Creating and removing users
Creating users in Ubuntu can be done with one of either of two commands: adduser and useradd. This can be a little confusing at first, because both of these commands do the same thing (in different ways) and are named very similarly. I'll go over the useradd command first and then I'll explain how adduser differs. You may even prefer the latter, but we'll get to that in a moment.
First, here's an example of the useradd command in action:
# useradd -d /home/jdoe -m jdoe
Note
As I mentioned in the front matter for this book, whenever I prefix commands with a pound symbol (#), I'm instructing you to execute the command as root. You can use the actual root account for these types of commands or you can simply prefix the command with sudo. In the latter case, the command would become:
# sudo useradd -d /home/jdoe -m jdoe
I won't remind you of this henceforth, so just keep in mind commands prefixed with # need to be executed as root or with the prefix sudo.
In this example, I'm creating a user named jdoe. With the -d flag, I'm clarifying that I would like a home directory created for this user, and following the flag I called out /home/jdoe as the user's home directory. The -m flag tells the system that I would like the home directory created during the process; otherwise, I would've had to create the directory myself. Finally, I called out the username for my new user.
If you list the storage of /home, you should see a folder listed there for our new user:
ls -l /home
Listing the contents of /home after our first user was created
What about creating our user's password? We created a new user on our system, but we did not set a password. We weren't even asked for one—what gives? To create a password for the user, we can use the passwd command. The passwd command defaults to allowing you to change the password for the user you're currently logged in as, but it also allows you to set a password for any other user if you run it as root or with sudo. If you enter passwd by itself, the command will first ask you for your current password, then your new password, and then it will ask you to confirm your new password again. If you prefix the command with sudo and then specify a different user account, you can set the password for any user you wish. An example of the output of this process is as follows:
root@ubuntu-server:~# passwd jdoe Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Note
You won't see any asterisks or any kind of output as you type a password while using the passwd command. This is normal. Although you won't see any visual indication of input, your input is being recognized.
Now we have a new user and we were able to set a password for that user. The jdoe user will now be able to access the system with the password we've chosen.
Earlier, I mentioned the adduser command as another way of creating a user. The difference (and convenience) of this command should become apparent immediately once you use it. Go ahead and give it a try; execute adduser along with a username for a user you wish to create. An example of a run of this process is as follows:
root@ubuntu-server:~# adduser dscully Adding user `dscully' ... Adding new group `dscully' (1006) ... Adding new user `dscully' (1006) with group `dscully' ... Creating home directory `/home/dscully' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for dscully Enter the new value, or press ENTER for the default Full Name []: Dana Scully Room Number []: 405 Work Phone []: 555-412-5555 Home Phone []: 412-555-5555 Other []: Trust no one Is the information correct? [Y/n] y
In the process above, I executed adduser dscully and then I was asked a series of questions regarding how I wanted the user to be created. I was asked for the password (twice), Full Name, Room Number, Work Phone and Home Phone. In the Other field, I entered the comment Trust no one, which is a great mindset to adopt while managing users. In the example output, I bolded sections where I was asked to type input. The latter prompts prior to the final confirmation were all optional. I didn't have to enter a Full Name, Room Number, and so on. I could've pressed Enter to skip those prompts if I wanted to. The only thing that's really required is the username and the password.
From the output, we can see that the adduser command performed quite a bit of work for us. The command defaulted to using /home/dscully as the home directory, the account was given the next available User ID (UID) and Group ID (GID) of 1006, and it also copied files from /etc/skel into our new user's home directory. In fact, both the adduser and useradd commands copy files from /etc/skel, but adduser is more verbose regarding the actions it performs.
Note
Don't worry if you don't understand UID, GID, and /etc/skel yet. We'll work through those concepts soon.
In a nutshell, the adduser command is much more convenient in the sense that it prompts you for various options while it creates the user without requiring you to memorize command line options. It also gives you detailed information about what it has done. At this point, you may be wondering why someone would want to use useradd at all, considering how much more convenient adduser seems to be. Unfortunately, adduser is not available on all distributions of Linux. It's best to familiarize yourself with useradd in case you find yourself on a Linux system that's not using Ubuntu.
It may be interesting for you to see what exactly the adduser command actually is. It's not even a binary program—it's a shell script. A shell script is simply a text file that can be executed as a program. In the case of adduser, it's a script written in Perl. Since it's not binary, you can even open it in a text editor in order to view all the magic code that it executes behind the scenes. However, make sure you don't open the file in a text editor with root privileges, so you don't accidentally save changes to the file and break it. The following command will open adduser in a text editor on an Ubuntu Server system:
nano /usr/sbin/adduser
Use your up/down arrows as well as Page Up and Page Down keys to scroll through the file. When you're finished, press Ctrl + X on your keyboard to exit the text editor.
Note
Those of you with keen eyes will likely notice that the adduser script is calling useradd to perform its actual work. So either way, you're using useradd either directly or indirectly.
Now that we know how to create users, it will be useful to understand how to remove them as well. After all, removing access is very important when a user no longer needs to access a system, as unmanaged accounts often become a security risk. To remove a user account, we'll use the userdel command.
Before removing an account, though, there is one very important question you should ask yourself. Will you still need access to the user's files? Most companies have retention policies in place that detail what should happen to a user's data when he or she leaves the organization. Sometimes, these files are copied into an archive for long-term storage. Often, a manager, co-worker, or new hire will need access to the former user's files to continue working on a project where they left off. It's important to understand this policy ahead of managing users. If you don't have a policy in place that outlines retention requirements for files when users resign, you should probably work with your management and create one.
By default, the userdel command does not remove the contents of the user's home directory. If we use the following command to remove dscully from the system:
# userdel dscully
We'll see that dscully's home directory still exists and is intact:
ls /home
The home directory for user dscully still exists, even though we removed the user
With the home directory for dscully still existing, we're able to move the contents of this directory anywhere we would like to. If we had a directory called /store/file_archive, for example, we can easily move the files there:
# mv /home/dscully /store/file_archive
Of course, it's up to you to create the directory where your long-term storage will ultimately reside, but you get the idea.
Note
If you weren't already aware, you can create a new directory with the mkdir command. You can create a directory within any other directory your logged-in user has access to. The following command will create the file_archive directory I mentioned in my example:
# mkdir -p /store/file_archive
The -p flag simply creates the parent directory if it didn't already exist.
If you do actually want to remove a user's home directory at the same time you removed an account, just add the -r parameter. This will eliminate the user and their data in one shot.
# userdel -r dscully
To remove the home directory for the user after the account was already removed (if you didn't use the -r parameter the first time), use the rm -r command to get rid of it, as you would any other directory:
# rm -r /home/dscully
Note
It probably goes without saying, but the rm command can be extremely dangerous. If you're logged in as root or using sudo while using rm, you can easily destroy your entire installed system if you're not careful. For example, the following command (while seemingly innocent at first glance) will likely completely destroy your entire file system:
# rm -r / home/dscully
Notice the typo: I accidentally typed a space after the first forward slash. I literally accidentally told my system to remove the contents of the entire file system. If that command was executed, the server probably wouldn't even boot the next time we attempt to start it. All user and program data would be wiped out. If there was ever any single reason for us to be protective over the root account, the rm command is certainly it!