User management in Ubuntu

Time:2021-12-1

When using Linux system, we should adhere toMinimum authority principle.Least privilegeIt means that Linux usually wants users or processes to have only enough permissions to complete their work, and the system does not give them more privileges.
The most privileged user is usuallyrootUsers,rootUsers can do whatever they want (representing the maximum permission). If used, each process usesrootPermission, which is a huge security vulnerability for the system, so it can not be usedrootUsers deploy services and reduce the permissions of the deployment process. Using a specific user to deploy a specific service is a common way. The privileges enjoyed by the user should be reduced to prevent abuse of permissions. Therefore, it is necessary to manage relevant users in Ubuntu.

New user

Use commanduseraddYou can create a new user:

sudo useradd jjz

AddUser is automatically createdUser directoryandshell, and automatically createdgrouping
Use the passwd command to set the password for the user:

sudo passwd jjz

sudo: unable to resolve host
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

This allows users tojjzSet a password.
useidCommand to view user information:

sudo id jjz

uid=1000(jjz) gid=100(users) groups=100(users)

Use the finger command to view the user’s directory, shell, and entered address details:

sudo finger jjz

Login: jjz                        Name:
Directory: /home/jjz                    Shell: /bin/sh
Never logged in.
No mail.
No Plan.

Modify and delete users

The command usermod is used to modify user information and user login:

usermod -l jjz jjz1

It can also be used to add users to the group, for example:

usermod -g users jjz

It can also be used to modify a user’s user directory:

usermod -d /user/jjz jjz

If you want to delete a user, you can use the name userdel:

userdel jjz

When deleting a user, delete the user’s working directory at the same time. You can use the command:

userdel -r jjz

Switching between user and root user

After logging in with a non root user, sometimes you need to perform some operations with root permission, such as installing system level software, modifying system files, etc. you often need sudo permission. At this time, we can also switch to the root user for operation and switchingrootYou can use the command:

sudo su

To switch to root, you need to verify the current user password.
After using the root user, you can use the command to switch to other users:

su jjz

Or use it directlyexitYou can exit the root user and return to the login user.

Give the user permission to execute sudo

When a new user executessudoWill prompt whenxxx is not in the sudoers file. This incident will be reported.That is, the current user does not have permission to execute sudo. If we want the user to have the permission to execute sudo, we need to authorize the user,sudoAuthorization of permissions requires modification of the file/etc/sudoers
First enter root mode:

su

Add write permission for file:

chmod u+w /etc/sudoers

edit/etc/sudoers:

vim /etc/sudoers

findroot ALL=(ALL)ALL
Add below it:


jjz ALL=(ALL)ALL

suchjjzCan executesudo
If you want to revoke the write permission of a file, you can use the command:

chmod u-w /etc/sudoers

Disable and enable root user

In order to fully implement the minimum authorization principle of the system, we can also prohibit the root user from logging in and disable the root user’s command:

sudo passwd -l root

This disables root login, but the root password is still saved.
Start the root login again and execute the command:

sudo passwd -u root