Ubuntu: Add User Accounts on Ubuntu 24.04: Creating and Managing Users, User Privileges & Sudo Access, Password Policies
Adding and managing user accounts on Ubuntu is essential for security and multi-user operations. This article covers how to create users, manage user privileges including sudo access, and configure password policies for best practices.
1. Creating and Managing User Accounts
Create a new user:
sudo adduser username
- The adduser command prompts for a password and basic details (name, phone, etc.).
- User's home directory (e.g.,
/home/username) is created automatically.
List existing users:
cut -d: -f1 /etc/passwd
- This displays all user accounts defined on the system.
View user details:
id username
- Shows user ID (UID), group ID (GID), and group memberships.
Delete a user:
sudo deluser username
- Removes the user account (but keeps their home directory by default).
sudo deluser --remove-home username
- Also deletes the home directory and mail spool.
2. User Privileges and Sudo Access
By default, only users in the sudo group can execute commands as root using sudo.
Grant sudo privileges to a user:
sudo usermod -aG sudo username
- Adds the user to the
sudogroup for administrative access. - Changes take effect on the next login.
Verify sudo access:
sudo -l -U username
- Lists allowed sudo commands for the user.
Custom sudo rules:
Edit the /etc/sudoers file using visudo:
sudo visudo
Example: Give user alice permission to run all commands as root:
alice ALL=(ALL:ALL) ALL
Example: Only allow specific commands:
bob ALL=(ALL) /usr/bin/apt, /usr/bin/systemctl
3. Password Policies
Set or change a user’s password:
sudo passwd username
- Prompts for a new password for the specified user.
Enforce password complexity and rules:
Configure /etc/login.defs and /etc/pam.d/common-password.
Key settings in /etc/login.defs:
PASS_MAX_DAYS 90 # Maximum password age (in days)
PASS_MIN_DAYS 7 # Minimum days before password change allowed
PASS_MIN_LEN 8 # Minimum password length
PASS_WARN_AGE 14 # Days before password expires to warn the user
Example: Enforce password complexity using PAM
Open /etc/pam.d/common-password and use the pam_pwquality module:
password requisite pam_pwquality.so retry=3 minlen=12 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1
minlen=12: Minimum password length 12difok=3: Require 3 different character classesucredit=-1: At least one uppercase letterlcredit=-1: At least one lowercase letterdcredit=-1: At least one digitocredit=-1: At least one special character
Force password change on next login:
sudo chage -d 0 username
- User must change password at next login.
View password expiry information:
sudo chage -l username
Summary of Commands
| Action | Command |
|---|---|
| Create user | sudo adduser username |
| List users | cut -d: -f1 /etc/passwd |
| Grant sudo | sudo usermod -aG sudo username |
| Set password | sudo passwd username |
| Delete user | sudo deluser username |
| Change password expiry | sudo chage options username |
By following these steps, you can confidently manage user accounts, assign administrative privileges securely, and enforce robust password policies on your Ubuntu system.