In this tutorial, we’ll examine adding users to groups. Bash shell commands are powerful tools for achieving specific needs. Groups are an effective way to share and protect information. File permissions in Linux allow you to set ownership by user rights, group rights, and global. It’s also a perfect way to maintain user permission to root.
Let’s dig into that.
Adding a user with a group (wheel)
NAME
useradd - create a new user or update default new user information
SYNOPSIS
useradd [options] LOGIN
That’s the basics from the useradd man page, so let’s start from the top by adding our new user, Admin Bob, and Admin Jane.
Common options for luseradd
-c, --comment COMMENT -G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
So those are our two primary fields. Now let’s add Bob.
[root@linuxscrew ec2-user]# useradd -c "USA/CO/Denver Office" Admin.Bob
And let’s add Jane.
[root@linuxscrew ec2-user]# useradd -c "USA/CO/Denver Office" Admin.Jane -G wheel
[Admin.Jane@linuxscrew ec2-user]$ sudo su
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for Admin.Jane:
Sorry, try again.
Speaking of forgotten steps. Looks like we forgot to set a password. I do not recommend setting a password with the useradd command. Instead, remember to follow up with the passwd command. Passwd prompts with a secure terminal that won’t store in history. Or, you can use read -sp to store a password inline.
[root@linuxscrew ec2-user]# passwd Admin.Jane
Changing password for user Admin.Jane.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@linuxscrew ec2-user]# su Admin.Jane
[Admin.Jane@linuxscrew ec2-user]$ sudo su
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for Admin.Jane:
[root@linuxscrew ec2-user]#
And there we go. One user added with a group, wheel. No group commands needed. If we needed to add Jane to multiple groups initially:
[root@linuxscrew ec2-user]# useradd Admin.Jane -G wheel,ec2-users [root@linuxscrew ec2-user]# passwd Admin.Jane [root@linuxscrew ec2-user]# su Admin.Jane [Admin.Jane@linuxscrew ec2-user]$ groups Admin.Jane wheel ec2-users [Admin.Jane@linuxscrew ec2-user]$
And there we go. Admin.Jane belongs to her own user group, wheel for sudo access, and the ec2-users group.
But what about Bob? Since Bob was created without group access to wheel, we’ll need to use a different command.
Adding a user to a group
We added Bob as an Admin user without Admin rights. Let’s fix that with groupmems.
Common options for groupmems
SYNOPSIS
groupmems -a user_name | -d user_name | [-g group_name] | -l | -p
OPTIONS
The options which apply to the groupmems command are:
-a, --add user_name
Add an user to the group membership list.
If the /etc/gshadow file exist, and the group has no entry in the /etc/gshadow file, a new entry will be created.
-d, --delete user_name
Delete a user from the group membership list.
If the /etc/gshadow file exist, the user will be removed from the list of members and administrators of the group.
If the /etc/gshadow file exist, and the group has no entry in the /etc/gshadow file, a new entry will be created.
-g, --group group_name
The superuser can specify which group membership list to modify.
-h, --help
Display help message and exit.
-l, --list
List the group membership list.
Let’s start with getting a list of members in the group, wheel.
[root@linuxscrew ec2-user]# getent group wheel wheel:x:10:ec2-user,samberry,Admin.Steve,Admin.Jane
We know that Bob isn’t there. so let’s add Bob.
[root@linuxscrew ec2-user]# groupmems -a Admin.Bob -g wheel [root@linuxscrew ec2-user]# groupmems -g wheel -l ec2-user samberry Admin.Steve Admin.Jane Admin.Bob
There we go. Admin.Bob is now a member of wheel, and we verified by checking with the groupmems -l, –list, option.
Those are the basics of group management on Linux. For a home instance of Linux, likely you’ll see the default group as adm instead of wheel.
root@pop-os:/home/samuelberry# groupmems -g adm -l syslog samuelberry
If you’re curious, check your /etc/sudoers configuration file to find out which you have.
root@pop-os:/home/samuelberry# cat /etc/sudoers # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL [samberry@linuxscrew ec2-user]$ cat /etc/sudoers ## Allows people in group wheel to run all commands %wheelALL=(ALL)ALL ## Same thing without a password # %wheelALL=(ALL)NOPASSWD: ALL
You may have noticed, we added the users into an EC2 instance. Next week as part of user/group management I’ll walk through adding users to Linux instances via EC2.
