Once the Linux system is configured, adding and removing users is one of the most basic tasks that you should know how to do. When you create a new server, you are only given the root account by default. While this gives you a lot of power and flexibility, it is also dangerous to regularly use an account with so much power; for example, a root user is more vulnerable to security exploits, since any commands run under that account can affect the server's entire filesystem.
It is almost always a better idea to add an additional, unprivileged user to do common tasks. You should also create additional accounts for any other users that need access to your server. Each user should have an additional account so that their activities can be monitored and managed. You can still acquire administrative privileges, when needed, through a mechanism called 'sudo'. We will cover steps for how to create user accounts, assign 'sudo' privileges, and create a group on a CentOS 7 server.
Adding a new user
- Log in to your server as the root user.
ssh [email protected]_ip_address
- Use the adduser command to add a new user to your system.
Note: Be sure to replace username with the user that you want to create.
- Use the passwd command to update the new user's password.
passwd usernameNote: Set and confirm the new user's password at the prompt. A strong password is highly recommended!
Creating a usergroup
- In order to a create group, you need to use groupadd command:
sudo groupadd NAME-OF-THE-NEW-GROUP
Adding a user to Group
- Use the usermod command to add the user to the wheel group.
Note: By default, on CentOS, members of the wheel group have sudo privileges. Be sure to change the username with the actual user which you want to add to the wheel group
usermod -a -G wheel username
Test sudo access on new user account
- Use the su command to switch to the new user account.
su - usernameAs the new user, verify that you can use sudo by prepending "sudo" to the command that you want to run with superuser privileges. For example, you can list the contents of the /root directory, which is normally only accessible to the root user.
sudo ls -la /rootNote: The first time you use sudo in a session, you will be prompted for the password of the user account. Enter the password to proceed.
- To add a user to multiple groups use below command.
usermod -a -G group1,group2,group3 exampleusername