Note:

Create Users and Groups on Oracle Linux

Introduction

When administering a Linux system, you will eventually need to create users and groups, whether for a particular software installation or to perform a specific task. As for groups, it’s a great way to control directory access.

Objectives

In this tutorial, you will learn how to:

Prerequisites

Deploy Oracle Linux

Note: If running in your own tenancy, read the linux-virt-labs GitHub project README.md and complete the prerequisites before deploying the lab environment.

  1. Open a terminal on the Luna Desktop.

  2. Clone the linux-virt-labs GitHub project.

    git clone https://github.com/oracle-devrel/linux-virt-labs.git
    
  3. Change into the working directory.

    cd linux-virt-labs/ol
    
  4. Install the required collections.

    ansible-galaxy collection install -r requirements.yml
    
  5. Deploy the lab environment.

    ansible-playbook create_instance.yml -e localhost_python_interpreter="/usr/bin/python3.6"
    

    The free lab environment requires the extra variable local_python_interpreter, which sets ansible_python_interpreter for plays running on localhost. This variable is needed because the environment installs the RPM package for the Oracle Cloud Infrastructure SDK for Python, located under the python3.6 modules.

    The default deployment shape uses the AMD CPU and Oracle Linux 8. To use an Intel CPU or Oracle Linux 9, add -e instance_shape="VM.Standard3.Flex" or -e os_version="9" to the deployment command.

    Important: Wait for the playbook to run successfully and reach the pause task. At this stage of the playbook, the installation of Oracle Linux is complete, and the instances are ready. Take note of the previous play, which prints the public and private IP addresses of the nodes it deploys and any other deployment information needed while running the lab.

Administer User Accounts

  1. Open a terminal and connect via SSH to the ol-node-01 instance.

    ssh oracle@<ip_address_of_instance>
    
  2. Become the root user.

    sudo su -
    
  3. As the root user, add a user named alice.

    useradd alice
    

    This command adds the user to the /etc/passwd file.

  4. View the alice entry in the /etc/passwd file.

    grep alice /etc/passwd
    

    Example Output:

    alice:x:1002:1002::/home/alice:/bin/bash
    

    The output shows:

    • The new user’s UID and GID are the same (1002)
    • Creation of a home directory for the new user (/home/alice)
    • The default shell for the new user is /bin/bash
  5. View the home directories.

    ls -l /home
    

    Example Output:

    total 0
    drwx------. 2 alice  alice  62 Aug 18 09:50 alice
    drwx------. 4 opc    opc    90 Aug 18 09:48 opc
    drwx------. 3 oracle oracle 74 Aug 18 09:48 oracle
    

    The opc and oracle users already exist in this example.

    The useradd command creates a home directory for the new user because the CREATE_HOME parameter in /etc/login.defs is set to yes.

  6. View the CREATE_HOME parameter in the /etc/login.defs file.

    grep CREATE_HOME /etc/login.defs
    

    Example Output:

    CREATE_HOME	yes
    
  7. View the default settings for a new user, stored in /etc/default/useradd.

    cat /etc/default/useradd
    

    Example Output:

    # useradd defaults file
    GROUP=100
    HOME=/home
    INACTIVE=-1
    EXPIRE=
    SHELL=/bin/bash
    SKEL=/etc/skel
    CREATE_MAIL_SPOOL=yes
    
    

    The SKEL parameter sets the location of the background or skeleton definition to /etc/skel, which provides what a new user’s home directory will look like.

  8. View the contents of the /etc/skel directory.

    ls -la /etc/skel
    

    Example Output:

    total 24
    drwxr-xr-x.   2 root root   62 Jun 20 15:48 .
    drwxr-xr-x. 116 root root 8192 Aug 18 09:56 ..
    -rw-r--r--.   1 root root   18 Aug  2  2022 .bash_logout
    -rw-r--r--.   1 root root  141 Aug  2  2022 .bash_profile
    -rw-r--r--.   1 root root  376 Aug  2  2022 .bashrc
    
  9. View the contents of the alice home directory.

    ls -la /home/alice
    

    Example Output:

    total 12
    drwx------. 2 alice alice  62 Aug 18 09:50 .
    drwxr-xr-x. 5 root  root   44 Aug 18 09:50 ..
    -rw-r--r--. 1 alice alice  18 Aug  2  2022 .bash_logout
    -rw-r--r--. 1 alice alice 141 Aug  2  2022 .bash_profile
    -rw-r--r--. 1 alice alice 376 Aug  2  2022 .bashrc
    

    The system copies the contents of SKEL (/etc/skel) to the new user’s home directory.

