Creating User Accounts in Alpine Linux

Managing user accounts is a fundamental system administration task. Alpine Linux provides simple yet powerful tools for creating and managing users. Let’s explore user account management! 👥

Understanding User Management

Linux user management involves:

• User Accounts: Individual login credentials
• Groups: Collections of users with shared permissions
• Home Directories: Personal workspace for each user
• Permissions: Access control for files and resources
• Shell Access: Command-line interface assignment

User Management Commands

Alpine Linux uses BusyBox implementations of standard Unix commands:

• adduser: Create new user (interactive)
• addgroup: Create new group
• passwd: Change user password
• deluser: Remove user account
• delgroup: Remove group

Step 1: Creating a Basic User

Using adduser Command

# Create a new user (interactive)
sudo adduser john

# You'll be prompted for:
# - Password (twice)
# - Full name (optional)
# - Room number (optional)
# - Work phone (optional)
# - Home phone (optional)
# - Other (optional)

Non-Interactive User Creation

# Create user with specific options
sudo adduser -D -s /bin/ash -h /home/jane -G users jane

# Set password separately
echo "jane:password123" | sudo chpasswd

# Options explained:
# -D: Don't assign password (create disabled account)
# -s: Specify shell
# -h: Specify home directory
# -G: Add to additional groups

Step 2: Advanced User Creation

Create System User

# Create system user (no home, no shell)
sudo adduser -S -D -H -s /sbin/nologin systemuser

# Options:
# -S: System user
# -D: Disabled password
# -H: No home directory
# -s /sbin/nologin: No shell access

Create User with Specific UID

# Create user with specific UID
sudo adduser -u 1500 -D specificuser

# Create user in specific group with GID
sudo addgroup -g 1500 customgroup
sudo adduser -D -G customgroup -u 1501 customuser

Step 3: Managing User Groups

Create Groups

# Create new group
sudo addgroup developers

# Create system group
sudo addgroup -S systemgroup

# Create group with specific GID
sudo addgroup -g 2000 specialgroup

Add Users to Groups

# Add existing user to group
sudo adduser john developers

# Add user to multiple groups
sudo adduser john wheel
sudo adduser john audio
sudo adduser john video

# View user's groups
groups john

# View all groups
cat /etc/group

Step 4: Configuring User Environment

Set Up User Home Directory

# Create custom home directory structure
sudo mkdir -p /home/john/{documents,downloads,projects}
sudo chown -R john:john /home/john

# Copy skeleton files
sudo cp -r /etc/skel/. /home/john/
sudo chown -R john:john /home/john

Configure Shell Environment

# Create .profile for user
sudo -u john nano /home/john/.profile

Add custom configurations:

# User's .profile
export PATH=$PATH:$HOME/bin
export EDITOR=nano
export LANG=en_US.UTF-8

# Custom aliases
alias ll='ls -la'
alias ..='cd ..'

# Custom prompt
PS1='\u@\h:\w\$ '

Step 5: Managing Passwords

Password Management

# Change user password (as root)
sudo passwd john

# Force password change on next login
sudo passwd -e john

# Set password aging
sudo passwd -n 7 -x 90 -w 14 john
# -n: Minimum days between changes
# -x: Maximum days valid
# -w: Warning days before expiration

# Lock/unlock account
sudo passwd -l john  # Lock
sudo passwd -u john  # Unlock

Password Policy

# Install password quality checking
sudo apk add libpwquality

# Configure password policy
sudo nano /etc/security/pwquality.conf

Add policy settings:

# Password quality requirements
minlen = 12
dcredit = -1
ucredit = -1
ocredit = -1
lcredit = -1

Step 6: User Account Information

View User Information

# List all users
cat /etc/passwd

# Get user details
id john
finger john  # If finger is installed

# Last login information
last john

# Current logged-in users
who
w

Modify User Accounts

# Change user's shell
sudo usermod -s /bin/bash john

# Change home directory
sudo usermod -d /new/home/john -m john

# Change username
sudo usermod -l newjohn john

# Change user comment/full name
sudo usermod -c "John Doe" john

# Expire account on specific date
sudo usermod -e 2024-12-31 john

Step 7: Setting User Permissions

Configure sudo Access

# Install sudo
sudo apk add sudo

# Add user to wheel group (traditional sudo group)
sudo adduser john wheel

# Configure sudoers file
sudo visudo

Add sudo rules:

# Allow wheel group full sudo access
%wheel ALL=(ALL) ALL

# Allow specific user without password
john ALL=(ALL) NOPASSWD: ALL

# Allow specific commands only
john ALL=(ALL) NOPASSWD: /sbin/reboot, /sbin/shutdown

# Allow user to run commands as another user
john ALL=(postgres) NOPASSWD: /usr/bin/psql

File Permissions

# Set default umask for user
echo "umask 027" >> /home/john/.profile

# Set file ownership
sudo chown john:developers /path/to/file

# Set directory permissions
sudo chmod 750 /home/john

Step 8: User Resource Limits

Configure Limits

# Edit limits configuration
sudo nano /etc/security/limits.conf

Add resource limits:

# User limits
john    soft    nproc     100
john    hard    nproc     200
john    soft    nofile    1024
john    hard    nofile    2048

# Group limits
@developers    soft    priority    5
@developers    hard    nice       -5

# Default limits
*    soft    core      0
*    hard    core      0

Step 9: Bulk User Management

Script for Multiple Users

#!/bin/sh
# bulk-create-users.sh

# Read users from file
while IFS=: read -r username password fullname groups; do
    echo "Creating user: $username"
    
    # Create user
    adduser -D -g "$fullname" "$username"
    
    # Set password
    echo "$username:$password" | chpasswd
    
    # Add to groups
    for group in $(echo $groups | tr ',' ' '); do
        adduser "$username" "$group"
    done
    
done < users.txt

Create users file:

# users.txt format - username:password:fullname:groups
alice:Pass123!:Alice Smith:developers,users
bob:Pass456!:Bob Jones:developers,wheel
charlie:Pass789!:Charlie Brown:users

Step 10: User Deletion

Remove Users Safely

# Remove user but keep home directory
sudo deluser john

# Remove user and home directory
sudo deluser --remove-home john

# Remove user from specific group only
sudo deluser john developers

# Backup user data before deletion
sudo tar -czf /backup/john-backup.tar.gz /home/john
sudo deluser --remove-home john

Security Best Practices

1. Account Security

# Disable unused accounts
sudo passwd -l unused_account

# Set strong password requirements
# In /etc/login.defs
PASS_MAX_DAYS   90
PASS_MIN_DAYS   7
PASS_WARN_AGE   14
PASS_MIN_LEN    12

2. Audit User Accounts

# Find users with UID 0 (root privileges)
awk -F: '($3 == "0") {print}' /etc/passwd

# Find users without passwords
awk -F: '($2 == "") {print}' /etc/shadow

# Find users with login shells
grep -v '/sbin/nologin' /etc/passwd | grep -v '/bin/false'

3. Monitor User Activity

# Check last login times
lastlog

# Monitor current activities
w

# Check authentication logs
grep "authentication" /var/log/messages

Automation Script

Create a comprehensive user management script:

#!/bin/sh
# user-manager.sh - Alpine Linux User Management Tool

show_menu() {
    echo "===== User Management ====="
    echo "1. Create user"
    echo "2. Delete user"
    echo "3. Modify user"
    echo "4. List users"
    echo "5. Change password"
    echo "6. Exit"
    echo "========================="
}

create_user() {
    read -p "Username: " username
    read -p "Full name: " fullname
    read -p "Additional groups (comma-separated): " groups
    
    # Create user
    adduser -D -g "$fullname" "$username"
    
    # Set password
    passwd "$username"
    
    # Add to groups
    IFS=',' 
    for group in $groups; do
        adduser "$username" "$group"
    done
    
    echo "User $username created successfully!"
}

delete_user() {
    read -p "Username to delete: " username
    read -p "Remove home directory? (y/n): " remove_home
    
    if [ "$remove_home" = "y" ]; then
        deluser --remove-home "$username"
    else
        deluser "$username"
    fi
    
    echo "User $username deleted!"
}

# Main loop
while true; do
    show_menu
    read -p "Select option: " choice
    
    case $choice in
        1) create_user ;;
        2) delete_user ;;
        3) echo "Modify user - To be implemented" ;;
        4) cat /etc/passwd | cut -d: -f1,5 ;;
        5) read -p "Username: " username && passwd "$username" ;;
        6) exit 0 ;;
        *) echo "Invalid option" ;;
    esac
    
    read -p "Press Enter to continue..."
done

Troubleshooting

Common Issues

1. Cannot create user

# Check available UIDs
getent passwd | awk -F: '{print $3}' | sort -n

# Check disk space
df -h /home

2. Group not found

# List all groups
cat /etc/group

# Create missing group
addgroup missing_group

3. Permission denied

# Fix home directory permissions
chown -R username:username /home/username
chmod 755 /home/username

Conclusion

You now have comprehensive knowledge of user account management in Alpine Linux! You can:

✅ Create and configure user accounts ✅ Manage groups and permissions
✅ Set up security policies ✅ Automate user management tasks ✅ Implement best practices

Remember: Good user management is crucial for system security and organization. Always follow the principle of least privilege! 👤