Linux User Management - Granting/Revoking sudo access

we will learn how to manage user accounts and grant or revoke sudo access on a Linux system. We will be using Ubuntu as our operating system for this project.

Requirements:

    • Ubuntu installed on a machine

    • Sudo access

    • Basic understanding of Linux commands

Step 1: Creating Users To create new users, we will use the adduser command. We will create three users named raj, monika, and valli.

sudo adduser raj

sudo adduser monika

sudo adduser valli

Step 2: Granting Sudo Access To grant sudo access to a user, we need to add the user to the sudo group. We will use the usermod command for this.

sudo usermod -aG sudo raj

sudo usermod -aG sudo monika

sudo usermod -aG sudo valli

Step 3: Testing Sudo Access To test if sudo access has been granted, we can use the sudo command followed by any command that requires root access. For example, we can try updating the system using the apt-get command.

sudo apt-get update

If the command runs without any errors, then sudo access has been granted successfully.

Step 4: Revoking Sudo Access To revoke sudo access, we need to remove the user from the sudo group. We will use the deluser command for this.

sudo deluser raj sudo

sudo deluser monika sudo

sudo deluser valli sudo

Step 5: Testing Revoked Sudo Access To test if sudo access has been revoked, we can try running the same command that required sudo access earlier.

sudo apt-get update

If we get an error saying that the user does not have sufficient privileges, then sudo access has been successfully revoked.

Adding a User with a Home Directory:

sudo adduser --home /home/newuser newuser

Deleting a User and their Home Directory:

sudo deluser --remove-home username

Changing a User's Password:

sudo passwd username

Locking a User's Account:

sudo usermod --expiredate 1 username

Unlocking a User's Account:

sudo usermod --expiredate "" username

Listing All Users on the System:

cat /etc/passwd | cut -d: -f1

Listing a User's Group Membership:

groups username

Adding a User to a Secondary Group:

sudo usermod -aG groupname username

Removing a User from a Secondary Group:

sudo gpasswd -d username groupname

Disabling Password Authentication for SSH:

sudo nano /etc/ssh/sshd_config

Then set PasswordAuthentication to no, save the file, and restart the SSH service.

Enabling Password Authentication for SSH:

sudo nano /etc/ssh/sshd_config

Then set PasswordAuthentication to yes, save the file, and restart the SSH service.

By utilizing these additional code examples, you can expand your knowledge of user management in Linux and become a more effective administrator.

Note on Security:

User management is an important aspect of Linux administration, and it is critical to ensure that user accounts are managed securely to prevent unauthorized access or data breaches. Here are a few best practices to follow:

    1. Use strong passwords: Ensure that users have strong, unique passwords that are difficult to guess or crack. Encourage users to use a password manager to generate and store secure passwords.

    2. Use SSH keys: Instead of relying on password authentication, use SSH keys for secure, encrypted access to your system. This eliminates the risk of password theft or brute-force attacks.

    3. Limit sudo access: Only grant sudo access to users who need it, and limit their access to specific commands or files as appropriate.

    4. Disable unused accounts: Disable or remove any user accounts that are no longer needed. This reduces the attack surface of your system and eliminates the risk of old, forgotten accounts being used to gain unauthorized access.

    5. Use least privilege: Give users the minimum level of access required to perform their tasks. This reduces the risk of accidental or intentional misuse of privileged access.

 we covered the topic of user management in Linux, focusing on granting and revoking sudo access for users. We provided code examples for creating new users, granting and revoking sudo access, changing passwords, locking and unlocking accounts, adding and removing users from groups, and disabling or enabling password authentication for SSH.