Alpine linux add user to group

How to add and delete users on Alpine Linux

How to add user in Alpine Linux

To create a new user account in Alpine, use the adduser command. The syntax is as follows to add a user in Alpine:
adduser
adduser [options]
Let us create a new user account named wendy using the adduser command, enter:
# adduser wendy
## if sudo admin configured use it ##
$ sudo adduser wendy

The adduser command would make /home/wendy/as the home directory for wendy user. Use the ls command to verify it:
# ls -ld /home/
# ls -ld /wendy/
Sample outputs:

Alpine Linux uses the /etc/passwd file to store all usernames and encrypted passwords stored in the /etc/shadow file.

Don’t create home directory

You can tell the adduser not to create home directory by passing the -H option:
# adduser -H wendy
We can set home directory path (default is /home/$USER/) too by passing the -h /path/to/home/dir option. For instance, set path to shared AWS /efs/ filesystem as follows:
# adduser -h /efs/home/wendy wendy

Login shell

By default /bin/ash is set as the login shell for all new users and /bin/sh for system users. On the most system, I install and use bash. So we are going to set /bin/bash (or any other shell from /etc/shells file )as a login shell:
# adduser -h /efs/home/wendy -s /bin/bash wendy
To list all shell use the cat command:
# cat /etc/shells
Finally, use the id command or directly query the /etc/passwd file using the grep command to verify that user account created on Alpine Linux:
# id < username >
# grep ‘^ username ‘ /etc/passwd
# id wendy
# grep ‘^wendy’ /etc/passwd

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

How to delete a user

Sometimes we don’t need a user account, and we can delete them from the CLI.

Delete a user account from the command Line

To remove users on Alpine use the deluser command. The syntax is:
# deluser [—remove-home]
To delete user named ‘wendy’ from the system, run:
# deluser wendy
One can remove the user and its home directory, including all other data as follows:
# deluser —remove-home wendy
And there you have it, we added and deleted users on Alpine Linux using the CLI.

Conclusion

This page explained how to add and remove users in Alpine Linux using the command line method. See Alpine Linux home page here for more info.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

User:Przemoc/Todo/Users and groups for AL 3.4

What I wanted to do and did before AL 3.4 release and some fixing done afterwards.

Contents

Pre-install/upgrade scripts

Improvements

Make all packages create only system users and groups

(MOSTLY DONE) Call adduser and addgroup with -S option in pre-install/upgrade scripts. It’s mostly done already and only mostly, because 1) some new packages might have been added that aren’t using -S yet and 2) it introduced problems, which aren’t fully fixed yet.

System user creation doesn’t add same named group and uses nogroup as primary group unless explicitly specified via -G .

It means that system user creation ( adduser with -S option present) differs from normal user creation ( adduser without -S option) in more ways than the range of used UIDs and the default GECOS field.

Normal user, when created via adduser , gets its own automatically created group, and this group becomes primary group of that user. Group creation can be avoided if -G option is used, but then already existing group has to be provided there.

System user, when created via adduser , never gets its own automatically created group and by default primary group of that user becomes group called nogroup , unless -G option is used to provide other already existing group.

It was part of patch set:

Corrections

Fix problems introduced by adding -S to adduser

(MOSTLY DONE) I somehow overlooked different adduser behavior explained in above note and thus my sole adding of -S to adduser calls in commit ccc056dbf9d3 (i.e. without proper -G option and preceding addgroup call when needed) proved to be drastic in effects, i.e. status quo has not been preserved, because primary groups of those users in new Alpine Linux installations has been changed. Alpine Linux 3.4.0 is affected by this.

Lesson relearned. Beware of such small and allegedly «cosmetic» changes!

Pre-install/upgrade scripts are already mostly fixed in master branch of aports repository.

Packages creating users that were badly touched by commit ccc056dbf9d3 and should have been already fixed:

• community/caddy
• community/domoticz
• community/oscam
• community/syncthing
• main/apache2
• main/aports-build
• main/atheme-iris
• main/clamav
• main/clamsmtp
• main/coova-chilli
• main/dhcp
• main/djbdns
• main/dovecot
• main/ez-ipupdate
• main/fetchmail
• main/freeswitch
• main/gitolite
• main/gnats
• main/gross
• main/icecast
• main/lighttpd
• main/memcached
• main/ngircd
• main/nrpe
• main/openntpd
• main/postgrey
• main/snort
• main/squid
• main/transmission
• main/znc
• testing/at
• testing/dbmail
• testing/dspam
• testing/opensips
• testing/pdns
• testing/qpage
• testing/rrdbot
• testing/wt

My commits fixing them are:

They are (apart from the first one) part of patch set:

Patches for main and community are already cherry-picked in 3.4-stable branch as of 2016-06-20.

