Skip to content

User Management

Prerequisites

  • Root or sudo privileges

Quick Reference

Action Command
List users cat /etc/passwd
User info id <user>
Check Groups groups <user>
Create User useradd <user>
Set Password passwd <user>
Add to Group usermod -aG <group> <user>
Delete User userdel -r <user>
Edit Sudoers visudo
Lock Account usermod -L <user>

Procedure: Create a User

When to use: Adding a new person or service account to the system.

Steps:

  1. Create the user (creates home dir and group by default): 

    useradd <username>

  2. (Optional) Create a system user (no home dir, system shell): 

    useradd -r -s /sbin/nologin <username>

  3. Verify user creation: 

    id <username>

Troubleshooting:

  • If "user already exists": Check /etc/passwd.
  • If permission denied: Ensure you are running as root or with sudo.

Procedure: Set or Change a Password

When to use: Setting an initial password for a new user or resetting a forgotten one.

Steps:

  1. Set password interactively: 

    passwd <username>

  2. Force user to change password on next login: 

    chage -d 0 <username>

Troubleshooting:

  • "Authentication token manipulation error": Often means the filesystem is read-only or SELinux issue, or shadow file corruption.

Procedure: Add a User to a Group

When to use: Granting permissions managed by group membership (e.g., wheel for sudo, docker for containers).

Steps:

  1. Append (-a) user to a secondary group (-G): 

    usermod -aG <group_name> <username>
    Important: Always use -a (append). Omitting it removes the user from all other secondary groups!

  2. Verify membership: 

    groups <username>

Troubleshooting:

  • Changes don't apply immediately: The user must log out and log back in for group changes to take effect.

Procedure: Configure sudo Access

When to use: Granting administrative privileges to a regular user.

Steps:

  1. Add the user to the wheel group (standard on RHEL/CentOS/Fedora): 

    usermod -aG wheel <username>

  2. Alternatively, edit the sudoers file directly (safer syntax checking): 

    visudo
    Add line: <username> ALL=(ALL) ALL

  3. Verify access as the user: 

    su - <username>
sudo whoami
    Expected output: root

Troubleshooting:

  • "user is not in the sudoers file": Ensure they are in the wheel group and the %wheel line in /etc/sudoers is uncommented.

Procedure: Set Up SSH Key Authentication

When to use: Enabling passwordless, secure login.

Steps:

  1. Generate key pair (on client machine): 

    ssh-keygen -t ed25519

  2. Copy public key to server: 

    ssh-copy-id <username>@<server_ip>

  3. Manually (if ssh-copy-id unavailable):

    • Create folder: mkdir -p ~/.ssh && chmod 700 ~/.ssh
    • Paste public key into ~/.ssh/authorized_keys
    • Set permissions: chmod 600 ~/.ssh/authorized_keys

Troubleshooting:

  • "Permission denied (publickey)": Check directory permissions. ~/.ssh must be 700, authorized_keys must be 600. Owner must be the user, not root.
  • SELinux: Run restorecon -Rv ~/.ssh to fix contexts.
  • Technologies: SSH
  • Concepts: Users and Permissions