How to Add and Manage Users on Debian

Edited 2 weeks ago by ExtremeHow Editorial Team

DebianUser ManagementSecurityCLILinuxSystem AdministrationPermissionsOpen SourceOSIT

Managing users is one of the most important tasks when working with Debian systems, especially if you are an administrator or if you are responsible for handling a multi-user environment. This guide explains how to add and manage users on a Debian system using simple commands and user management techniques. We will discuss how to create users, grant permissions, manage groups, and improve security.

Understanding users and groups

In Debian, each user has a unique identity. Users can be real people, system processes, or services. Each user has a unique username and a numeric user ID (UID). Additionally, each user belongs to at least one group. Groups are collections of users, used to simplify management tasks such as giving a group of users access to certain files or directories.

Basic user management

Before you can start user management, you will often need administrative or root privileges. Let's dive into the basic steps:

Adding a new user

To add a new user on Debian, you can use adduser command. This command simplifies the creation of users by setting up a user directory, password management, and initialization scripts.

$ sudo adduser newusername

After running this command, you will be asked to enter and confirm the password for the new user and enter additional information such as full name, room number, and phone number. You can press Enter to skip the fields you want to leave blank.

Setting a user password

The user password in Debian can be set or changed using passwd command. Run the following command as root:

$ sudo passwd username

After executing the command, you will be asked to enter and re-enter the new password for the user.

Deleting a user

If a user is no longer needed, you can delete it with deluser command. This command also allows you to delete the user's home directory if needed:

$ sudo deluser username

Add --remove-home flag to remove the user's home directory and mail spool:

$ sudo deluser --remove-home username

Group management

Groups help manage permissions for multiple users. You can add or remove users from groups, create new groups, and delete them.

Adding groups

Create a new group using addgroup command:

$ sudo addgroup newgroup

Adding a user to a group

To add a user to a group, use the usermod command:

$ sudo usermod -aG groupname username

-a flag adds the user to a group without removing him from other groups, and -G specifies the group to add the user to.

Removing a user from a group

To remove a user from a group, use deluser command with the group name:

$ sudo deluser username groupname

User information and management commands

Several commands can help you get information about users and groups on a Debian system:

Creating a list of users

All users are listed in the /etc/passwd file. Use the following command to view it:

$ cat /etc/passwd

This will display a list showing each user's username, UID, GID (group ID), comment (if available), home directory, and default shell.

Listing groups

To list all groups in your system, look at the /etc/group file:

$ cat /etc/group

You can also see the name of each group along with the GID, as well as a list of users who are members of the group.

Getting user information

id command provides detailed information about a user, including UID, GID, and group memberships:

$ id username

Changing users

Switch between users using the su command. To switch to another user, enter:

$ su - username

Note: You will need to provide the password of the target user, unless you are visiting accounts with root privileges.

Security and best practices

Managing users isn't just about creating them; it's also about ensuring that the system remains secure and efficient. Here are some best practices:

Principle of least privilege

Always follow the principle of least privilege. Users should only have the permissions they need to perform their roles. Avoid making users members of sudo unless necessary.

Regularly auditing user accounts

Regularly checking user accounts can help ensure that no unauthorized users are present on the system. Remove any users that are no longer needed and review groups to ensure that users have only the necessary permissions.

Password policy

Enforce strong password policies. Encourage or enforce passwords that are long and contain a mix of letters, numbers, and symbols. Also, consider setting a password expiration date so users can change passwords regularly.

Using SSH keys

For increased security, especially for remote connections, SSH key-based authentication is recommended instead of password login. This adds a layer of security using public-private key cryptography.

Advanced topics

Using sudo to escalate privileges

sudo command allows a normal user to execute commands with elevated privileges without requiring the root password. The default sudoers file, located at /etc/sudoers can be modified to give users specific sudo permissions. Be careful when editing this file; incorrect configuration can compromise system security or functionality.

Setting an account expiration date

Account expiration dates are useful for temporary users. To set an expiration date using chage command:

$ sudo chage -E "YYYY-MM-DD" username

This will lock the account after the specified date.

Managing system users

System users are non-human users that are used by services. They often have no login shell or home directory. Exercise caution when modifying these users.

Using PAM for authentication

PAM (Pluggable Authentication Module) provides a way to configure authentication and security. Understand that making changes to the PAM configuration can have significant security implications.

Conclusion

Debian user and group management provides the facility to manage any environment efficiently, managing everything from single-user systems to complex multi-user setups. Following the best practices not only helps to manage users effectively but also improves the overall security status of the system. Whether you are a system administrator of a large organization or managing your own server, it is important to master user and group management.

  Share This Article

If you find anything wrong with the article content, you can request an update