Following packages were overlooked before:

• testing/buildbot
• testing/buildbot-slave
• testing/clapf

My commit fixing them is:

It is part of patch set:

Fix problems for those who already installed above mentioned packages in Alpine Linux 3.4.0

Fixes in previous sections work only for people that haven’t installed above mentioned packages within Alpine Linux 3.4.0. Even package removal and reinstallation is not enough, because old entries in /etc/passwd and /etc/group remain. You can remove these old entries before reinstallation using deluser , but before that you have to find all the files owned by that user ( find / -user NAME ) to fix ownership after package reinstallation, as group id will change and user id may change.

We cannot and shouldn’t do such invasive changes in automatic way during upgrade.

I wanted to at least add missing groups and add users to them via upgrades in AL 3.4. (Mind that such users’s primary group will not be changed either, i.e. from nogroup , because user could have changed it on her/his own.) But there wasn’t much interest, even though I provided some patches, like for below examples (so called AL 3.4 band-aids for ccc056dbf9d3 in .pre-* script).

Examples of known problems for people upgrading from Alpine Linux 3.4.0:

• main/apache2: No apache group. (Default config uses apache:apache , so daemon won’t start.)
• main/lighttpd: No lighttpd group.

I consider this topic in the context of AL 3.4 closed.

Источник

Setting up a new user

The root account should be used only for local administrative purposes that require elevated access permissions.

This page shows how to create non-privileged user accounts. i.e. those used for daily work, including desktop use and remote logins.

Contents

Overview

Creating user accounts provides users with their own $HOME directory and allows you (the root user) to limit the access those user accounts have to the operating system configuration files.

Using them increases security, because they limit possible actions and thus possible damage (even from accidental errors).

Creating a new user

• Either the /home filesystem needs to be mounted from a writable partition, or
• the /home directories have to be added to the lbu backup, and a new local backup needs to be committed after creating the user:

# lbu include /home # lbu commit

(Not recommended, as reverting to an older .apkovl will also revert the files in /home).

Regular user accounts can be created with:

By default, adduser will:

• prompt you to set a password for the new user
• create a home directory in /home/
• set the shell to the one used by the root account (ash by default)
• assign user ID and group ID starting at 1000
• set the GECOS (full name) field to «Linux User. «

This can be very useful to specify. Setting this string — at least equal to the username — makes the user distinguishable, e.g. when they are listed at the login screen of a display manager.

Only if elogind is not being used and running, then X users would need to be added to the video and input groups to be able to work with a graphical display.

If a user really must be allowed to have access to the root account, the can be added to the wheel group, doas («do as») may be installed, and the group «wheel» can be allowed to become root:

• Many desktop environments and file browsers support using admin:/// in their address bars, to access files through a local gvfs-admin mount
• doasedit or sudoedit enables starting an editor with a temporary copy of a file, which overwrites the original file after the user modifies and saves it. For example, sudoedit /etc/apk/lbu.conf

The sudo package is an alternative to using the BSD-like doas , but is a much larger package. It may be used as follows: adding a custom user configuration file to avoid having to deal with manually changing configuration files later during package upgrades.

The new user gets listed in

Contents of /etc/passwd

Now you should be able to issue the command exit and login to the new account.

Options

adduser

Usage (from «man busybox»):

If —ingroup isn’t set, (default) the new user is assigned a new GID that matches the UID. If the GID corresponding to a provided UID already exists, adduser will fail.

This ensures new users default to having a «user’s private group» (UPG) as primary group. These allow the system to use a permission umask (002), which creates new files automatically as group-writable, but only by the user’s private group. In special set-group-id (collaboration) directories, new files can be automatically created writable by the directory’s group.

addgroup

Usage (from «man busybox»):

Legacy

Common permission groups

• disk:x:6:root,adm needed only for use vith virtual machines and access to other partitions.
• lp:x:7:lp needed for printing services and printers management.
• wheel:x:10:root Administrator group, members can use sudo to run commands as root if enabled in the sudo configuration.
• floppy:x:11:root Backward compatible group. Use only if access to special external devices is needed.
• audio:x:18: Needed for audio listening and management of sound volume as normal user.
• cdrom:x:19: For access to CD/DVD/BR writers and mounting DVD, BR or CD rom disk as normal user.
• dialout:x:20:root Needed for dialing private connections and use of modems as normal user.
• tape:x:26:root Needed if you’re planning to use special devices for backup. Rare. Ususally used only on servers.
• video:x:27:root For usage of cameras, more than one GPU special features, as normal user.
• netdev:x:28: For network connections management as normal user.
• kvm:x:34:kvm Only if a normal user will manage virtual machines via a GUI. Rare. Ususally used only on servers.
• games:x:35: Needed if you want to play games. Especially if sharing scores between users.
• cdrw:x:80: Needed to write RW-DVD, RW-BR or RW-CD disk on a disk writing device.
• apache:x:81: Needed if you do development as normal user and want to publish locally on web server.
• usb:x:85: Needed to access to special usb devices. Deprecated group.
• users:x:100:games Needed if you plan to use common files for all users. Mandatory for desktop usage.

