Groups
Create group: sudo groupadd <group>
List users in the group: getent group <group>
If <group> missing all the groups are listed with users.
Attention: the user is not listed if the group is his main group! The only supplementary groups’ members displayed.
List groups, the user is in: groups <user>
If <user> is omitted, the groups for the current user are listed.
Change main group: sudo usermod -a -g <new group> <user>
Add user to a group: sudo usermod -a -G <supplementary groups list> <user>
If -a missed, the user gets removed from any other group, not listed after -G (way to remove user from a group by pointing new groups list for user to stay in).
Add/Remove user from group: sudo gpasswd -a/-d <user> <group>
More “low-level” way is to edit /etc/group file manually.
Users
List existing users: getent passwd
Create user: sudo useradd <user> -g <main group> -G <supplementary group>
The home directory will be created as /home/<user> automatically. -M – don’t create a home directory.
If no main group is pointed the user is created within his own group with his name.
Delete user: sudo userdel <username>
Use -r to delete the user with a home directory.
Set password for <user>: sudo passwd <user>
It’s not recommended to create a user with a password (useradd -p option) due to password visibility in CLI history and logs.
User related actions
Run from the name of user: sudo runuser -l <username>
Open root session: sudo runuser
Grant superuser rights to the user:
1st way: to add user to superuser group in /etc/sudoers file, the group is defined as <group> ALL=(ALL) ALL
2nd way: to give full permissions to the user itself: echo "<user> ALL=(ALL) ALL" > /etc/sudoers.d/<user>
and restrict access to this filechmod 440 /etc/sudoers.d/<user>