  10. View the new alice entry in the /etc/group file.

    grep alice /etc/group
    

    Example Output:

    alice:x:1002:
    

    When creating the new alice user, the system creates a new private group (alice, GID=1001) because Oracle Linux uses a user private group (UPG) scheme.

  11. Modify GECOS information for the alice user.

    View the alice entry in the /etc/passwd file before and after modifying GECOS information.

    grep alice /etc/passwd
    usermod -c "Alice Smith" alice
    grep alice /etc/passwd
    

    Example Output:

    [root@ol-server ~]# grep alice /etc/passwd
    alice:x:1002:1002::/home/alice:/bin/bash
    [root@ol-server ~]# usermod -c "Alice Smith" alice
    [root@ol-server ~]# grep alice /etc/passwd
    alice:x:1002:1002:Alice Smith:/home/alice:/bin/bash
    [root@ol-server ~]#
    
  12. Create a password of AB*gh246 for the alice user.

    View the alice entry in the /etc/shadow file before and after creating a password for alice.

    grep alice /etc/shadow
    passwd alice
    grep alice /etc/shadow
    

    Example Output:

    [root@ol-server ~]# grep alice /etc/shadow
    alice:!!:19587:0:99999:7:::
    [root@ol-server ~]# passwd alice
    Changing password for user alice.
    New password: 
    Retype new password: 
    passwd: all authentication tokens updated successfully.
    [root@ol-server ~]# grep alice /etc/shadow
    alice:$6$Ulba2YCfMyrwZC8V$J0jWtJmaOa1vKN2yywyiN4AQpWfg1gDd6Duzm.TWEWHwFDYcxjjIuF2qrIO7rk8LsEBm6s//mgKa5jbqhfT9E.:19587:0:99999:7:::
    [root@ol-server ~]# 
    

    The !! for alice is replaced with a hashed password value.

  13. Exit the root login and log in as the alice user.

    Provide the password of AB*gh246 when prompted.

    exit
    su - alice
    

    Example Output:

    [root@ol-server ~]# exit
    logout
    [oracle@ol-server ~]$ su - alice
    Password: 
    [alice@ol-server ~]$ 
    
  14. Verify you are the alice user and your current directory is the alice user’s home directory.

    whoami
    pwd
    

    Example Output:

    [alice@ol-server ~]$ whoami
    alice
    [alice@ol-server ~]$ pwd
    /home/alice
    
  15. Exit the alice user’s shell and become the root user.

    exit
    sudo su -
    

    Example Output:

    [alice@ol-server ~]$ exit
    logout
    [oracle@ol-server ~]$ sudo su -
    Last login: Fri Aug 18 09:50:03 GMT 2023 on pts/0
    [root@ol-server ~]# 
    
  16. As the root user, add a user named mynewuser1 which is used later in this tutorial.

    useradd mynewuser1
    
  17. Create a password of XY*gh579 for the mynewuser1 user.

    passwd mynewuser1
    

    Example Output:

    [root@ol-server ~]# passwd mynewuser1
    Changing password for user mynewuser1.
    New password: 
    Retype new password: 
    passwd: all authentication tokens updated successfully.
    

Administer Group Accounts

  1. As the root user, add a group named staff.

    groupadd staff
    

    This command adds the group to the /etc/group file.

  2. View the last 10 entries in the /etc/group file.

    tail /etc/group
    

    Example Output:

    [root@ol-server ~]# tail /etc/group
    sshd:x:74:
    slocate:x:21:
    tcpdump:x:72:
    oracle-cloud-agent:x:985:oracle-cloud-agent,oracle-cloud-agent-updater,ocarun
    pcp:x:984:
    opc:x:1000:
    oracle:x:1001:
    alice:x:1002:
    mynewuser1:x:1003:
    staff:x:1004:
    [root@ol-server ~]# 
    

    The new group’s GID (1004) is incremented by one.

  3. Add the alice user to the staff group.

    View the staff group entry in the /etc/group file.

    usermod -aG 1004 alice
    grep staff /etc/group
    

    Example Output:

    [root@ol-server ~]# usermod -aG 1004 alice
    [root@ol-server ~]# grep staff /etc/group
    staff:x:1004:alice
    

    The alice user has a secondary group membership in the staff group.

