Ubuntu admin group

Introduction

I’m primarily a Windows administrator, but occasionally I manage Linux systems too—specifically Ubuntu Server. In this article, I’m working with Ubuntu 20.04 LTS. Since I don’t use Linux every day, I often need a quick refresher when it comes to user and permission management.

That’s why I decided to write down the essential commands for creating users and groups, assigning permissions, and explaining the difference between the root user and users in the Ubuntu admin group (also known as the sudo group). If you’re like me and want a practical, no-frills guide to managing users and groups in Ubuntu, this one’s for you.


Managing Users and Groups

Managing users and permissions can be a pain. Administrators, by default, allow one user to manage the entire system. When you install Ubuntu Server 20.04 you will be asked to create a user. This user will automatically be added to the group sudo, which means the user obtains the highest rights in short sudo. Sudo access is crucial for managing user permissions effectively, as it allows users to execute commands with elevated privileges. In addition, Ubuntu creates another user which is called root user.


Understanding Users and Groups

Managing permissions in Linux involves understanding usernames, groups, and permissions. This article explains how these elements work together to control access. The superuser, or root user, has the highest system access. Managing these privileges is key for security.


Understanding users is crucial for access control. Each user needs a unique username, which identifies them on the system. Users need their own account and home directory. A sudo user can perform administrative tasks with limited access, adhering to the principle of least privilege.


Groups provide flexibility in managing users. While each user has a unique username, multiple users can belong to the same group, simplifying management while maintaining control over server tasks. Use command-line tools to verify a user’s group memberships and privileges.


Permissions are the final piece of access control. Linux uses a hierarchical permission system to determine user actions on files, directories, or applications.


In this article, you’ll learn to add a user to a sudo group and existing groups. A future article will cover permissions.


What is the sudo user, and when to use the sudo access

Ubuntu servers add the first created user to the sudo group, which means this user can use the sudo command to add other users and add/edit/delete system files. All of these operations require great privileges like adding a new user or adding a new group to add future users, adding them to the administrative groups(admin), and configuring permissions for each Linux file or folder. With sudo, users can perform various administrative tasks such as installing software, updating the system, and managing user accounts.


A user should only be added to the sudoers file when a user needs sudo permissions. The sudoers file is like the Administration group in Windows. All major tasks like adding users and adding groups can be done with root privileges by default or install/updated programs.

Creating users and groups

Create a new user

There are two commands to add a user ‘useradd’ or ‘adduser’. At first, this can be a little confusing since both commands accomplish the same thing (in different ways) and are named similarly. I prefer the command ‘adduser’ since it creates the password for the user and the home folder with additional questions. ‘useradd” only adds the user to the system, and you would need to assign a password later.
When creating a new user, you can also provide additional information such as

Full Name,

Room Number,

Work Phone, and

Home Phone

to ensure comprehensive user details in the system.

The adduser command also creates a home directory for the user and a group with the same name as the user.

Bash
sudo adduser edy

Remove a user

Before removing an account, you should ask yourself one fundamental question: Is it still necessary for you to access the user’s files?

By default, this command won’t delete the user home directory or any files in it.

Bash
sudo userdel edy

Remove the user’s home directory with all its contents. It is not automatically deleted when you remove a user account. Also, remember that you may keep the folder for retention or move it elsewhere for archiving purposes.

Bash
sudo rm -r /home/edy

Create a new group

Bash
sudo groupadd admins

On the Ubuntu Server platform, you’ll likely see that each of your user accounts is a member of a group with the same name as your username. The moment you create a user account, you are also creating a group with the same name.

ubuntu file permission

In this picture you see the home folder ‘edy’ (red), user permission (violet) and the automated created group ‘edy’ (green)


Add user to a group

To add a user to a group, you can use the usermod command as shown below:

Bash
sudo usermod -aG admins edy

The option -‘a’ means to append the user edy to the group. If you would not use ‘a’, all other existing memberships in the group would be removed. ‘G’ means to add the user to the secondary group. It adds the user to an additional group and won’t replace the primary group. To replace the user’s primary group, you would use ‘g’ lowercase instead of uppercase ‘G’.

To verify the user’s group membership, you can use the groups command:

Bash
groups edy

Remove a user from a group

Bash
gpasswd -d edy admins

This command will remove user ‘edy’ from the group ‘admins

What’s the difference between a primary group and a secondary group

The Primary Group is a group that is automatically created while creating a user. Similarly, a group with the same ID as the user is created and the user is added to the group as the only member. This group is referred to as the primary group.
When a user is added to the ‘sudo’ group, they will belong to their primary group and the sudo group.

We can create a secondary group independently using commands and add users to it by changing their group IDs.


Delete a group

Bash
sudo groupdel admins

How to check all groups in the system? There is a group file in /etc

Bash
nano /etc/group

In the file you see all groups. You also notice that groups are named after user name.

ubuntu /etc/groups file
/etc/groups

Check out the table below for great deals on servers available on Amazon.

