Introduction

One of the most basic tasks that you should know how to do on a fresh Linux server is add and remove users. When you create a new system, you are often (such as on DigitalOcean Droplets) only given therootaccount by default.

While running as therootuser gives you a lot of power and flexibility, it is also dangerous and can be destructive. It is almost always a better idea to add an additional, unprivileged user to do common tasks. You also should create additional accounts for any other users you may have on your system. Each user should have a different account.

You can still acquire administrator privileges when you need them through a mechanism calledsudo. In this guide we will cover how to create user accounts, assignsudoprivileges, and delete users.

How To Add a User

If you are signed in as therootuser, you can create a new user at any time by typing:

adduser newuser

If you are signed in as a non-root user who has been givensudoprivileges, as demonstratedin the initial server setup guide, you can add a new user by typing:

sudo adduser newuser

Either way, you will be asked a series of questions. The procedure will be:

  • Assign and confirm a password for the new user
  • Enter any additional information about the new user. This is entirely optional and can be skipped by hittingEnterif you don't wish to utilize these fields.
  • Finally, you'll be asked to confirm that the information you provided was correct. EnterYto continue.

Your new user is now ready for use! You can now log in using the password you set up.

Note: Continue if you need your new user to have access to administrative functionality.

How To Grant a User Sudo Privileges

If your new user should have the ability to execute commands with root (administrative) privileges, you will need to give the new user access tosudo. Let's examine two approaches to this problem: Adding the user to a pre-definedsudouser group, and specifying privileges on a per-user basis insudo's configuration.

Add the New User to the Sudo Group

By default,sudoon Ubuntu 16.04 systems is configured to extend full privileges to any user in thesudogroup.

You can see what groups your new user is in with thegroupscommand:

groups newuser
Output
    newuser : newuser

By default, a new user is only in their own group, which is created at the time of account creation, and shares a name with the user. In order to add the user to a new group, we can use theusermodcommand:

usermod -aG sudo newuser

The-aGoption here tellsusermodto add the user to the listed groups.

Test Your User's Sudo Privileges

Now, your new user is able to execute commands with administrative privileges.

When signed in as the new user, you can execute commands as your regular user by typing commands as normal:

some_command

You can execute the same command with administrative privileges by typingsudoahead of the command:

sudo some_command

You will be prompted to enter the password of the regular user account you are signed in as.

Specifying Explicit User Privileges in /etc/sudoers

As an alternative to putting your user in thesudogroup, you can use thevisudocommand, which opens a configuration file called/etc/sudoersin the system's default editor, and explicitly specify privileges on a per-user basis.

Usingvisudois the only recommended way to make changes to/etc/sudoers, because it locks the file against multiple simultaneous edits and performs a sanity check on its contents before overwriting the file. This helps to prevent a situation where you misconfiguresudoand are prevented from fixing the problem because you have lostsudoprivileges.

If you are currently signed in asroot, type:

visudo

If you are signed in using a non-root user withsudoprivileges, type:

sudo visudo

Traditionally,visudoopened/etc/sudoersin thevieditor, which can be confusing for inexperienced users. By default on new Ubuntu installations, it should instead usenano, which provides a more familiar text editing experience. Use the arrow keys to move the cursor, and search for the line that looks like this:

/etc/sudoers
root    ALL=(ALL:ALL) ALL

Below this line, copy the format you see here, changing only the word "root" to reference the new user that you would like to give sudo privileges to:

/etc/sudoers
root    ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL

You should add a new line like this for each user that should be given full sudo privileges. When you are finished, you can save and close the file by hittingCtrl-X, followed byY, and thenEnterto confirm.

How To Delete a User

In the event that you no longer need a user, it is best to delete the old account.

You can delete the user itself, without deleting any of their files, by typing this as root:

deluser newuser

If you are signed in as another non-root user with sudo privileges, you could instead type:

sudo deluser newuser

If, instead, you want to delete the user's home directory when the user is deleted, you can issue the following command as root:

deluser --remove-home newuser

If you're running this as a non-root user with sudo privileges, you would instead type:

sudo deluser --remove-home newuser

If you had previously configured sudo privileges for the user you deleted, you may want to remove the relevant line again by typing:

visudo

Or use this if you are a non-root user with sudo privileges:

sudo visudo
root    ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL   # DELETE THIS LINE

This will prevent a new user created with the same name from being accidentally given sudo privileges.

Conclusion

You should now have a fairly good handle on how to add and remove users from your Ubuntu 16.04 system. Effective user management will allow you to separate users and give them only the access that they are required to do their job.

For more information about how to configuresudo, check out our guide onhow to edit the sudoers filehere.