Creating a new user is a very important aspect of basic security. Both for home systems and critical-mission servers. For the first case, obviously, we need to be a user other than root, which imposes great risk, and for the second case, it is best for some services to connect via a regular user and not root, which is an easy target.

For this article, I’m using a Raspberry PI system but the procedure and the commands are the same for every linux or unix-like system. We will use a low level utility called useradd which is present in almost all of the above mentioned systems. In most Debian-like systems, there is also a Perl-script called adduser which is a friendlier and interactive version of the previous one. I prefer the first one. The format of the command is:

useradd [OPTIONS] user

where OPTIONS are optional features that we can add to our command. So, in order to create the user john we type, as root:

useradd -m -d /home/john/ -s /bin/bash -G sudo john

where:

-m                    creates a user's home directory
-d /home/john/        give it a name of john
-s /bin/bash          select bash as the user's default shell
-G sudo               adds john to the sudo group

These are just some and most used options for useradd command, but there are more that we can find in the manual pages of the command. Type man useradd for more details. The last option (-G) is very important because now our user john has sudo access to execute commands with admin privileges. To check that this is the case indeed, we can open the sudoers file, as root, with:

visudo

which is the safest option or, if visudo is not available, we can open the file, as root, with:

vim /etc/sudoers

but we have to be extra careful, because one error in this file can break the sudo access for all users. That’s why we should use visudo due to automatic error checking when we save. After we open the file, we check that this line is present and uncommented:

%sudo   ALL=(ALL:ALL) ALL

This means that every user that is a member of the group sudo can have sudo access. So, now our user was created. We can check john’s entry in the passwd file with:

cat /etc/passwd | grep john

and also the supplementary groups he belongs to with:

groups john

Also, this is his home directory:

ls -la /home/john

Last thing, we have to set a password for the new user. As root:

passwd john

and type and confirm the new password. After that we can safely connect as the newly created user to the system with:

su - john

and execute commands that require admin/root privileges with sudo in front of our command.