Thursday, March 21, 2019

How to Add a New User in Linux

Whether you're administering a system with multiple users, or you're just tired of using the user pi on your Raspberry Pi, being able to create a new user from the Linux command line is a handy thing to know how to do.  It is also relatively simple.

There are two commands that are typically used to create a new user: useradd and adduseruseradd is a low-level command that, when used without any options, will do nothing but create the user.  adduser is a script that utilizes the useradd command, but also prompts you for other information, and completes some basic tasks, such as creating a home directory and setting the password.

It is often advised to use the adduser command over useradd, to avoid leaving out any important steps in user creation, but I believe that both commands can be useful depending on the circumstance.  Therefore, I will first give an example of how to use the more user-friendly adduser, and then follow that with common uses for useradd.

Creating a New User With adduser


The adduser command is very simple and easy to use.  If you are new to Linux, or unsure exactly what needs to be done in order to set up a new user I highly recommend sticking with adduser instead of useradd.

In order to execute adduser, you must be logged in as root, or a user with root privileges, in which case you must precede the command with sudo.  You will then follow the command with the name of the user you would like to create.  In the example below we are creating a user named hiro.

sudo adduser hiro

Once you execute this command you will first see that a few tasks have been accomplished, and then you will be presented with a series of questions, starting with the password for the new user.  The password must be entered twice to eliminate the chance of typos.  None of the requested information after the password is required, and may be left blank if unneeded.



And that's it, we have now created the user hiro and given him a password.  I told you it was easy.  Before I show you how to take the new user for a test run, I would like to show you one more thing.

By default the new user will not have root privileges, which means that there are lots of things he won't be able to do, and lots of files he won't be able to access.  If this is desirable then leave the new user as is.  However, if you would like to give the new user root privileges, you just need to add them to the group sudo.

To add a user to the group sudo (or any group), you can use the usermod command along with the -aG options for "append Group".  You will need to do this as root, or with an account that has root permissions as shown below.

sudo usermod -aG sudo hiro

Once you have added the new user to the sudo group, you should switch over to the new user and try out the newly granted root privileges to make sure everything works as it should.  To switch users, use the command su followed by the name of the user whose account you are trying to access.  You will then need to enter their password.

su hiro

In order to test the root privileges you can run any command that requires root privileges preceded by sudo.  In the example below I have chosen to list the files in the /root directory, a task which is not allowed to normal users.

sudo ls -a /root

If it works, you know the new user has successfully been granted root privilege.  Congratulations!

The final thing I have shown you in the graphic below is that the adduser command has conveniently created a home directory for our new user, and that if you go there and use ls -a, you can see that it has also created skeleton files, which are basic configuration files copied into the home directory when a new user is created.  This would not have been automatically done if we had used the useradd command.





Creating a New User With useradd


As I mentioned earlier, useradd is a low-level command.  It doesn't have all the bells and whistles of adduser, but one thing it does have is ubiquity.  While adduser is common to many systems, you may run into systems that do not have the adduser command available, such as SuSe and Arch Linux.  useradd, however, will be available on just about every *nix system you will ever encounter.

In addition, useradd doesn't prompt you for information, and instead relies on you to use options with the command to specify exactly how you would like a given user to be created.  Because of this, useradd is a better option to use in scripts, or for an experienced system administrator who knows exactly how he wants each user fine tuned.

General options to use when creating new users can typically be found in the file /etc/default/useradd, but these settings will differ from system to system, so I am not going to make any assumptions when I run my command, and will specify everything with options.

Also, since useradd doesn't promt you for information, it will not prompt you for a password.  One can use the option -p to include the password in the useradd command, but that is not considered secure because it adds the password to the command history in plain text.  Therefore the preferred way to create the password is using the passwd command, followed by the name of the new user.

In the example below I will create another user named raven, with the same characteristics as in the example above, only this time I will use useradd.  I will need to include several options in order make sure all the tasks are completed in the same way they are when using adduser.  Here are the options:

-m create a home directory for the user
-k copy the skeleton files from /etc/skel to the new user's home directory
-U create a group with the same name as the user and assign the user to that group
-G assign the user to additional groups (we will use this for the sudo group to give raven root privilege)
-s set the default shell for this user
-c allows a comment, such as the user's real name or phone number

So here are the commands:

sudo useradd -mkU -G sudo -s /bin/bash -c "Raven,,555-867-5305," raven
sudo passwd raven

Now we have done everything we did earlier with adduser for the new user raven.  It may look a little more complex, but on the other hand, it was a lot quicker, and we skipped all the prompting for information.  All the user information is stored in the file /etc/passwd, so if we want to compare our two new users all we need to do is grep that file for the user names.

grep 'hiro\|raven' /etc/passwd

The below graphic shows the screenshot of creating the user, followed by the output of the above grep command.  It finishes by switching users and proving that the new user raven does indeed have root privilege.



And that's it.  As always, if you want to see additional options related to either of these commands you can check out their respective man pages, but this should be more than enough for everyday use.  If you have any questions please leave them below in the comments.


EDIT: One thing to note, especially if you are administering a headless server, is that just because you have an SSH server running under one user, does not mean that you will be able to SSH into the machine under any other user; you must turn on the ssh server for each individual user that you want to have remote access.  In order to turn on the SSH server for a new user, log in under a user that does have ssh access, use su to switch the the new user, and then use sudo systemctl enable ssh to enable the Openssh server for the new user.

No comments:

Post a Comment