users and sudo in Linux – the möbius trip

Every time I need to create, modify, grant sudo access to users in Linux, I have to search for it.

This is a list of the commands I’ve used in the past.

Will keep updating this so that I don’t have to load a search page every time!

All commands below are run as root user. If I’m not the root user, I need to prefix them with sudo!

add and delete user

There are two commands in Linux to add users – one is useradd and another is adduser!

useradd is the basic command available in all Linux distros.

$> useradd username

$> useradd username

This command just adds a user and that’s it. It doesn’t set the password, create the home directory or anything else. There are options to this command which will do these things but then I need to remember them!

Instead of this, I use the adduser command. This is an interactive perl script, which prompts for all the extra info. This sets up the user’s home directory, sets up the password. Essentially, everything I need to get a user into the system.

The way I prefer to remember to use adduser is to keep in mind that I should use the command which starts with the verb!

$> adduser username

Adding user `temp' ...

Adding new group `temp' (1002) ...

Adding new user `temp' (1001) with group `temp' ...

Creating home directory `/home/temp' ...

Copying files from `/etc/skel' ...

Enter new UNIX password:

Retype new UNIX password:

...

$> adduser username Adding user `temp' ... Adding new group `temp' (1002) ... Adding new user `temp' (1001) with group `temp' ... Creating home directory `/home/temp' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: ... ...

$> adduser username
Adding user `temp' ...
Adding new group `temp' (1002) ...
Adding new user `temp' (1001) with group `temp' ...
Creating home directory `/home/temp' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
...
...

Similarly, to remove a user and their home directory

$> deluser --remove-home username

$> deluser --remove-home username

grant and revoke sudo access to user

To grant sudo access to a specific user

$> sudo adduser username sudo

$> sudo adduser username sudo

This adds the user to the sudo group so that they can run all commands with a sudo prefix.

And to revoke sudo access

$> sudo deluser username sudo

$> sudo deluser username sudo

This DOES NOT remove the user only their sudo access.

list all sudo users

Reference

To list all users

$> awk -F':' '{ print $1}' /etc/passwd

$> awk -F':' '{ print $1}' /etc/passwd

To list all sudo users

$> grep '^sudo:.*$' /etc/group | cut -d: -f4

$> grep '^sudo:.*$' /etc/group | cut -d: -f4

allow sudo access without root

In rare scenarios, it might be required to grant sudo access to a specific user without allowing them access to run root commands.

In this case, the /etc/sudoers file needs to be modified using visudo command.

tom ALL=(ALL) NOPASSWD:ALL

tom  ALL=(ALL) NOPASSWD:ALL

Now, user tom can run all commands that require privileges by prefixing sudo.

If in rare cases, there is a user and we want tom to have the same capabilities as that user, then this line changes.

tom ALL=(oracle) /bin/chown tom *

tom  ALL=(oracle) /bin/chown tom *

Now user tom can run commands which user oracle can run but not the ones which root user has access to. (reference)