  4. View the primary group membership for alice.

    grep alice /etc/passwd
    

    Example Output:

    [root@ol-server ~]# grep alice /etc/passwd
    alice:x:1002:1002:Alice Smith:/home/alice:/bin/bash
    

    The alice user’s primary group is still 1002.

Implement User Private Groups

  1. As the root user, create the /staff directory.

    mkdir /staff
    
  2. View the /staff directory and its permissions.

    ls -ld /staff
    

    Example Output:

    [root@ol-server ~]# ls -ld /staff
    drwxr-xr-x. 2 root root 6 Aug 18 11:23 /staff
    
  3. Change group ownership for the /staff directory to the staff group.

    The -R option (recursive) sets the group for files and directories within /staff. After changing the group ownership, view the /staff directory and its permissions.

    chgrp -R staff /staff
    ls -ld /staff
    

    Example Output:

    [root@ol-server ~]# chgrp -R staff /staff
    [root@ol-server ~]# ls -ld /staff
    drwxr-xr-x. 2 root staff 6 Aug 18 11:23 /staff
    [root@ol-server ~]# 
    

    The owner of the /staff directory is still root, but the group is now staff.

  4. Set the setgid bit on the /staff directory.

    Then, view the permissions on the /staff directory.

    chmod -R 2775 /staff
    ls -ld /staff
    

    Example Output:

    [root@ol-server ~]# chmod -R 2775 /staff
    [root@ol-server ~]# ls -ld /staff
    drwxrwsr-x. 2 root staff 6 Aug 18 11:23 /staff
    

    The group permissions on the /staff directory have changed.

  5. Add the mynewuser1 user to the staff group.

    View the staff entry in the /etc/group file after adding the mynewuser1 user.

    usermod -aG staff mynewuser1
    grep staff /etc/group
    

    Example Output:

    [root@ol-server ~]# usermod -aG staff mynewuser1
    [root@ol-server ~]# grep staff /etc/group
    staff:x:1004:alice,mynewuser1
    

    Both alice and mynewuser1 users have secondary group membership in the staff group.

  6. Become the mynewuser1 user.

    You are not prompted for the mynewuser1 user’s password because you currently are the root user. Verify you are the mynewuser1 user and your current directory is the mynewuser1 user’s home directory.

    su - mynewuser1
    whoami
    pwd
    

    Example Output:

    [root@ol-server ~]# su - mynewuser1
    [mynewuser1@ol-server ~]$ whoami
    mynewuser1
    [mynewuser1@ol-server ~]$ pwd
    /home/mynewuser1
    
  7. Display group membership for the mynewuser1 user.

    groups
    

    Example Output:

    [mynewuser1@ol-server ~]$ groups
    mynewuser1 staff
    

    The mynewuser1 user belongs to two groups - mynewuser1 and staff.

  8. Change to the /staff directory.

    Create a new file in the /staff directory named mynewuser1_file. Display the permissions and ownership of the new file.

    cd /staff
    touch mynewuser1_file
    ls -l mynewuser1_file
    

    Example Output:

    [mynewuser1@ol-server ~]$ cd /staff
    [mynewuser1@ol-server staff]$ touch mynewuser1_file
    [mynewuser1@ol-server staff]$ ls -l mynewuser1_file
    -rw-rw-r--. 1 mynewuser1 staff 0 Aug 18 11:40 mynewuser1_file
    

    The permissions are read/write for the staff group.

  9. Become the alice user.

    Provide the password of AB*gh246 when prompted. Verify you are the alice user.

    su - alice
    whoami
    

    Example Output:

    [mynewuser1@ol-server staff]$ su - alice
    Password: 
    Last login: Fri Aug 18 11:10:13 GMT 2023 on pts/0
    [alice@ol-server ~]$ whoami
    alice
    [alice@ol-server ~]$  
    
  10. Display group membership for the alice user.

    groups
    

    Example Output:

    [alice@ol-server ~]$ groups
    alice staff
    [alice@ol-server ~]$  
    

    The alice user belongs to two groups - alice and staff.

  11. Change to the /staff directory.

    Create a new file in the /staff directory named alice_file. Display the permissions and ownership of the new files.

    cd /staff
    touch alice_file
    ls -l
    

    Example Output:

    [alice@ol-server ~]$ cd /staff
    [alice@ol-server staff]$ touch alice_file
    [alice@ol-server staff]$ ls -l
    total 0
    -rw-rw-r--. 1 alice      staff 0 Aug 18 12:09 alice_file
    -rw-rw-r--. 1 mynewuser1 staff 0 Aug 18 12:06 mynewuser1_file
    

    The permissions are read/write on both files for the staff group.

