One of the most fundamental tasks in Linux system administration is to add or remove users. Here you will learn how to manage users on Ubuntu 18.04. When you initially set up a new system, you typically have access only to the powerful root account.
The root user offers extensive system control, but its power can lead to accidental or intentional damage. It’s safer to work with unprivileged user accounts for most system administration tasks. You can also create separate accounts for other users. To perform administrative tasks, use the sudo command, which allows you to execute commands with elevated privileges.
This guide will teach you how to create user accounts, grant them sudo privileges, and remove users from the system.
Prerequisites
To follow this tutorial, you’ll need access to a server running the Ubuntu 18.04 operating system. Ensure that you have root privileges on the server and that the firewall is enabled. You can get Ubuntu on a hosted virtual machine in seconds with LifeinCloud instances.
If you haven’t already set this up, please refer to our comprehensive ‘Initial Server Setup Guide for Ubuntu 18.04’ for detailed instructions.
How to add a user
While logged in as the root user, you have the ability to create new user accounts by executing the following command:
adduser newuser
If you are currently logged in as a non-root user who has been granted sudo privileges, you can create a new user account by executing the following command:
sudo adduser newuser
The system will guide you through a series of prompts:
- Assign and confirm a password for the new user.
- Enter any optional additional information about the user. You can skip this step by pressing
Enter. - Confirm the accuracy of the entered information by pressing
Y.
After confirming, the new user account will be ready for use, and you can log in using the specified password.
If you need your new user to have administrative privileges, continue on to the next section.
Granting sudo privileges to a user
If your new user requires the ability to execute commands with root privileges, you must provide them with sudo access. This tutorial will cover two approaches: adding the user to the pre-defined sudo group, which grants broad administrative privileges, and configuring sudo on a per-user basis for more granular control.
Adding the user to the sudo group
In Ubuntu 18.04, the sudo configuration is set up to automatically grant full administrative privileges to any user who is a member of the sudo group.
To determine the groups your newly created user is associated with, you can utilize the groups command:
groups newuser
Output
newuser : newuser
When you create a new user with adduser, a group with the same name as the user is also automatically created. By default, the user is only a member of this associated group.
To add the user to an existing group or create a new group membership, utilize the usermod command.
usermod -aG sudo newuser
The -aG option, when used with the usermod command, instructs the system to add the specified user to the listed groups. It’s important to note that the usermod command itself requires elevated privileges, meaning you must either be logged in as the root user or have been granted sudo privileges to execute it.
If you are not logged in as root, you will need to precede the usermod command with sudo.
sudo usermod -aG sudo newuser
Specifying Explicit User Privileges in /etc/sudoers
Instead of adding users to the sudo group, you can use the visudo command to directly edit the /etc/sudoers configuration file. Visudo is the recommended tool for editing this file as it provides a secure mechanism.
It locks the file to prevent simultaneous edits by multiple users and performs a validation check to ensure the integrity of the configuration before saving changes.
This safeguard helps prevent situations where incorrect sudo configurations could potentially lock you out of the system, and it is an important step in managing users on Ubuntu 18.04.
If you are currently signed in as root, run the following:
visudo
If you are currently logged in as a non-root user who has been granted sudo privileges, you must precede the command with sudo before executing it.
sudo visudo
Historically, the visudo command opened the /etc/sudoers file using the vi text editor, which can have a steep learning curve for users unfamiliar with it.
In newer Ubuntu installations, visudo defaults to the nano text editor, offering a more intuitive and accessible editing experience. Use the arrow keys to move the cursor within the nano editor and locate the following line:
/etc/sudoers
root ALL=(ALL:ALL) ALL
Below the indicated line in the configuration file, add the following line. Remember to replace the placeholder newuser with the actual username of the user you wish to grant sudo privileges to.
/etc/sudoers
root ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL
Next, add a new line like this for each user that should be given full sudo privileges. When you finished, save and close the file by pressing CTRL + X, followed by Y, and then ENTER for confirmation.
Checking sudo permissions for your user
The newly created user account now has the necessary permissions to execute commands with administrative privileges.
When you are logged in as this user, you can execute commands in the usual manner without any special syntax.
some_command
You can execute the same command with administrative privileges by typing sudo ahead of the command:
sudo some_command
During this process, you will be asked to enter the password associated with the regular user account you are currently logged in as.
Deleting a user
If a user account is no longer required, it is recommended to delete it.
You can delete a user account without deleting their files by executing the following command as the root user:
deluser newuser
If you are signed in as another non-root user with sudo privileges, you would use the following:
sudo deluser newuser
If you also wish to delete the user’s home directory along with the user account, you can execute the following command as the root user:
deluser --remove-home newuser
If you are currently logged in as a user who does not have root privileges but has been granted ‘sudo’ access, you will need to precede the command with sudo before executing it.
visudo
Or use the following command if you are a non-root user with sudo privileges:
sudo visudo
/etc/sudoers
root ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL # DELETE THIS LINE
This measure helps to prevent any future users created with the same name from inadvertently being granted sudo privileges.
Conclusion
You now have a solid understanding in managing users on Ubuntu 18.04 system. Effective user management involves carefully controlling user access, ensuring that each user is granted only the permissions required to perform their specific tasks.
This approach significantly enhances system security.
