Note:

• This tutorial is available in an Oracle-provided free lab environment.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Create Users and Groups on Oracle Linux

Introduction

When administering a Linux system, you will eventually need to create users and groups, whether for a particular software installation or to perform a specific task. As for groups, it’s a great way to control directory access.

Objectives

In this tutorial, you will learn how to:

• Create a new user and explore the user’s home directory
• Create a new group and add a user to the group
• Utilize the user private group scheme and implement write access to a directory
• Administer the sudo command for granting root privileges

Prerequisites

• Minimum of a single Oracle Linux system

• Each system should have Oracle Linux installed and configured with:

  • A non-root user account with sudo access
  • Access to the Internet

Deploy Oracle Linux

Note: If running in your own tenancy, read the linux-virt-labs GitHub project README.md and complete the prerequisites before deploying the lab environment.

1. Open a terminal on the Luna Desktop.

2. Clone the linux-virt-labs GitHub project.

   git clone https://github.com/oracle-devrel/linux-virt-labs.git
   

3. Change into the working directory.

   cd linux-virt-labs/ol
   

4. Install the required collections.

   ansible-galaxy collection install -r requirements.yml
   

5. Deploy the lab environment.

   ansible-playbook create_instance.yml -e localhost_python_interpreter="/usr/bin/python3.6"
   

   The free lab environment requires the extra variable local_python_interpreter, which sets ansible_python_interpreter for plays running on localhost. This variable is needed because the environment installs the RPM package for the Oracle Cloud Infrastructure SDK for Python, located under the python3.6 modules.

   The default deployment shape uses the AMD CPU and Oracle Linux 8. To use an Intel CPU or Oracle Linux 9, add -e instance_shape="VM.Standard3.Flex" or -e os_version="9" to the deployment command.

   Important: Wait for the playbook to run successfully and reach the pause task. At this stage of the playbook, the installation of Oracle Linux is complete, and the instances are ready. Take note of the previous play, which prints the public and private IP addresses of the nodes it deploys and any other deployment information needed while running the lab.

Administer User Accounts

1. Open a terminal and connect via SSH to the ol-node-01 instance.

   ssh oracle@<ip_address_of_instance>
   

2. Become the root user.

   sudo su -
   

3. As the root user, add a user named alice.

   useradd alice
   

   This command adds the user to the /etc/passwd file.

4. View the alice entry in the /etc/passwd file.

   grep alice /etc/passwd
   

   Example Output:

   alice:x:1002:1002::/home/alice:/bin/bash
   

   The output shows:

   • The new user’s UID and GID are the same (1002)
   • Creation of a home directory for the new user (/home/alice)
   • The default shell for the new user is /bin/bash

5. View the home directories.

   ls -l /home
   

   Example Output:

   total 0
   drwx------. 2 alice  alice  62 Aug 18 09:50 alice
   drwx------. 4 opc    opc    90 Aug 18 09:48 opc
   drwx------. 3 oracle oracle 74 Aug 18 09:48 oracle
   

   The opc and oracle users already exist in this example.

   The useradd command creates a home directory for the new user because the CREATE_HOME parameter in /etc/login.defs is set to yes.

6. View the CREATE_HOME parameter in the /etc/login.defs file.

   grep CREATE_HOME /etc/login.defs
   

   Example Output:

   CREATE_HOME	yes
   

7. View the default settings for a new user, stored in /etc/default/useradd.

   cat /etc/default/useradd
   

   Example Output:

   # useradd defaults file
   GROUP=100
   HOME=/home
   INACTIVE=-1
   EXPIRE=
   SHELL=/bin/bash
   SKEL=/etc/skel
   CREATE_MAIL_SPOOL=yes
   
   

   The SKEL parameter sets the location of the background or skeleton definition to /etc/skel, which provides what a new user’s home directory will look like.

8. View the contents of the /etc/skel directory.

   ls -la /etc/skel
   

   Example Output:

   total 24
   drwxr-xr-x.   2 root root   62 Jun 20 15:48 .
   drwxr-xr-x. 116 root root 8192 Aug 18 09:56 ..
   -rw-r--r--.   1 root root   18 Aug  2  2022 .bash_logout
   -rw-r--r--.   1 root root  141 Aug  2  2022 .bash_profile
   -rw-r--r--.   1 root root  376 Aug  2  2022 .bashrc
   

9. View the contents of the alice home directory.

   ls -la /home/alice
   

   Example Output:

   total 12
   drwx------. 2 alice alice  62 Aug 18 09:50 .
   drwxr-xr-x. 5 root  root   44 Aug 18 09:50 ..
   -rw-r--r--. 1 alice alice  18 Aug  2  2022 .bash_logout
   -rw-r--r--. 1 alice alice 141 Aug  2  2022 .bash_profile
   -rw-r--r--. 1 alice alice 376 Aug  2  2022 .bashrc
   

   The system copies the contents of SKEL (/etc/skel) to the new user’s home directory.

