Lab: Create a User Step-by-Step¶
In this lab you will create a user and their home directory step-by-step the way the adduser
command does. You’ll create the following user:
Username:
galadriel
Group:
maiar
Home directory:
/home/galadriel
Step 0: Install Python¶
The best way to generate a UNIX password from the command line is with Python. Install it with apt
:
$ sudo apt install python-minimal
Step 1: Create a User¶
Users are added to both the /etc/passwd
and /etc/shadow
files. Add this line to /etc/passwd
:
galadriel:x:2000:2000:Lady of Light:/home/galadriel:/bin/bash
The fields are:
galadriel
: User namex
: Alwaysx
2000
: User ID2000
: Primary Group IDLady of Light
: Full name/etc/galadriel
: Home directory/bin/bash
: Login shell
Step 2: Generate a Password¶
The shadow file contains the hash of the users’s password and a salt for the hash. Python’s crypt
library can generate the hash and salt for us. Run this command to generate a hash for Cabri11o
.
$ python3 -c 'import crypt; print(crypt.crypt("Cabri11o"))'
This will generate a random salt so every hash will be different. Here’s an example:
$6$PO8tqBryUU5aZA.r$Dy0ybcqFH6aHA/vQGixiKGzKoWX2Ryh5a1aGdRqYB9U0SWpZZyUSLyMDP0Q4BonjA1c7ywdO.wktOk13KFO3T1
The salt is made of fields separated by the dollar sign ($
). The fields are:
$6
: Encryption method (SHA-512
)$PO8tqBryUU5aZA.r
: Salt (chosen at random)$Dy0ybcqFH6aHA...
: The hash
Copy the entire output of the command so you can paste it in the next step.
Step 3: Give the User a Password¶
Add this line to /etc/shadow
:
galadriel:<your-hash-here>:1:0:99999:7:::
The fields are:
galadriel
: User name.<your-hash-here>
: The hash (paste the hash here). Empty (::
) allows login without a password. A star (*
) disables the account.1
: Last password change. Days since Jan 1, 1970 that password was last changed. A zero forces a password change.0
: The minimum days between password changes.99999
: The maximum age of a password.7
: Password change warning days.<empty>
: The number of days after password expires that account is disabled.<empty>
: The number of days since January 1, 1970 that an account has been disabled<empty>
: A reserved field for possible future use
Step 4: Create a Group¶
Add the following lines to /etc/group
noldor:x:2000:
teleri:x:2001:galadriel
The fields are:
noldor
: Group name.x
: Alwaysx
2000
: Group IDGroup members separated by commas
Step 5: Create a Home Directory¶
The directory /etc/skel
has the skeleton of a home directory. That’s the bare minimum files a user gets started with. Make a copy with this command:
$ sudo cp -R /etc/skel /home/galadriel
The directory is owned by root
. Use chown
to fix it:
$ sudo chown -R galadriel:noldor /home/galadriel/
Step 6: Test Your Work¶
You should be able to use su
to login as Galadriel. You’ll be prompted for the password:
$ su galadriel
Password:
Don’t use sudo to do this test!
See what groups Galadriel is in:
$ groups