Helpful commands

• Changing user password sudo passwd user
• Executing command as user sudo -u user command
• Logged in users who
• Logged in users and more w
• Account expiry information sudo chage -l user

Creation

• Interactively adding user sudo adduser name
• Non-interactively adding user sudo useradd name See all options using man useradd; common ones:

  Short version	Full version	Description
  -d	--home-dir	Home directory for user; it will be created if instructed to
  -m	--create-home	Create home directory (default one will be created if not specified)
  -M	--no-create-home	Do not create home directory
  -N	--no-user-group	Do not create group with the same name as the user
  -u	--uid	User UID override
  -g	--gid	User's GID override
  -G	--groups	List of groups user should be also part of (in addition to primary group) - group names or GIDs
  -s	--shell	Path to user's login shell
  -c	--comment	Short description of user. It's currently used as user's full name
  -e	--expiredate	When account should be disabled (YYYY-MM-DD)
  -f	--inactive	Number of days after password exceeded its max age when user is expected to change password
  -r	--system	Create a system account with no aging information nor home directory

Groups

Group membership is evaluated at session (for example, desktop, ssh or bash) start. This necessitates start of new session to observe change of effective groups.

• Print effective user and groups IDs id
• Listing user groups groups user
• Adding to sudo usermod -aG group user
• Removing from sudo gpasswd -d user group
• Creating group sudo groupadd NAME

Access control

Root user can log in even as blocked user using su - user

• Locking sudo passwd -l user
• Unlocking sudo passwd -u user
• Removing sudo userdel user

Recovery

Account recovery is simple as long as access to local admin account access is available; it's matter of executing sudo passwd account_name Account recovery in case of no access to local admin account access:

1. Prepare Linux USB installation disk
2. Restart device and choose to boot from USB device as you would if you'd be installing Linux
3. Once live media starts and offers you to Try or Install system, press CTRL+ALT+F2 to enter TTY2
4. Determine root disk of existing installation. Following might assist in process: sudo lsblk
5. If root partition is part of LVM, scan for it and activate it. Use actual Volume Group device name instead of /dev/ubuntu-vg sudo pvscan sudo vgchange -ay /dev/ubuntu-vg
6. Create temporary root mount directory mkdir root_mount
7. Mount existing installation root partition device sudo mount /dev/sda2 root_mount
8. Change active root directory to mounted root partition sudo chroot root_mount
9. Change password of account. You will not be prompted for existing root password as installation environment have none: sudo passwd account_name
10. Restart and remove installation media

Last update: 2024-08-10