10. View the new alice entry in the /etc/group file.

    grep alice /etc/group
    

    Example Output:

    alice:x:1002:
    

    When creating the new alice user, the system creates a new private group (alice, GID=1001) because Oracle Linux uses a user private group (UPG) scheme.

11. Modify GECOS information for the alice user.

    View the alice entry in the /etc/passwd file before and after modifying GECOS information.

    grep alice /etc/passwd
    usermod -c "Alice Smith" alice
    grep alice /etc/passwd
    

    Example Output:

    [root@ol-server ~]# grep alice /etc/passwd
    alice:x:1002:1002::/home/alice:/bin/bash
    [root@ol-server ~]# usermod -c "Alice Smith" alice
    [root@ol-server ~]# grep alice /etc/passwd
    alice:x:1002:1002:Alice Smith:/home/alice:/bin/bash
    [root@ol-server ~]#
    

12. Create a password of AB*gh246 for the alice user.

    View the alice entry in the /etc/shadow file before and after creating a password for alice.

    grep alice /etc/shadow
    passwd alice
    grep alice /etc/shadow
    

    Example Output:

    [root@ol-server ~]# grep alice /etc/shadow
    alice:!!:19587:0:99999:7:::
    [root@ol-server ~]# passwd alice
    Changing password for user alice.
    New password: 
    Retype new password: 
    passwd: all authentication tokens updated successfully.
    [root@ol-server ~]# grep alice /etc/shadow
    alice:$6$Ulba2YCfMyrwZC8V$J0jWtJmaOa1vKN2yywyiN4AQpWfg1gDd6Duzm.TWEWHwFDYcxjjIuF2qrIO7rk8LsEBm6s//mgKa5jbqhfT9E.:19587:0:99999:7:::
    [root@ol-server ~]# 
    

    The !! for alice is replaced with a hashed password value.

13. Exit the root login and log in as the alice user.

    Provide the password of AB*gh246 when prompted.

    exit
    su - alice
    

    Example Output:

    [root@ol-server ~]# exit
    logout
    [oracle@ol-server ~]$ su - alice
    Password: 
    [alice@ol-server ~]$ 
    

14. Verify you are the alice user and your current directory is the alice user’s home directory.

    whoami
    pwd
    

    Example Output:

    [alice@ol-server ~]$ whoami
    alice
    [alice@ol-server ~]$ pwd
    /home/alice
    

15. Exit the alice user’s shell and become the root user.

    exit
    sudo su -
    

    Example Output:

    [alice@ol-server ~]$ exit
    logout
    [oracle@ol-server ~]$ sudo su -
    Last login: Fri Aug 18 09:50:03 GMT 2023 on pts/0
    [root@ol-server ~]# 
    

16. As the root user, add a user named mynewuser1 which is used later in this tutorial.

    useradd mynewuser1
    

17. Create a password of XY*gh579 for the mynewuser1 user.

    passwd mynewuser1
    

    Example Output:

    [root@ol-server ~]# passwd mynewuser1
    Changing password for user mynewuser1.
    New password: 
    Retype new password: 
    passwd: all authentication tokens updated successfully.
    

Administer Group Accounts

1. As the root user, add a group named staff.

   groupadd staff
   

   This command adds the group to the /etc/group file.

2. View the last 10 entries in the /etc/group file.

   tail /etc/group
   

   Example Output:

   [root@ol-server ~]# tail /etc/group
   sshd:x:74:
   slocate:x:21:
   tcpdump:x:72:
   oracle-cloud-agent:x:985:oracle-cloud-agent,oracle-cloud-agent-updater,ocarun
   pcp:x:984:
   opc:x:1000:
   oracle:x:1001:
   alice:x:1002:
   mynewuser1:x:1003:
   staff:x:1004:
   [root@ol-server ~]# 
   

   The new group’s GID (1004) is incremented by one.

3. Add the alice user to the staff group.

   View the staff group entry in the /etc/group file.

   usermod -aG 1004 alice
   grep staff /etc/group
   

   Example Output:

   [root@ol-server ~]# usermod -aG 1004 alice
   [root@ol-server ~]# grep staff /etc/group
   staff:x:1004:alice
   

   The alice user has a secondary group membership in the staff group.

