Create and delete users on CentOS 7: Quickly and Securely
In this article from Orcacore, we want to teach you how to create and delete users on CentOS 7. Creating and deleting users allows administrators to control access to resources and ensure the security and integrity of their CentOS 7 servers. It is the most basic task that you should know about. Properly managing user accounts is paramount for system security. This guide will walk you through the essentials of user management on CentOS 7.
In this guide, we’ll explore how to create and delete users, providing step-by-step instructions for these essential tasks on CentOS 7.
1. Create a user on CentOS 7
You can create a user as a root user any time you want with the following command:
adduser usernameNote: If you are a non-root user with accessing root privileges you can use sudo before each command:
sudo adduser usernameNow you need to set a password for your new user. You can do it with the following command:
passwd username*Note*: Remember to use sudo privileges if you are a non-root user.
2. Give sudo privileges to a user on Centos 7
If a user on CentOS 7 wants to use a command with root privileges, the user should have access to sudo privileges. Sudoers are in a group named “wheel”, they have access to root privileges.
You can add a user in “wheel” to have sudo access with the following command:
gpasswd -a username wheelIf you are a non-root user use sudo privileges:
sudo gpasswd –a username wheelNow your new user has access to root privileges.
With the lid command, you can see that your user is in which group, and with the –g switch you can see which users are in that group. In your output, you can see usernames and UIDs.
lid username
lid –g wheel3. Delete a user on Centos 7
If you don’t want your user anymore you can run the following command:
userdel username*Note*: This command will not delete the home directory. If you want to delete the home directory too use the –r switch:
userdel –r usernameAs we mentioned before remember to use sudo before each command if you are a non-root user to have access to the root privileges.
Conclusion
Managing user accounts is an essential task of maintaining the security of a CentOS 7 server. By following the steps in this guide, administrators can easily create and delete users on Centos 7, ensuring proper access control and system maintenance.
Hope you enjoy this article about How to create and delete users on CentOS 7.
For more articles, you can visit our articles on Linux Tutorials.
Alternative Solutions for User Management on CentOS 7
While the adduser, passwd, gpasswd, and userdel commands are the standard and most direct way to manage users on CentOS 7, there are alternative methods that can offer greater flexibility or integration with other systems. Let’s explore two such alternatives: using useradd with options and leveraging system configuration files directly. Both methods are valuable to know when administrating user accounts on CentOS 7.
1. Using useradd with Options for Comprehensive User Creation
The adduser command is a user-friendly wrapper around the more fundamental useradd command. While adduser simplifies the user creation process, useradd offers finer-grained control through various options. Using useradd directly allows you to specify details like the user’s UID, GID, home directory, and shell during creation. This can be particularly useful when automating user provisioning or integrating with existing identity management systems.
Here’s how you can use useradd to create a user with specific attributes:
useradd -u 1001 -g users -d /home/newuser -s /bin/bash newuser
passwd newuserExplanation:
useradd: The command to create a new user.-u 1001: Specifies the User ID (UID) as 1001. If omitted, the system automatically assigns the next available UID.-g users: Specifies the initial group for the user. In this case, the user is added to the ‘users’ group. You can replace ‘users’ with any existing group name.-d /home/newuser: Specifies the home directory for the user as/home/newuser. If omitted, the system will create a directory with the same name as the username under/home.-s /bin/bash: Sets the user’s login shell to Bash. You can use other shells like/bin/shor/bin/zsh.newuser: The username of the new user.passwd newuser: This command sets the password for the newly created user. It is a separate step becauseuseradddoes not prompt for a password during creation.
Advantages of using useradd:
- Granular Control: You can specify all user attributes during creation, making it suitable for automated provisioning.
- Scripting-Friendly:
useraddis well-suited for use in shell scripts to create users with consistent configurations. - Integration: Easier integration with existing identity management systems by specifying UIDs and GIDs that match existing records.
Disadvantages:
- More Complex: Requires understanding of the available options and their implications.
- Less User-Friendly: Not as straightforward as
adduserfor simple user creation.
2. Directly Editing System Configuration Files (Advanced)
While not recommended for beginners, directly editing system configuration files like /etc/passwd, /etc/shadow, and /etc/group allows for very fine-grained control over user accounts. However, this method is risky, as incorrect modifications can render the system unusable. It’s crucial to back up these files before making any changes and understand the format of each file.
Warning: Modifying these files directly can severely damage your system if done incorrectly. Proceed with extreme caution and only if you are an experienced system administrator.
Example (Creating a user by directly editing files):
-
Back up the files:
cp /etc/passwd /etc/passwd.bak cp /etc/shadow /etc/shadow.bak cp /etc/group /etc/group.bak -
Edit
/etc/passwd: Add a new line with the following format:newuser:x:1002:100:New User:/home/newuser:/bin/bashnewuser: Usernamex: Password placeholder (encrypted password is in/etc/shadow)1002: User ID (UID)100: Group ID (GID)New User: User’s full name (comment)/home/newuser: Home directory/bin/bash: Login shell
-
Edit
/etc/shadow: Add a corresponding line for the new user:newuser:$6$salt$hashedpassword:18365:0:99999:7:::newuser: Username$6$salt$hashedpassword: Encrypted password (you can usemkpasswd -m sha-512to generate this)18365: Last password change date (days since epoch)0: Minimum days between password changes99999: Maximum days between password changes7: Password warning period- Remaining fields are typically left empty.
-
Edit
/etc/group(if necessary): If you need to create a new group or add the user to an existing group that isn’t their primary group, you can edit this file. -
Create the home directory:
mkdir /home/newuser chown newuser:newuser /home/newuser chmod 700 /home/newuser
Explanation of the Shadow File:
The /etc/shadow file is crucial for security. It contains the encrypted passwords and password aging information. The encrypted password field is generated using a hashing algorithm (like SHA-512) and a salt. The salt is a random string added to the password before hashing to prevent rainbow table attacks. The mkpasswd command is used to securely generate this hashed password.
Advantages of Directly Editing Files:
- Ultimate Control: Complete control over every aspect of user account creation.
- No Dependencies: Doesn’t rely on higher-level utilities.
Disadvantages:
- High Risk: Extremely prone to errors that can damage the system.
- Complex: Requires a deep understanding of the file formats and security implications.
- Not Recommended: Should only be used in very specific circumstances by experienced administrators.
In Conclusion:
While the adduser command provides a simple and effective way to create and delete users on CentOS 7, understanding alternative methods like useradd with options and direct file editing can be valuable for more advanced system administration tasks. However, always exercise caution and prioritize security when managing user accounts. Always remember to prioritize security and follow best practices when managing users on CentOS 7.