Product NameView on Amazon
PowerEdge Dell R630 Server | 2X E5-2690 v4 = 28 Cores | 128GB RAM | 2X 1TB SSD (Renewed) View on Amazon
Dell PowerEdge R730 Server 2X E5-2680v4 2.40Ghz 28-Core 128GB 8X 4TB 12G H730P (Renewed) View on Amazon
HPE ProLiant MicroServer Gen10 Plus Server with one Intel® Xeon® E-2224 Processor, 16 GB Memory, and 4 Large Form Factor (LFF) Non-hot Plug Drive Bays View on Amazon
ProLiant MicroServer Gen11 Tower Server w/one Intel Xeon E-2434, 3.4GHz 4-core 1P 32GB-U VROC 4LFF‑NHP 4TB HDD iLO KIT 180W External PS (HPE Smart Choice P74440-005) View on Amazon
Lenovo ThinkSystem ST250 V2 Business Tower Server Desktop, Intel Xeon E-2336 Hexa-Core 2.9GHz Processor up to 4.8GHz, 16GB DDR4 3200 MHz UDIMM, No Storage, USB 3.0, No Wi-Fi, No OS, BlackView on Amazon
Supermicro SYS-5019D-4C-FN8TP Xeon D-2133IT Quad Core Front I/O Short Depth 1U Server, 2X SFP+, 2X 10GBase-T, 4X GbE LANView on Amazon
Supermicro E300-9D-8CN8TP Mini PC Server - Xeon D-2146NT - Serial ATA/600 Controller - ASPEED AST2500 Graphic Card - 10 Gigabit EthernetView on Amazon

Switching users

Bash
su -edy

This command will change current user account to ‘edy’

If you only enter

Bash
su -

This will switch the user to ‘root’.

Since Ubuntu 20.04, Ubuntu installer won’t create the user ‘root’.

First, you must create a password for the user ‘root’. After that, you can switch to the ‘root’ user. Ubuntu recommends not using the root account. You add any other user to the sudo group. Remember that Ubuntu automatically added the user you created during the installation process to the sudo group.

To log into the server as the root user via SSH, you must enter the root account credentials to gain administrative control over the server’s shell.


Set password for user ‘root’

Bash
sudo passwd

You can set a ‘root’ password with any user who has sudo rights. Once the ‘root’ password is set, you can switch to the ‘root’ user. Using your password for sudo access ensures user accountability and control, allowing authorized users to perform administrative tasks without sharing the root password.

Setting a strong password for the root account is crucial to maintaining a robust security posture and preventing breaches caused by weak passwords.

Switching back from the ‘root’ user to your regular account, just type

Bash
exit

Add a user to sudo group (sudoers file)

Bash
sudo usermod -aG sudo edy

This will add the user ‘edy’ to the sudo group, granting them sudo privileges

Bash
groups edy

Look up the group membership of the user ‘edy’

Once added to the sudo group, the user can execute commands with elevated privileges using the sudo command. The sudoers file you find here /etc/sudoers.

Change password for a user

Bash
sudo passwd edy

I would love to get some feedback from you. Was this article helpful? Please share your opinion with me in the comment section below. Or, if you prefer a more personal touch, feel free to email me directly at info@edywerder.ch. Your thoughts and insights are always appreciated. Additionally, you can connect with me on Reddit at Navigatetech.

.stk-c516ab0 {padding-top:0px !important;padding-right:0px !important;padding-bottom:0px !important;padding-left:0px !important;margin-top:51px !important;margin-bottom:49px !important;}
.stk-3e5f134 {background-color:var(u002du002dglobal-palette7, #EDF2F7) !important;padding-top:10px !important;padding-right:10px !important;padding-bottom:10px !important;padding-left:10px !important;}.stk-3e5f134:before{background-color:var(u002du002dglobal-palette7, #EDF2F7) !important;}

Before you go …

If you’re managing users and groups on your Ubuntu system, it’s a good idea to think about securing your setup as well. One effective way to do that is by monitoring for suspicious login attempts and automated attacks.

I recommend checking out Fail2ban Email Notification, which walks you through setting up alerts so you’re notified whenever Fail2ban blocks an IP. It’s a simple step that adds an extra layer of awareness and control to your server management. A secure system starts with good user management—but it doesn’t stop there.

.stk-30d717f {padding-top:0px !important;padding-right:0px !important;padding-bottom:0px !important;padding-left:0px !important;margin-top:51px !important;margin-bottom:49px !important;}
.stk-d6da39b {background-color:var(u002du002dglobal-palette7, #EDF2F7) !important;padding-top:10px !important;padding-right:10px !important;padding-bottom:10px !important;padding-left:10px !important;}.stk-d6da39b:before{background-color:var(u002du002dglobal-palette7, #EDF2F7) !important;}.stk-d6da39b-container{padding-top:27px !important;padding-right:27px !important;padding-bottom:27px !important;padding-left:27px !important;}

Full Disclosure

Any purchases made from clicks on links to products on this page may result in an affiliate commission for me. 

Please keep in mind that the quantity or price of items can change at any time.

As an Amazon  Associate, I earn from qualifying purchases.

Als Amazon-Partner verdiene ich an qualifizierten Verkäufen

Tech Expert & Blogger


Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.