4. View the primary group membership for alice.

   grep alice /etc/passwd
   

   Example Output:

   [root@ol-server ~]# grep alice /etc/passwd
   alice:x:1002:1002:Alice Smith:/home/alice:/bin/bash
   

   The alice user’s primary group is still 1002.

Implement User Private Groups

1. As the root user, create the /staff directory.

   mkdir /staff
   

2. View the /staff directory and its permissions.

   ls -ld /staff
   

   Example Output:

   [root@ol-server ~]# ls -ld /staff
   drwxr-xr-x. 2 root root 6 Aug 18 11:23 /staff
   

3. Change group ownership for the /staff directory to the staff group.

   The -R option (recursive) sets the group for files and directories within /staff. After changing the group ownership, view the /staff directory and its permissions.

   chgrp -R staff /staff
   ls -ld /staff
   

   Example Output:

   [root@ol-server ~]# chgrp -R staff /staff
   [root@ol-server ~]# ls -ld /staff
   drwxr-xr-x. 2 root staff 6 Aug 18 11:23 /staff
   [root@ol-server ~]# 
   

   The owner of the /staff directory is still root, but the group is now staff.

4. Set the setgid bit on the /staff directory.

   Then, view the permissions on the /staff directory.

   chmod -R 2775 /staff
   ls -ld /staff
   

   Example Output:

   [root@ol-server ~]# chmod -R 2775 /staff
   [root@ol-server ~]# ls -ld /staff
   drwxrwsr-x. 2 root staff 6 Aug 18 11:23 /staff
   

   The group permissions on the /staff directory have changed.

5. Add the mynewuser1 user to the staff group.

   View the staff entry in the /etc/group file after adding the mynewuser1 user.

   usermod -aG staff mynewuser1
   grep staff /etc/group
   

   Example Output:

   [root@ol-server ~]# usermod -aG staff mynewuser1
   [root@ol-server ~]# grep staff /etc/group
   staff:x:1004:alice,mynewuser1
   

   Both alice and mynewuser1 users have secondary group membership in the staff group.

6. Become the mynewuser1 user.

   You are not prompted for the mynewuser1 user’s password because you currently are the root user. Verify you are the mynewuser1 user and your current directory is the mynewuser1 user’s home directory.

   su - mynewuser1
   whoami
   pwd
   

   Example Output:

   [root@ol-server ~]# su - mynewuser1
   [mynewuser1@ol-server ~]$ whoami
   mynewuser1
   [mynewuser1@ol-server ~]$ pwd
   /home/mynewuser1
   

7. Display group membership for the mynewuser1 user.

   groups
   

   Example Output:

   [mynewuser1@ol-server ~]$ groups
   mynewuser1 staff
   

   The mynewuser1 user belongs to two groups - mynewuser1 and staff.

8. Change to the /staff directory.

   Create a new file in the /staff directory named mynewuser1_file. Display the permissions and ownership of the new file.

   cd /staff
   touch mynewuser1_file
   ls -l mynewuser1_file
   

   Example Output:

   [mynewuser1@ol-server ~]$ cd /staff
   [mynewuser1@ol-server staff]$ touch mynewuser1_file
   [mynewuser1@ol-server staff]$ ls -l mynewuser1_file
   -rw-rw-r--. 1 mynewuser1 staff 0 Aug 18 11:40 mynewuser1_file
   

   The permissions are read/write for the staff group.

9. Become the alice user.

   Provide the password of AB*gh246 when prompted. Verify you are the alice user.

   su - alice
   whoami
   

   Example Output:

   [mynewuser1@ol-server staff]$ su - alice
   Password: 
   Last login: Fri Aug 18 11:10:13 GMT 2023 on pts/0
   [alice@ol-server ~]$ whoami
   alice
   [alice@ol-server ~]$  
   

10. Display group membership for the alice user.

    groups
    

    Example Output:

    [alice@ol-server ~]$ groups
    alice staff
    [alice@ol-server ~]$  
    

    The alice user belongs to two groups - alice and staff.

11. Change to the /staff directory.

    Create a new file in the /staff directory named alice_file. Display the permissions and ownership of the new files.

    cd /staff
    touch alice_file
    ls -l
    

    Example Output:

    [alice@ol-server ~]$ cd /staff
    [alice@ol-server staff]$ touch alice_file
    [alice@ol-server staff]$ ls -l
    total 0
    -rw-rw-r--. 1 alice      staff 0 Aug 18 12:09 alice_file
    -rw-rw-r--. 1 mynewuser1 staff 0 Aug 18 12:06 mynewuser1_file
    

    The permissions are read/write on both files for the staff group.

