Every time I need to create, modify, grant sudo access to users in Linux, I have to search for it.
This is a list of the commands I’ve used in the past.
Will keep updating this so that I don’t have to load a search page every time!
All commands below are run as root user. If I’m not the root user, I need to prefix them with sudo!
add and delete user
There are two commands in Linux to add users – one is useradd and another is adduser!
useradd is the basic command available in all Linux distros.
$> useradd username
This command just adds a user and that’s it. It doesn’t set the password, create the home directory or anything else. There are options to this command which will do these things but then I need to remember them!
Instead of this, I use the adduser command. This is an interactive perl script, which prompts for all the extra info. This sets up the user’s home directory, sets up the password. Essentially, everything I need to get a user into the system.
The way I prefer to remember to use adduser is to keep in mind that I should use the command which starts with the verb!
$> adduser username Adding user `temp' ... Adding new group `temp' (1002) ... Adding new user `temp' (1001) with group `temp' ... Creating home directory `/home/temp' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: ... ...
Similarly, to remove a user and their home directory
$> deluser --remove-home username
grant and revoke sudo access to user
To grant sudo access to a specific user
$> sudo adduser username sudo
This adds the user to the sudo group so that they can run all commands with a sudo prefix.
And to revoke sudo access
$> sudo deluser username sudo
This DOES NOT remove the user only their sudo access.
list all sudo users
To list all users
$> awk -F':' '{ print $1}' /etc/passwd
To list all sudo users
$> grep '^sudo:.*$' /etc/group | cut -d: -f4
allow sudo access without root
In rare scenarios, it might be required to grant sudo access to a specific user without allowing them access to run root commands.
In this case, the /etc/sudoers file needs to be modified using visudo command.
tom ALL=(oracle) /bin/chown tom *
Now user tom can run commands which user oracle can run but not the ones which root user has access to. (reference)