd -s /usr/bin/zsh foo

# create user "foo" with a description
sudo useradd -c "Account for a fool" foo

# create user "foo" with a pwd that expires
sudo useradd -e 2050-01-31 foo

# check the expiry date of the pwd of user "foo"
sudo chage -l foo

# create "foo" as a system user
sudo useradd -r foo

Find a user’s UID and GID

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# get the UID of user "foo"
id -u foo
# get the UID of the current user
id -u "$USER"

# get the GID of user "foo"
id -g foo
# get the GID of the current user
id -g "$USER"

# get all groups associated with user "foo"
id -G foo
# get all groups associated with the current user
id -G "$USER"

# get all informations at once for user "foo"
id foo
# get all informations at once for the current user
id "$USER"

Assign to a user a given UID

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# create group "bar" with GID 3000
groupadd -g 3000 bar

# create user "foo" with UID 2000 and GID 3000
# -m : create home
# -s : shell
useradd foo -u 2000 -g 3000 -m -s /bin/bash

# assign GID 3000 to group "bar"
groupmod -g 3000 bar

# assign UID 2000 to user "foo"
usermod -u 2000 foo

# assign UID and GID to user "foo"
usermod -u 2000 -g 3000 foo

Password management

Notes: most password operations affect the /etc/passwd and/or the /etc/shadow files (and also etc/group and /etc/gshadow).

  • /etc/shadow stores the hashed passphrases (with additional properties).
  • /etc/passwd keeps track of every registered user that has access to the system.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# change the password of the current user (interactive)
passwd

# change the password of user "foo" (interactive)
sudo passwd foo

# change the pwd of the root user
sudo passwd

# force a user "foo" to change its pwd at next login
sudo passwd --expire foo

# change or set a password for group "bar"
passwd -g bar

# lock user "foo"
# -l : lock
# -e : expire
sudo passwd -l -e foo

# unlock user "foo"
sudo passwd -u foo

# remove password of group "bar"
passwd -g -r bar

Access right management

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# set user "foo" of group "bar" as the owner of file "baz"
sudo chown foo:bar baz

# recursively set user "foo" of group "bar" as the owner of directory "baz"
sudo chown -R foo:bar baz

# give permissions on file "bar":
# user: read, write and execute access
# groups (to which the user belongs): read and execute
# others: read only
sudo chmod u=rwx,g=rx,o=r bar

# add write access for the groups of the owner to file "bar"
sudo chmod g+r bar

# remove read access for "others" to file "bar"
sudo chmod o-r bar

# recursively set permissions on directory "bar"
sudo chmod -R u=rwx,g=rx,o=r bar

# add read access for "all" on file "bar"
sudo chmod a+r bar

Interactives commands (adduser and addgroup)

1
2
3
4
5
6
7
8
9
10
# create group "bar"
sudo addgroup bar

# create user "foo"
sudo adduser foo
sudo passwd -e foo

# create user "foo" with its primary group as "bar"
sudo adduser foo bar
sudo passwd -e foo

Leave a comment ✍️ and a “Like” ❤️ if you found this post useful 😉

Thanks for reading !

See you soon !

Keep learning !

Contents

  1. 1. Create users and groups
  2. 2. Find a user’s UID and GID
  3. 3. Assign to a user a given UID
  4. 4. Password management
  5. 5. Access right management
  6. 6. Interactives commands (adduser and addgroup)