  12. As the alice user, use the touch command to update the time stamp on the mynewuser1_file.

    View the files to verify the time has changed.

    touch mynewuser1_file
    ls -l
    

    Example Output:

    [alice@ol-server staff]$ touch mynewuser1_file
    [alice@ol-server staff]$ ls -l
    total 0
    -rw-rw-r--. 1 alice      staff 0 Aug 18 12:09 alice_file
    -rw-rw-r--. 1 mynewuser1 staff 0 Aug 18 12:11 mynewuser1_file
    

    Updating the time stamp implies file write permissions on the file as the alice user, even though the mynewuser1 user created the file.

  13. Exit both the alice user’s shell and the mynewuser1 user’s shell, to return to the root user’s shell.

    Verify that you are the root user.

    exit
    exit
    whoami
    

    Example Output:

    [alice@ol-server staff]$ exit
    logout
    [mynewuser1@ol-server staff]$ exit
    logout
    [root@ol-server ~]# whoami
    root
    

Option 1: Create a New File in the /etc/sudoers.d Directory

This method is the preferred way to grant sudo privilege to a user. It also is more straightforward to automate in a script and takes effect without the user having to log out and back in again.

  1. Become the root user and create the user’s sudoer file.

    sudo tee /etc/sudoers.d/200-alice > /dev/null << EOF
    alice ALL =(ALL) NOPASSWD: ALL
    EOF
    
    

Option 2: Grant Elevated Privileges to a User

  1. As the root user, view the wheel entry in the /etc/sudoers file.

    grep wheel /etc/sudoers
    

    Example Output:

    ## Allows people in group wheel to run all commands
    %wheel	ALL=(ALL)	ALL
    # %wheel	ALL=(ALL)	NOPASSWD: ALL
    

    The %wheel ALL=(ALL) ALL entry in the /etc/sudoers file allows any member of the wheel group to execute any command when preceded by sudo.

  2. Add the alice user to the wheel group.

    Confirm the alice user is in the wheel group.

    usermod -aG wheel alice
    grep wheel /etc/group
    

    Example Output:

    [root@ol-server ~]# usermod -aG wheel alice
    [root@ol-server ~]# grep wheel /etc/group
    wheel:x:10:oracle,alice
    

    User alice has a secondary group membership in the wheel group.

  3. Become the alice user.

    You are not prompted for the alice user’s password because you currently are the root user. Verify you become the alice user.

    su - alice
    whoami
    

    Example Output:

    [root@ol-server ~]# su - alice
    Last login: Fri Aug 18 13:09:18 GMT 2023 on pts/0
    [alice@ol-server ~]$ whoami
    alice
    
  4. As the alice user, add anotheruser2 using the sudo useradd command.

    Provide the password of AB*gh246 if prompted.

    sudo useradd anotheruser2
    

    Example Output:

    [alice@ol-server ~]$ sudo useradd anotheruser2
    [sudo] password for alice: 
    
  5. Verify anotheruser2 was added.

    The ls command fails until you insert sudo. This step confirms the alice user has sudo privileges.

    grep anotheruser2 /etc/passwd
    ls -la /home/anotheruser2
    sudo ls -la /home/anotheruser2
    

    Example Output:

    [alice@ol-server ~]$ grep anotheruser2 /etc/passwd
    anotheruser2:x:1005:1006::/home/anotheruser2:/bin/bash
    [alice@ol-server ~]$ ls -la /home/anotheruser2
    ls: cannot open directory '/home/anotheruser2': Permission denied
    [alice@ol-server ~]$ sudo ls -la /home/anotheruser2
    total 12
    drwx------. 2 anotheruser2 anotheruser2  62 Aug 18 13:14 .
    drwxr-xr-x. 8 root         root         101 Aug 18 13:14 ..
    -rw-r--r--. 1 anotheruser2 anotheruser2  18 Aug  2  2022 .bash_logout
    -rw-r--r--. 1 anotheruser2 anotheruser2 141 Aug  2  2022 .bash_profile
    -rw-r--r--. 1 anotheruser2 anotheruser2 376 Aug  2  2022 .bashrc 
    

Next Steps

This tutorial shows how to create users and groups on Oracle Linux. These users and groups can access the system and resources based on their permissions. For further topics and training, see the Related Links section below.

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.