Introduction
Managing user and groups in Linux is an essential administrative task. We will cover the manual method to create a new user and add that user to a group. Also, remove that user in a multi step process. Finally, we will cover selective tasks concerning Groups.
There is a separate article concerning adding the same user to multiple server using Ansible. We will not duplicate that information here.
Creating a User Account
First, get a list of all users on the host.
sudo cat /etc/passwdNow, create a new user called mark.
sudo adduser markRemoving a User Account
If we want to fully remove a user we will need to follow several steps. Also, the user’s files on other remote systems will need to be manually searched for and removed or have the ownership changed.
You can not remove an account if the user is currently logged in. This is because the user will have existing running processes.
Lock the user’s account, so they can not login.
sudo password -l markBackup the user’s account data.
sudo tar -zcvf /nas/backups/accounts/removed/mark_011225.tar.gz /home/mark/See if the user has any running processes and kill them.
sudo ps -u usernamesudo killall -9 -u usernameRemove the user’s crontab jobs.
sudo crontab -r -u usernameIf necessary, cancel any running print jobs. (Linux print remove).
sudo lprm -U usernameAssign Mark’s files to another user named Tom.
sudo find / -user mark -exec chown tom:tom {} \;-exec = execute script.
chown tom:tom = Change ownership to tom.
{} = for each file that is found
\ = Terminate script when done.
Since we will be deleting the home and mail spool directories, and we have already made a backup, we do not need or want to search those directories by changing the file permissions right now. This will prevent us from deleting them and lead to orphan files. So we will modify the above command to exclude those. We only want to change ownership for files outside of those two directories.
sudo find / -user mark ( -path /home -o -path /var/spool/mail/mark ) -prune -o -exec chown tom:tom {} \;-p = path to exclude
-prune = Do not search specified path.
-o = OR
Finally, remove the user’s account. Some users like to use the deluser command and some like to use the older userdel command. They do essentially the same thing. I am using deluser, as it is a higher level command and also deletes the user’s /home directory and mail spool.
sudo deluser --remove-home mark–remove-home = removes /home and /var/spool/mail.
–remove-all-files = removes /home,/var/spool/mail, and attempts removal of all other files.
Lastly, check to verify there are no remaining files assigned to the user.
sudo find / -user mark -group markCreate a Group
Lets create a group called analyst.
sudo addgroup analystAdd User to a Group
Let’s add the new user mark to the analyst group. NOTE: You must be a member of a group before you can add others to the same group.
sudo usermod -aG analyst mark-a = Append
-G = Group
NOTE: For centOS systems, need to run the command ‘$ usermod -aG wheel <user>’
Review Group Memberships
Lets see who is in the group analyst and see what groups the user ‘mark’ is in.
sudo cat /etc/group | grep analystsudo groups markRemove a User from Group
We can remove the user mark from the analyst group. The command is not as clean as adding a user. It is not obvious that these are group commands. You can use either of the two below commands.
sudo deluser mark analyst sudo gpasswd -d mark analyst-d = delete user from group.
Change a File’s Group Permissions
Next, lets change ownership of a file to the group ‘analyst’. Although there are other methods, I prefer the one shown below, as it is more granular. After you change a file’s group permissions, users will not be able to access the file until they log off and back on again.
chown sudo:analyst /home/mark/sample.txtRef. https://linuxize.com/post/how-to-add-and-delete-users-on-ubuntu-18-04/
Ref. https://www.digitalocean.com/community/tutorials/how-to-add-and-delete-users-on-an-ubuntu-14-04-vps
