Creating Users
# Create a new user with home directory
sudo adduser john
# Create a system user (no home, no login shell)
sudo useradd --system --no-create-home --shell /usr/sbin/nologin appuser
Managing Passwords
# Set or change a password
sudo passwd john
# Force password change on next login
sudo passwd --expire john
# Lock an account
sudo passwd --lock john
# Unlock an account
sudo passwd --unlock john
Groups
# Create a group
sudo groupadd developers
# Add user to a group
sudo usermod -aG developers john
# View user groups
groups john
id john
# Remove user from a group
sudo gpasswd -d john developers
Sudo Access
# Add user to sudo group
sudo usermod -aG sudo john # Debian/Ubuntu
sudo usermod -aG wheel john # RHEL/Rocky
# Or use visudo for custom permissions
sudo visudo
# Add: john ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart nginx
Deleting Users
# Delete user (keep home directory)
sudo userdel john
# Delete user and home directory
sudo userdel --remove john
Viewing User Info
# List all users
cat /etc/passwd
# Currently logged in users
who
w
# Last login history
last john
lastlog
Security Best Practices
- Disable the root login over SSH
- Use SSH keys instead of passwords
- Create individual accounts for each person (no shared accounts)
- Remove accounts for people who no longer need access
- Use the principle of least privilege for sudo access