How To Add and Delete Users on a CentOS 7 Server
October 28, 2014Linux Basics,Getting StartedCentOS
Introduction
When you first start using a fresh Linux server, adding and removing users is one of the most basic tasks that you should know how to do. When you create a new server, you are only given therootaccount by default. While this gives you a lot of power and flexibility, it is also dangerous to regularly use an account with so much power; for example, arootuser is more vulnerable to security exploits, since any commands run under that account can affect the server's entire filesystem.
It is almost always a better idea to add an additional, unprivileged user to do common tasks. You should also create additional accounts for any other users that need access to your server. Each user should have an additional account so that their activities can be monitored and managed. You can still acquire administrative privileges, when needed, through a mechanism calledsudo. In this guide, we will cover how to create user accounts, assignsudoprivileges, and delete users on a CentOS 7 server.
Adding Users
If you are signed in as therootuser, you can create a new user at any time by typing:
adduserusername
If you are signed in as a non-root user who has been givensudoprivileges, as demonstrated in the next section of this tutorial, you can add a new user by typing:
sudo adduserusername
Next, you'll need to give your user a password so that they can log in. To do so, use thepasswdcommand:
passwdusername
Note:Remember to addsudoahead of the command if you are signed in as a non-root user withsudoprivileges.
You will be prompted to type in the password twice to confirm it. Now your new user is set up and ready for use! You can now log in as that user, using the password that you set up.
Granting Sudo Privileges to a User
If your new user should have the ability to execute commands withroot(administrative) privileges, you will need to give the new user access tosudo.
We can do this by adding the user to thewheelgroup (which givessudoaccess to all of its members by default) through thegpasswdcommand. This is the safest and easiest way to managesudouser rights.
If you are currently signed in as therootuser, type:
gpasswd -ausernamewheel
If you are signed in using a non-root user withsudoprivileges, type this instead:
sudo gpasswd -ausernamewheel
Now your new user is able to execute commands with administrative privileges. To do so, simply typesudoahead of the command that you want to execute as an administrator:
sudosome_command
You will be prompted to enter the password of the regular user account that you are signed in as. Once the correct password has been submitted, the command you entered will be executed withrootprivileges.
Managing Users with Sudo Privileges
While you can add and remove users from a group (such aswheel) withgpasswd, the command doesn't have a way to show which users are members of a group. In order to see which users are part of thewheelgroup (and thus havesudoprivileges by default), you can use thelidfunction.lidis normally used to show which groups a user belongs to, but with the-gflag, you can reverse it and show which users belong in a group:
sudo lid -g wheel
The output will show you the usernames and UIDs that are associated with the group. This is a good way of confirming that your previous commands were successful, and that the user has the privileges that they need.
Deleting Users
If you have a user account that you no longer need, it's best to delete the old account. You have a couple of methods to do so, though the choice of which method to use depends on your own situation.
If you want to delete the user without deleting any of their files, type this command asroot:
userdelusername
If you want to delete the user's home directory along with the user account itself, type this command asroot:
userdel -rusername
Note:Remember to addsudoahead of the command if you are signed in as a non-root user withsudoprivileges.
With either command, the user will automatically be removed from any groups that they were added to, including thewheelgroup if they were givensudoprivileges. If you later add another user with the same name, they will have to be added to thewheelgroup again to gainsudoaccess.
Conclusion
You should now have a good grasp on how to add and remove users from your CentOS 7 server. Effective user management will allow you to separate users and give them only the access that is needed for them to do their job. You can now move on to configuring your CentOS 7 server for whatever software you need, such as aLAMPorLEMPweb stack.
For more information about how to configuresudo, check out our guide onhow to edit the sudoers file.