User Management: Everything You Need

User management is a foundational aspect of system administration, ensuring secure and organized access to resources. Whether you’re handling a small team or a large organization, understanding how to manage users effectively is critical. Below, we break down the core components of user management and explain their significance in maintaining a secure and efficient environment.

Create a New User

Creating user accounts is the first step in granting individuals access to a system. Each user should have a unique identity to ensure accountability and security. When setting up a new user, it’s essential to assign a secure password. Also, a proper user creation ensures that individuals only access resources relevant to their roles, minimizing the risk of accidental or intentional system misuse.

Moving to the commands:

Use the useradd command to create a new user (e.g. John)

sudo useradd john

Set a password for the new user using passwd

sudo passwd john

Verify the new user by checking the /etc/passwd file

cat /etc/passwd

Add a User to a Group

Groups simplify permission management by categorizing users with similar access requirements. For example, developers, admins, and auditors might belong to separate groups with distinct privileges. Adding a user to a group grants them shared permissions instantly, eliminating the need to configure access rights individually. This approach streamlines workflows and ensures consistency across teams.

Moving to the commands:

Create a new group using groupadd (e.g. Group Name: developers)

sudo groupadd developers

Add an existing user to the group using usermod

sudo usermod -g developers john

Verify that the user is added to the group by using the groups command

groups john

Modify User Information

User details such as names, contact information, or roles may change over time. Modifying user accounts allows administrators to update metadata (e.g., usernames, home directories, or login shells) without deleting and recreating accounts. This flexibility is crucial for maintaining accurate records and ensuring seamless transitions during role changes or reorganizations.

Moving to the commands:

Modify the home directory for user john using usermod

sudo usermod -d /home/mykali john

Change the default shell for john to /bin/bash

To Create Shell:

sudo usermod -s /bin/sh john

To Change Shell:

sudo usermod -s /bin/bash john

Change the user’s full name using the chfn command

sudo chfn -f johnwick john

Task 4: Verify the changes using grep john /etc/passwd

grep john /etc/passwd

Delete a User

When a user no longer requires access (e.g., after leaving an organization), their account should be removed to eliminate potential vulnerabilities. Deleting a user involves erasing their account credentials and optionally archiving or deleting their files. Proper cleanup prevents orphaned accounts from becoming backdoors for security breaches.

Moving to the commands:

Delete the user john using the userdel command and Ensure the user's home directory and files are removed by using userdel -r

sudo userdel -r john

Verify the deletion by checking the /etc/passwd file

cat /etc/passwd

Password Aging and Expiry

Enforcing password policies is vital for security. Password aging ensures users regularly update their credentials, reducing the risk of compromised accounts. Administrators can set expiration dates, define warning periods, and lock accounts after prolonged inactivity. These measures protect against brute-force attacks and unauthorized access caused by stale passwords.

Moving to the commands:

For this process we can create a new user (e.g. alice) to understand things in a much better way and after that :-

Set a password expiration period of 90 days for user alice using chage

sudo chage -M 90 alice

Set a warning period to notify the user 7 days before the password expires

sudo chage -W 7 alice

Verify the changes using chage -l alice

sudo chage -l alice

Lock and Unlock User Accounts

Temporarily locking an account is useful for suspending access without permanent deletion—ideal for addressing suspicious activity or unpaid subscriptions. Unlocking restores access once issues are resolved. This feature strikes a balance between security and convenience, ensuring users regain control quickly after verification.

Moving to the commands:

Lock the user account alice by using the passwd -l command

sudo passwd -l alice

Unlock the account using the passwd -u command

sudo passwd -u alice

To reset the password

sudo passwd alice

Check and Modify User File Permissions

File permissions dictate what users can read, write, or execute. Regularly auditing permissions prevents unauthorized data exposure. Administrators must ensure sensitive files are restricted to authorized users or groups, and misconfigured permissions should be corrected promptly. This practice aligns with the principle of least privilege, limiting access to only what’s necessary.

Moving to the commands:

To login into user alice

su - alice

Create a file /home/alice/important_file.txt

sudo touch /home/alice/important_file.txt

Change the ownership of the file to the user alice using chown

sudo chown alice:alice /home/alice/important_file.txt

Set the file permissions so that only alice has read and write access, while others have no access

sudo chmod 600 /home/alice/important_file.txt

Verify the permissions using ls -l

ls -l /home/alice/important_file.txt