Alternative

Create a user in Ubuntu 18.04 Linux

Date: 09.02.2020

Author: Patrick Rottländer

In this Article Create a user in Ubuntu 18.04 Linux is described. User management is a very critical part in the security of your system. In this article I show how a user will be created as a normal user with low privileges and then added to sudo to allow this user perform root tasks as an admin.

This article can also be read in pdf format.

A user can be created in ubuntu Linux with the command useradd or adduser.

I use adduser because with this perl script, in addition to creating the user in /etc/passwd and creating a dedicated user group in /etc/group, the home directory in /home is also created and default files are copied from /etc/skel if necessary.

As root run the command adduser mynewuser.

:# adduser mynewuser

Benutzer »mynewuser« wird hinzugefügt …
Neue Gruppe »mynewuser« (1001) wird hinzugefügt …
Neuer Benutzer »mynewuser« (1001) mit Gruppe »mynewuser« wird hinzugefügt …
Persönliche Ordner »/home/mynewuser« wird erstellt …
Dateien werden von »/etc/skel« kopiert …
Geben Sie ein neues UNIX-Passwort ein:
Geben Sie das neue UNIX-Passwort erneut ein:
passwd: password updated successfully
Changing the user information for mynewuser
Enter the new value, or press ENTER for the default
    Full Name []: Tech User
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []: This user is only for tech
Ist diese Information richtig? [J/N] J

This create a user in /etc/passwd, create the user group in /etc/group and the home dirrectors in /home

:# grep mynewuser /etc/passwd

mynewuser:x:1001:1001:Tech User,,,,This user is only for tech:/home/mynewuser:/bin/bash


:# ls -l /home
drwxr-xr-x 2 mynewuser mynewuser 4096 Jan 23 05:31 mynewuser

:# cat /etc/group
....
....
mynewuser:x:1001:

The last entry in the /etc/passwd specifies the shell of the new user. With the newly created user, the bash shell is used, which is completely ok for me. However, if there is a need to change the user's shell, this can be done with the command usermod --shell.

:# ls -l /etc/shells

# /etc/shells: valid login shells
/bin/sh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/screen
/bin/tcsh
/usr/bin/tcsh

:# usermod --shell /bin/sh mynewuser

:# grep mynewuser /etc/passwd

mynewuser:x:1001:1001:Tech User,,,,This user is only for tech:/home/mynewuser:/bin/sh

This newly created user can create files in his home directory and access files. However, it cannot copy files to directories owned by root.

:# nano testfile
:# ls -l
insgesamt 4
-rw-rw-r-- 1 mynewuser mynewuser 24 Jan 23 06:20 testfile

:# cp testfile /etc/nginx/sites-available/testfile
cp: reguläre Datei '/etc/nginx/sites-available/testfile' kann nicht angelegt werden: Keine Berechtigung

:# sudo cp testfile /etc/nginx/sites-available/testfile
[sudo] Passwort für mynewuser:
mynewuser ist nicht in der sudoers-Datei. Dieser Vorfall wird gemeldet.

Sudo allows the admin of the system to give certain other users on the system (or groups of users) the ability to run some (or all) commands as root.

In my sudo configuration it is already preconfigured that all users in the sudo group can execute all commands. please note the corresponding entry in the sudo file %sudo ALL=(ALL:ALL) ALL.

:# cat /etc/sudoers

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo    ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

To make the new user a member of the sudo group, the following command must be executed.

:# sudo usermod -a -G sudo mynewuser