12. As the alice user, use the touch command to update the time stamp on the mynewuser1_file.

    View the files to verify the time has changed.

    touch mynewuser1_file
    ls -l
    

    Example Output:

    [alice@ol-server staff]$ touch mynewuser1_file
    [alice@ol-server staff]$ ls -l
    total 0
    -rw-rw-r--. 1 alice      staff 0 Aug 18 12:09 alice_file
    -rw-rw-r--. 1 mynewuser1 staff 0 Aug 18 12:11 mynewuser1_file
    

    Updating the time stamp implies file write permissions on the file as the alice user, even though the mynewuser1 user created the file.

13. Exit both the alice user’s shell and the mynewuser1 user’s shell, to return to the root user’s shell.

    Verify that you are the root user.

    exit
    exit
    whoami
    

    Example Output:

    [alice@ol-server staff]$ exit
    logout
    [mynewuser1@ol-server staff]$ exit
    logout
    [root@ol-server ~]# whoami
    root
    

Option 1: Create a New File in the /etc/sudoers.d Directory

This method is the preferred way to grant sudo privilege to a user. It also is more straightforward to automate in a script and takes effect without the user having to log out and back in again.

1. Become the root user and create the user’s sudoer file.

   sudo tee /etc/sudoers.d/200-alice > /dev/null << EOF
   alice ALL =(ALL) NOPASSWD: ALL
   EOF
   
   

Option 2: Grant Elevated Privileges to a User

1. As the root user, view the wheel entry in the /etc/sudoers file.

   grep wheel /etc/sudoers
   

   Example Output:

   ## Allows people in group wheel to run all commands
   %wheel	ALL=(ALL)	ALL
   # %wheel	ALL=(ALL)	NOPASSWD: ALL
   

   The %wheel ALL=(ALL) ALL entry in the /etc/sudoers file allows any member of the wheel group to execute any command when preceded by sudo.

2. Add the alice user to the wheel group.

   Confirm the alice user is in the wheel group.

   usermod -aG wheel alice
   grep wheel /etc/group
   

   Example Output:

   [root@ol-server ~]# usermod -aG wheel alice
   [root@ol-server ~]# grep wheel /etc/group
   wheel:x:10:oracle,alice
   

   User alice has a secondary group membership in the wheel group.

3. Become the alice user.

   You are not prompted for the alice user’s password because you currently are the root user. Verify you become the alice user.

   su - alice
   whoami
   

   Example Output:

   [root@ol-server ~]# su - alice
   Last login: Fri Aug 18 13:09:18 GMT 2023 on pts/0
   [alice@ol-server ~]$ whoami
   alice
   

4. As the alice user, add anotheruser2 using the sudo useradd command.

   Provide the password of AB*gh246 if prompted.

   sudo useradd anotheruser2
   

   Example Output:

   [alice@ol-server ~]$ sudo useradd anotheruser2
   [sudo] password for alice: 
   

5. Verify anotheruser2 was added.

   The ls command fails until you insert sudo. This step confirms the alice user has sudo privileges.

   grep anotheruser2 /etc/passwd
   ls -la /home/anotheruser2
   sudo ls -la /home/anotheruser2
   

   Example Output:

   [alice@ol-server ~]$ grep anotheruser2 /etc/passwd
   anotheruser2:x:1005:1006::/home/anotheruser2:/bin/bash
   [alice@ol-server ~]$ ls -la /home/anotheruser2
   ls: cannot open directory '/home/anotheruser2': Permission denied
   [alice@ol-server ~]$ sudo ls -la /home/anotheruser2
   total 12
   drwx------. 2 anotheruser2 anotheruser2  62 Aug 18 13:14 .
   drwxr-xr-x. 8 root         root         101 Aug 18 13:14 ..
   -rw-r--r--. 1 anotheruser2 anotheruser2  18 Aug  2  2022 .bash_logout
   -rw-r--r--. 1 anotheruser2 anotheruser2 141 Aug  2  2022 .bash_profile
   -rw-r--r--. 1 anotheruser2 anotheruser2 376 Aug  2  2022 .bashrc 
   

Next Steps

This tutorial shows how to create users and groups on Oracle Linux. These users and groups can access the system and resources based on their permissions. For further topics and training, see the Related Links section below.

Related Links

• Oracle Linux Documentation
• Oracle Linux Training Station

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Create Users and Groups on Oracle Linux

F37531-13

August 2024

Copyright ©2021,

Oracle and/or its affiliates.