LAB-USER-02 - Creating and Modifying Users

Part A: The Field Guide

---

🎯 What & Why

In a graphical OS, you go to Settings -> Users -> Add User. In Linux, you are the Settings panel.

Creating a user isn’t just about picking a name. The system needs to know:

• Does this user get a home directory? (/home/username)
• What command shell do they use? (/bin/bash or a restricted shell?)
• Does the system auto-generate a private group for them?
• What skeleton files (default .bashrc, etc.) should be copied into their new home?

Linux provides two distinct command pathways to do this: the low-level surgical tools (useradd) and the high-level interactive wizard (adduser). Knowing when to use which is the mark of a professional.

---

🧠 Mental Model: The Architect vs The Wizard

Path 1: useradd (The Architect)

useradd is a low-level, silent, surgical binary. If you simply type useradd bob, it creates the UID in /etc/passwd. It does nothing else. Bob has no home directory. Bob has no password. Bob cannot log in. You must explicitly provide flags (like -m for home directory) to make it do what you expect. Use case: Writing automated bash scripts that provision 50 users at once.

Path 2: adduser (The Wizard - Debian/Ubuntu only)

adduser is a friendly, interactive Perl script wrapped around useradd. If you type adduser bob, it asks you for a password, creates the home folder, copies default files, and sets up groups automatically, prompting you along the way. Use case: You are a human manually creating one or two users by hand on a Debian/Ubuntu system.

---

📖 Command Reference

useradd (The Universal Way)

Creating a “Service User” (no home folder, no shell, cannot log in):

$ sudo useradd -r -s /usr/sbin/nologin my_app_service

usermod (The Editor)

Use usermod to change the attributes of a user after they are created.

userdel (The Destroyer)

Removes the user from the /etc/passwd file.

---

🌍 Real Scenarios

Scenario 1: You run a web hosting server. You create a user for a client, clientA. You want them to be able to upload files, but they strictly CANNOT have an interactive command-line shell to nose around the server. You create them with: sudo useradd -m -s /bin/false clientA. They can authenticate via SFTP, but SSH login will perfectly reject them.

Scenario 2: Developer promotion. A junior developer (dave) needs administrative rights. You modify his account to add him to the sudo group: sudo usermod -aG sudo dave. (Note: He must log out and log back in before the group change takes effect in his session).

---

⚠️ Gotchas & Pitfalls

1. Forgetting -a with -G — When using usermod -G secondary_group username, it will REPLACE all of their secondary groups with this new one. You almost always want to use usermod -aG (Append Group) to add them to a group without wiping their existing ones.
2. Deleting Logged-in Users — userdel will usually fail if the user is currently logged in or has active processes running. You must kill their processes first or use pkill -u username before deleting them.
3. The Skeleton Directory — When you create a user with a home directory (-m), where does it get the default .bashrc and .profile files from? It copies them from /etc/skel/! If you want every new user to automatically have your company’s custom shell prompt, edit the files in /etc/skel/.

---

Part B: The Drill Deck

Terminal Required: Open your Linux terminal for these exercises. You will need sudo.

---

G

Guided Step by step - type exactly this and compare the result

>

Exercise G1: The Quick Creation (If on Debian/Ubuntu)

1. Run: sudo adduser test_wizard
2. Answer the interactive prompts. Give a simple password. Hit enter through the Full Name/Room Number fields.
3. Verify creation: getent passwd test_wizard (This just searches the passwd file cleanly).
4. Verify home directory: ls -la /home/test_wizard. Notice it is fully populated with hidden files.

Exercise G2: The Manual Architect

1. Run: sudo useradd -m -s /bin/bash test_manual
2. It is silent.
3. Run: getent passwd test_manual. It exists.
4. Try to switch to that user: su - test_manual.
   • Result: Depending on your system, it might work, but the account has no password set!
5. Type exit to return to your main user.
6. Delete the architect user completely: sudo userdel -r test_manual

Exercise G3: The Disabling Trick

1. Let’s effectively “lock out” the wizard user without deleting them.
2. Run: sudo usermod -s /usr/sbin/nologin test_wizard
3. Try to become them: sudo su - test_wizard.
4. The system will immediately reject the shell with “This account is currently not available.” You have successfully locked the account!

S

Solo Task described, hints available - figure it out

>

Exercise S1: Account Cleanup

Clean up the residue from the Guided drills.

1. Use the correct command to delete the test_wizard user AND ensure their home directory in /home/test_wizard is completely wiped out in the same command.
2. Run ls /home to verify the folder is completely gone.

Exercise S2: Provisioning a Service Account

Draft the exact command (using useradd) that a script would use to provision an account for a new backend service named data_parser. The account MUST:

• Not have a home directory.
• Be flagged as a system account (UID under 1000).
• Be completely incapable of logging in to a shell.

(You do not need to run this command, just formulate it mentally or in a notepad).

Exercise S3: Skeleton Inspection

1. Navigate to the skeleton directory: cd /etc/skel.
2. List all contents, including hidden files.
3. These are the EXACT files that get cloned into /home/[user]/ when you use useradd -m. Read one of them (like .bashrc) to see the default configurations Linux provides to new humans.

M

Mission Real scenario - no hints, combine multiple skills

>

Mission M1: The Rename Operation

You have a user account named intern_01. The intern is hired full-time and their name is sarah.

Using usermod, you can change an existing user’s login name without having to delete them and recreate them (which would mess up all their file ownerships due to the UID changing).

Research the flags for usermod (using man usermod or usermod --help).

1. Create a dummy user intern_01.
2. Formulate and execute the usermod command that changes the login name intern_01 into sarah.
3. Verify /etc/passwd to ensure the name changed, but the UID stayed the same!
4. (Bonus: Notice that her home directory is still /home/intern_01. The rename command doesn’t move home folders heavily by default. Look up the -d -m flags to fix this!).