Back to basics Part 2 – Managing Users on a Debian base system
In part 1 of this little series we did some updating via CLI. Now, we will once again take a look at how to manage things via the terminal; like how to create and delete users, as well as set/change user passwords.
With that said, I'm focusing this article on users who are running a distribution that is based on Debian, such as Ubuntu, Linux Mint (Based on Ubuntu, but still applicable), etc. The reason for this, is that most users who are brand new to the GNU/Linux world will likely be running one of these systems.
Generally speaking, most people I know tend to only have one user on their computer, and if the computer is shared, people just don't save anything sensitive. However, having multiple users is handy for organization and privacy (kids accounts, business account / home account, etc.)
It's rather easy with most modern distros to add a new user via graphical tools; but I'd say it takes longer to do it that way than with the command line. One command, enter the password, enter the password again, bam, done.
Creating and deleting users with adduser/deluser
If you’re running a distribution based off Debian (Ubuntu/Mint etc) you’re in luck when it comes to user management. Thankfully, there are two scripts that make this task exceptionally quick and painless, and require little more know-how than how to use sudo.
sudo adduser USERNAME
This command is basically a one-and-done command for adding someone new to your GNU/Linux system, creating the user, their home directory tree (/home/mike/Documents/ etc), as well as a new system group, and password. Running the script in this basic way, will also ask for a bunch of other info such as full name etc, you can just leave it all blank if you so choose.
However, there is an option that is poorly explained in the man page for adduser, that allows us to skip all of the information like address, phone number etc. Personally, I recommend leaving 'Full name' out of the line below, because some login screens show the users full name, and if no information is given it can show 'Full Name' instead of the name. Even if you don't want to put your own name in, I highly recommend using the name of your favourite TV / Movie character. However, the command to remove all the extra questions, save password, is:
sudo adduser --gecos "Full name,Room number,Work phone,Home phone" USERNAME
Deleting a user is just as simple,
sudo deluser USERNAME
However, doing this does not actually delete the files left behind by that user. The man pages, say,
"By default, deluser will remove the user without removing the home directory, the mail spool or any other files on the system owned by the user. Removing the home directory and mail spool can be achieved using the --remove-home option.
The --remove-all-files option removes all files on the system owned by the user. Note that if you activate both options --remove-home will have no effect because all files including the home directory and mail spool are already covered by the --remove-all-files option."
So, with that said, if you want to actually clear off the user and the things left behind, you'll need to change your options used slightly to whichever end you desire.
Last thoughts
It's rather nice, the inclusion of adduser into Debian based systems, as it really simplifies the process. Granted, using useradd, the command used on most other systems, isn't complicated by any stretch of the imagination, but at least new users can dip their feet into the command line a little more with the ease of scripts like adduser.
Now you: Do you use adduser, or do you prefer useradd? Does the idea of adding new users to your computer from the command line sound quick and easy compared to a GUI, or daunting? Let me know in the comments!
Related articles
- Add a user-configurable menu to your Linux desktop with 9menu
- Back to Basics Part 3. Installing Third-Party Software in Linux Mint Cinnamon
- Migrate users from one Linux machine to another
- User switching in the Linux desktop
No problem with using the CLI, but I find using the Users/Groups Utility in Linux Mint, and presumably other distros, to be much easier.
My biggest problem with the CLI is entering a wrong command, which I have. As for adding a user that has not been needed yet. Did run accross a few short articles about isolating programs by adding them to a user account without internet access, this sounds like a very good idea.
I set things up so that when I double click on an .exe, it switches to a user called wine, which is not allowed to read/write to files in this home directory or communicate over the Internet. This is how I play games; also using a VGA pass-through virtual machine which is likewise not allowed to connect to the Internet. Some of you would call me crazy or paranoid for doing this, but I’m actually not! Today’s software developers have a tendency to touch things that they have no business screwing with, and compartmentalization helps to defend against this. How sad is it that you need to take steps to protect yourself from software that you paid for?
https://www.rockpapershotgun.com/2018/02/19/flight-sim-group-put-malware-in-a-jet-and-called-it-drm/
http://pissedoffadmins.com/general/usrsbingrub2-bios-setup-warning-sector-32-is-already-in-use-by-the-program-flexnet-avoiding-it-this-software-may-cause-boot-or-other-problems-in-future-please-ask-its-authors-not-to-store.html
It’s also a part of why I don’t want Linux to get popular. As soon as it does, vendors will start targeting *us* with things like the examples outlined above.
@Kevin: “It’s also a part of why I don’t want Linux to get popular”
I’ve been saying this for years. I don’t want to see Linux become a “mainstream” OS, because I’ve seen what becoming mainstream does to an operating system.
Already, we’re seeing an uncomfortable amount of that sort of thing creep in (systemd, for instance).
Annoyingly the Linux terminal doesn not give users any visual feedback when a password is typed. Fortunately there is a tweak to show asterisks when a user types in his/her password:
Run this command in a terminal:
sudo visudo
Look for the line that looks like this:
Defaults env_reset
and change it to:
Defaults env_reset,pwfeedback
Ctrl+X to finish editing, Y to save changes, and Enter to exit (Ubuntu etc.). Other Linux distros may have different commands.
Source:
https://lifehacker.com/make-password-asterisks-visible-in-your-linux-terminal-1183533223
visudo? visudo edits the sudoers file in a safe fashion. It locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.
More information:
https://www.unixtutorial.org/2014/07/how-to-use-visudo/
https://www.sudo.ws/man/1.8.13/visudo.man.html
This is not recommended, especially not for newcomers. In case of an issue, users might seek help on forums, and when asked for terminal output of a command or a few (which often require elevated privileges), they could reveal the exact number of their passwords’ characters, which is a security risk.
Visual feedback is really not that big of a deal. Most of us get used to the default setting (which is the way it is for a reason).
Not even showing asterisks when typing the password is intentional, for security.
The fact that people find security annoying is sadly the reason for so many vulnerabilities and breaches…
This. Although there is ongoing (and sometimes lively!) debate in the security community about whether or not this is an effective enough security mechanism to be worth it. It only protects against two things — shoulder surfers (and it’s weak protection against them at best), and screen-scrapers (which are pretty rare, considering that an attacker who has enough access to install one also has enough access to install a keylogger).
That said, I prefer to have passwords echo nothing, not even asterisks, myself.