Skip to main content

100 Reps

Linux Admin: Managing Users

I read through Chapter 2 of Linux Admin for Absolute Beginners by Martin Stevenson

Key Learnings:
  • Add Users
  • Passwords
  • User groups

How to add users

The flags of adduser varies across different version of Linux, so consult the man pages for more info.

I am practising on Kali Linux, the simplest command is:

sudo adduser --comment "Gym Owner Terry Crews" tcrews

You will need root access for this.
So using the root user or adding sudo will work.

Sometimes you'll see another command useradd instead.

The recommendation is to always use adduser.

adduser is a wrapper for useradd. 
adduser is more user friendly and interactive than its back-end useradd. There's no difference in features provided.

Why is this important?

This is how we can create an account for users to access Linux servers.
If you have a new employee at your company or student who enters the university, they'll need access to the shared drive, a private drive for themselves etc.


Groups keep users in their lanes.
Organisations can have hundreds or thousands of users.
While you can create a user and manually add them to have permission for a bunch of documents and folders, it takes a long time and there is an element of human error to miss one or two things.

Scaling this task would be really difficult unless you can group up permissions for folders based off some kind of label.

Linux uses "groups" to do this.
Users can be added to multiple groups
Folders can be shared to multiple groups

Why do hackers care?

If you have access to the root user, accounts can be secretly added to provide a direct line.
The passwords are stored in the etc/passwd file.
Access to this file would give the attacker logins to all users.

The sudo group is a group that provides superuser privileges.

Practice Exercise

You are the new Linux Admin for your startup.
Please create accounts for these co-workers.

C-Level Executives
John Smith: CEO
Jane Doe: CFO
Mary Jones: CTO
Peter Brown: COO
Sally Green: CMO

Senior Management
Mike Williams: VP of Sales
Nancy White: VP of Marketing
David Black: VP of Engineering
Elizabeth Blue: VP of Operations
Charles Brown: VP of HR

Eric Green: Software Engineer
Tom White: Designer
Ashley Black: QA Engineer
Ben Green: Customer Support Representative

Chris Smith: Software Engineering Intern
Matthew Jones: Design Intern
Sarah Brown: QA Engineering Intern
Thomas White: Customer Support Intern


For each of these users, we can create a login following a convention of <first letter of first name><surname>


Create the user
useradd --comment "Executive - CEO - John Smith" jsmith
useradd --comment "Engineering - Eric Green" egreen


We can also create groups for the users based on their level or function:
  • corporate - C-Level executives
  • engineering - software engineer
  • design - designers
  • qa - testers
  • support - customer support
Sarah Brown is an QA intern so would only need to be added to the qa group.
Mary Jones is the CTO so would need to be in the corporate, engineering, qa and design groups

Create a group
groupadd corporate

Append group to user
usermod -a -G corporate mjones

For each function, I create sample files and assigned them to their own group based folders.
To change the 

C-Level Files


Engineering Files

Design Files


QA Files


Customer support Files

Create a sample file
touch engineering/

Change the group of the folder
chgrp -R corporate corporate/


Popular posts from this blog

PicoCTF: Low Level Binary Intro Playlist

Mochi's Tale Mochi's Tale is a really cool little game that teaches you how to "find things out" through experimentation. I found it a really helpful way to get you into the rhythm of learning rules without being told what they are in the first place.

PicoCTF: The Debugger

GDB baby step 1  Can you figure out what is in the eax register at the end of the main function?  For Mac, gdb can be installed via homebrew: brew install gdbGDB baby step 2 Learn how to disassemble a program from binary file. Here we can see that in line 15, 0x86342 is copied into eax. The output here seems to reverse the arguments.