{{Header}} {{title|title= User Management }} {{#seo: |description=Guide to managing users, including creating new users, assigning permissions, and switching between user accounts in {{project_name_short}}. |image=User-management12312.jpg }} {{passwords_mininav}} [[File:User-management12312.jpg|thumb]] {{intro| This guide provides step-by-step instructions for managing user accounts in {{project_name_short}}, enhancing system security and facilitating multi-user environments. }} = Add a New User = Optional! To create a new user account named user2, execute the following command: Note: Replace user2 with the desired username for the new account. {{CodeSelect|code= sudo adduser user2 }} This command will prompt you to set a password and fill in additional information for the new user. Ensuring each user has a unique account helps maintain system security and organizes user-specific configurations. = Allow New User to Login to Virtual Console = Optional! This step is necessary only if the new user account should have access to the [[Desktop#Virtual_Consoles|Virtual Console]] for direct system interaction without a graphical interface. This can be useful for users that will also be members of the sudo group for purposes of [[recovery]]. (This is related to security feature [[Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown|Console Lockdown]].) {{CodeSelect|code= sudo adduser user2 console }} = Allow New User Sudo Access = Optional! If you want user2 to perform administrative tasks with elevated privileges, add them to the sudo group. See also [[Root|Safely Use Root Commands]] for best practices when executing commands as root. {{CodeSelect|code= sudo adduser user2 sudo }} Adding user2 to the sudo group enables them to execute commands with root privileges by prefacing commands with sudo. Use this responsibly to prevent unintended system changes. = Switch User = To switch to the new user account, follow these steps: Start menu → Log Out or Switch User → login * '''Username''': user2 * '''Password''': The password set during the creation of user2. See also: * [[Login]] * [[Root#Substitute_User_.28su.29_Command|Substitute User (su) Command]] = User Restrictions = TODO: document topics not covered yet * restricted shell (any secure available?) * libpam-chroot (might be weak?) * /etc/security/limits.conf * file system quotas * snoopy * Logging off idle users = Attribution = {{sdebian |link=https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#user-limits |text=Limiting resource usage: the limits.conf file }} {{sdebian |link=https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#user-restrict |text=Restricting users's access }} {{sdebian |link=https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#idm1440 |text=User auditing }} {{sdebian |link=https://www.debian.org/doc/manuals/securing-debian-manual/ch04s17.en.html |text=File system limits and control, Using quotas }} {{reflist|close=1}} {{Footer}} [[Category:Documentation]]