Old newbie notes

User creation and defaults

The following commands will set up root environment login, then assign a new password:

By default, remote management cannot be done directly with the root account. Because of SSH security we need to set up a remote connection account that will be used to switch to the root user via the su command, once connected.

Here’s an example: create user named «remote» and a user named «general». We will set up a hardened, limited, user environment and create those two users:

Note that those users are created with minimal privilege settings.

User management and system access

By default, a newly created user will not have enough privileges for most desktop purposes.

To add newly created users to groups that may come in handy for desktop useage, you run this command as root:

Источник

Linux Add User To Group Using Command-Line

1. Primary user group. – It is the group that applied to you when login. Typically it is same as your login name. All of your process and files (including directories/folders) would have your primary group as the group membership. The primary group allows private group membership and security features. Your files or process cannot access by other group members or users on the Linux system.
2. Secondary or supplementary user group – Users can be a member of other groups on the Linux system. It is useful for file sharing and other purposes. A sysadmin can fine-tune security too. For example, if you are a member of a secondary group called cdrom, you can mount and unmout cd-rom drive.

Tutorial details
Difficulty level	Intermediate
Root privileges	Yes
Requirements	usermod/useradd
Est. reading time	5 minutes

How to add user to group in Linux

Please note that all user accounts related information are stored in the following files:

1. /etc/passwd – Contains one line for each user account.
2. /etc/shadow – Contains the password information in encrypted formatfor the system’s accounts and optional account aging information.
3. /etc/group – Defines the groups on the system.
4. /etc/default/useradd – This file contains a value for the default group, if none is specified by the useradd command.
5. /etc/login.defs – This file defines the site-specific configuration for the shadow password suite stored in /etc/shadow file.

We do not modify these files by hand. Instead, we add a user to a group in Linux using various commands.

Linux command to add user to group

Open the terminal and then type:

1. Add a new user called jerry to secondary group named cartoons on Linux:
   sudo useradd -G cartoons jerry
2. Want to add a new user called tom to primary group called cartoons? Run:
   useradd -g cartoons tom
3. We can add a existing user named spike to existing group named cartoons in Linux:
   useradd -g cartoons spike

How to become a root user

You must run all command as root user. To become a root user run:
su —
Alternatively use sudo command:
sudo -i

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Add a new user to secondary group using useradd

You need to the useradd command to add new users to existing group (or create a new group and then add user). If group does not exist, create it. The syntax is as follows:
useradd -G < group-name >username
In this example, create a new user called vivek and add it to group called developers. First, make sure group developers exists using grep command:
# grep «^developers» /etc/group
Sample outputs:

If you do not see any output then you need to add group developers using the groupadd command:
# sudo groupadd developers
Verify that user vivek does not exists:
# grep «^vivek» /etc/passwd
You should not see any outputs from above command. Finally, add a new user called vivek to group developers:
# useradd -G developers vivek
Setup password for user vivek:
# passwd vivek
Ensure that user added properly to group developers:
# id vivek
Sample outputs:

Please note that capital G ( -G ) option add user to a list of supplementary groups. Each group is separated from the next by a comma, with no intervening whitespace. For example, add user jerry to groups admins, ftp, www, and developers, enter:
# useradd -G admins,ftp,www,developers jerry

How to add a new user to primary group using useradd

How to add a existing user to existing group using usermod

Add existing user tony to ftp supplementary/secondary group with the usermod command using the -a option

i.e. add the user to the supplemental group(s). Use only with -G option:
# usermod -a -G ftp tony
In this example, change tony user’s primary group to www, enter:
# usermod -g www tony

usermod command options summary

Option	Purpose
-a —append	Add the user to the supplementary group(s). Use only with the -G option.
-g GROUP —gid GROUP	Use this GROUP as the default group.
-G GRP1,GRP2 —groups GRP1,GRP2	Add the user to GRP1,GRP2 secondary group.

A note about security

If you add or delete user to existing group, you must change the owner of any crontab files or at jobs manually. You must make any changes involving NIS on the NIS server too.

A note about GUI tool

You will probably find the use of the GUI tool easy. KDE user can use KUser tool and the GNOME user can use users-admin:

users-admin is part of the GNOME system tools, a set of tools to easily access and manage system configuration

One can easily add users as follows from the gnome 3 settings on a Debian/Ubuntu Linux:

Fedora/RHEL/CentOS user can use system-config-users command as follows
# system-config-users
$ ssh -X -t vivek@server1.cyberciti.biz sudo system-config-users
Sample outputs:

Click on the Groups tab to add or view groups:

Summing up

You learned how to add a new or existing user to group on Linux operating systems. For more information type the following command at the shell prompt to read man pages:
$ man usermod
$ man useradd

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник