Loading...

VONDS ©

Lab 26: User Setup and Permissions

Lab Index

Onboard two developer accounts using both minimal and fully-specified user creation workflows. Validate identity and group state, then build a shared workspace with correct group ownership before cleaning everything up safely.

users permissions core

Scenario

You are onboarding two new developers: devstudent and devstudent2. The team needs a shared group called devteam and a shared workspace at /opt/devwork owned by that group. You will create one account using a minimal baseline workflow, create the second using advanced useradd flags, verify identity and group state using system files and CLI tooling, then clean up all changes.

Operator context

This is the user onboarding workflow you run when you want repeatable outcomes and clear verification, not “I think the account exists.”

Objective

  • Create a team group and two user accounts (basic and advanced methods).
  • Set passwords and enforce correct primary group assignment.
  • Create a shared directory and assign correct group ownership recursively.
  • Verify user records and group membership using /etc/passwd, id, and /etc/group.
  • Remove accounts and group cleanly, including home directory cleanup.

What You’ll Practice

  • Creating groups with groupadd.
  • Creating users with useradd (minimal and advanced flags).
  • Setting passwords with passwd.
  • Changing primary group assignment with usermod -g.
  • Creating shared workspaces and setting group ownership with mkdir and chgrp.
  • Verifying identity, home directory, shell, and groups using grep and id.
  • Cleaning up accounts with userdel -r and groups with groupdel.

Walkthrough

Step 1 : Create the team group.
Command 
sudo groupadd devteam

The group is the shared access boundary. Create it first so both users can be anchored to the same team identity. 

# Optional verification:
getent group devteam
Step 2 : Create the first user with the minimal baseline workflow.
Command 
sudo useradd devstudent

This creates the user using system defaults (often without creating a home directory, depending on distro defaults and /etc/login.defs).

Step 3 : Set a password for the first user.
Command 
sudo passwd devstudent

Password assignment completes the onboarding baseline and allows interactive login (subject to policy, shell, and account state).

Step 4 : Set the first user’s primary group to the team group.
Command 
sudo usermod -g devteam devstudent

Primary group affects default group ownership for new files. This aligns the user with the team by default.

Step 5 : Create the second user with advanced useradd flags.
Command 
sudo useradd -g devteam -s /bin/bash -c "Dev employee" -m -d /home/devstudent2 devstudent2

This is the explicit, repeatable form: you define the primary group, shell, comment field, home directory path, and ensure the home directory exists immediately.

Step 6 : Set a password for the second user.
Command 
sudo passwd devstudent2

With the account created and home provisioned, password is the final access step before verification.

Step 7 : Create a shared workspace and assign group ownership.
Command 
sudo mkdir -p /opt/devwork && sudo chgrp -R devteam /opt/devwork

This creates the directory and ensures all content under it is owned by the shared group. This is the minimum needed for controlled team collaboration.

Step 8 : Confirm the first user exists in /etc/passwd.
Command 
grep devstudent /etc/passwd

This verifies the local account record and shows UID, GID, home, and shell fields. 

devstudent:x:1001:1002::/home/devstudent:/bin/bash
Step 9 : Confirm the second user exists in /etc/passwd.
Command 
grep devstudent2 /etc/passwd
devstudent2:x:1002:1002:Dev employee:/home/devstudent2:/bin/bash
Step 10 : Verify group membership for devstudent.
Command 
id devstudent
uid=1001(devstudent) gid=1002(devteam) groups=1002(devteam)
Step 11 : Verify group membership for devstudent2.
Command 
id devstudent2
uid=1002(devstudent2) gid=1002(devteam) groups=1002(devteam)
Step 12 : Confirm group membership in /etc/group.
Command 
cat /etc/group
devteam:x:1002:devstudent,devstudent2
Step 13 : Clean up by removing both users and the group.
Command 
sudo userdel -r devstudent && sudo userdel -r devstudent2 && sudo groupdel devteam

userdel -r removes the account and home directory. Removing the group last ensures no accounts still depend on it.

Reference

  • groupadd <group> : Creates a new group.
  • useradd <user> : Creates a user using system defaults.
  • useradd -g <group> -s <shell> -c "<comment>" -m -d <home> <user> : Creates a user with explicit primary group, shell, comment, and home provisioning.
  • passwd <user> : Sets or changes a user password.
  • usermod -g <group> <user> : Changes a user’s primary group.
  • chgrp -R <group> <path> : Sets group ownership recursively.
  • id <user> : Displays UID, primary GID, and supplementary groups.
  • /etc/passwd : Local user account database.
  • /etc/group : Local group membership database.
  • userdel -r <user> : Deletes a user and removes their home directory.
  • groupdel <group> : Deletes a group.