Adding and removing users on a Linux system is one of the essential system administration tasks to familiarize yourself with. When you create a new system, you are often only given access to the root
account by default.
While running as the root
user gives you complete control over a system and its users, it is also dangerous and possibly destructive. It’s better to add an unprivileged user for everyday system administration tasks and carry out those tasks without root
privileges. You can also create additional unprivileged accounts for any other users you may have on your system. Each user on a system should have a separate account.
There is a tool installed on Ubuntu systems for tasks requiring administrator privileges called sudo
. Briefly, sudo
allows you to run a command as another user, including users with administrative privileges. This guide will teach you how to create user accounts, assign sudo
privileges, and delete users.
Prerequisites
- System running Ubuntu
- Access Terminal Command line
- sudo or root privileges on local or remote machines
Adding a User
First of all, you can add a new user. Run the following command:
#! /bin/bash
sudo adduser <New User>
Either way, you will be required to respond to a series of questions:
- Assign and confirm a password for the new user.
- Enter any additional information about the new user. This is optional and can be skipped by pressing
ENTER
if you don’t wish to utilize these fields. - Finally, you’ll be asked to confirm that the information you provided was correct. Press
Y
to continue.
Your new user is now ready for use and can be logged into with the password you entered.
If you need your new user to have administrative privileges, continue to the next section.
Granting a User Sudo Privileges
If your new user should have the ability to execute commands with root (administrative) privileges, you will need to give the unique user access to sudo
. Let’s examine two approaches to this task: first, adding the user to a pre-defined sudo user group, and second, specifying privileges on a per-user basis in sudo’s configuration.
By default, sudo on Ubuntu systems is configured to extend full privileges to any user in the sudo group.
You can view what groups your new user is in with the groups
command:
#! /bin/bash
sudo groups <New User>
#! Output
<New User> : <New User>
By default, a new user is only in their group because the adduser creates this in addition to the user profile. A user and its group share the same name. To add the user to a new group, you can use the usermod
command:
#! /bin/bash
usermod -aG sudo <New User>
The -aG option tells usermod to add the user to the listed groups.
Please note that the usermod command itself requires sudo privileges. This means that you can only add users to the sudo group if you’re signed in as the root user or as another user that has already been added as a member of the sudo group. In the latter case, you will have to precede this command with sudo, as in this example:
#! /bin/bash
sudo usermod -aG sudo <New User>
Specifying Explicit User Privileges in /etc/sudoers
As an alternative to putting your user in the sudo group, you can use the visudo command, which opens a configuration file called /etc/sudoers in the system’s default editor, and explicitly specify privileges on a per-user basis.
Using visudo is the only recommended way to make changes to /etc/sudoers because it locks the file against multiple simultaneous edits and performs a validation check on its contents before overwriting the file. This helps prevent a situation where you misconfigure
sudo and cannot fix the problem because you have lost sudo privileges.
Run the following command:
#! /bin/bash
sudo visudo
Traditionally, visudo
opened /etc/sudoers
in the vi
editor, which can confuse inexperienced users. On new Ubuntu installations, visudo
will use the nano
text editor, providing a more convenient and accessible text editing experience. Use the arrow keys to move the cursor, and search for the line that reads like the following:
#! /etc/sudoers
root ALL=(ALL:ALL) ALL
Below this line, add the following highlighted line. Be sure to change newuser to the name of the user profile that you would like to grant sudo privileges:
#! /etc/sudoers
root ALL=(ALL:ALL) ALL
<New User> ALL=(ALL:ALL) ALL
Add a new line like this for each user that should be given full sudo privileges. When you’re finished, save and close the file by pressing CTRL + X, followed by Y, and then ENTER to confirm.
Testing Your User’s Sudo Privileges
Now your new user can execute commands with administrative privileges.
When signed in as the new user, you can execute commands as your regular user by typing commands as usual:
#! /bin/bash
<Any Command>
You can execute the same command with administrative privileges by typing sudo ahead of the command:
#! /bin/bash
sudo <Any Command>
When doing this, you will be prompted to enter the password of the regular user account you signed in to.
Deleting a User
If you no longer need a user, it’s best to delete the old account.
You can delete the user itself without deleting any of their files. Run the following command:
#! /bin/bash
sudo deluser <Delete User>
If, instead, you want to delete the user’s home directory when the user is deleted. Run the following command:
#! /bin/bash
sudo deluser --remove-home <Delete User>
If you previously configured sudo privileges for the user, you deleted. Run the following command:
#! /bin/bash
sudo visudo
#! /etc/sudoers
root ALL=(ALL:ALL) ALL
<Delete User> ALL=(ALL:ALL) ALL # Delete This Line
Thank you for reading this blog.
Top comments (0)