# Create logical groups once
sudo groupadd developers
sudo groupadd devops-team
sudo groupadd <TopicPreview slug="database">database</TopicPreview>-admins

# Set permissions for groups once
# Add/remove users with one command
sudo usermod -aG developers new_intern
sudo deluser departing_employee developers

# Create logical groups once
sudo groupadd developers
sudo groupadd devops-team
sudo groupadd <TopicPreview slug="database">database</TopicPreview>-admins

# Set permissions for groups once
# Add/remove users with one command
sudo usermod -aG developers new_intern
sudo deluser departing_employee developers

# Instead of everyone using root, create individual accounts:
sudo adduser alice    # Senior DevOps Engineer
sudo adduser bob      # Junior Developer  
sudo adduser charlie  # <TopicPreview slug="database">Database</TopicPreview> Administrator

# Instead of everyone using root, create individual accounts:
sudo adduser alice    # Senior DevOps Engineer
sudo adduser bob      # Junior Developer  
sudo adduser charlie  # <TopicPreview slug="database">Database</TopicPreview> Administrator

# User-friendly, asks questions step by step
sudo adduser tom

# User-friendly, asks questions step by step
sudo adduser tom

# Low-level, full control, perfect for automation
sudo useradd tom
sudo passwd tom
sudo mkdir /home/tom
sudo chown tom:tom /home/tom

# Low-level, full control, perfect for automation
sudo useradd tom
sudo passwd tom
sudo mkdir /home/tom
sudo chown tom:tom /home/tom

# Create user with specific group and home directory
sudo useradd -m -g developers -s /bin/bash -c "Tom Wilson, Developer" tom

# Create user with specific group and home directory
sudo useradd -m -g developers -s /bin/bash -c "Tom Wilson, Developer" tom

devops-team:x:1001:alice,bob
developers:x:1002:charlie,diana,eve
database-admins:x:1003:alice,frank

devops-team:x:1001:alice,bob
developers:x:1002:charlie,diana,eve
database-admins:x:1003:alice,frank

root:x:0:0:root:/root:/bin/bash
nana:x:1000:1000:Nana,,,:/home/nana:/bin/bash
mysql:x:999:999:MySQL Server:/var/lib/mysql:/bin/false

root:x:0:0:root:/root:/bin/bash
nana:x:1000:1000:Nana,,,:/home/nana:/bin/bash
mysql:x:999:999:MySQL Server:/var/lib/mysql:/bin/false

# Create logical business groups
sudo groupadd devops-team
sudo groupadd developers  
sudo groupadd <TopicPreview slug="database">database</TopicPreview>-admins
sudo groupadd interns

# Create logical business groups
sudo groupadd devops-team
sudo groupadd developers  
sudo groupadd <TopicPreview slug="database">database</TopicPreview>-admins
sudo groupadd interns

# Check what groups exist
cat /etc/group

# Check what groups exist
cat /etc/group

# Make DevOps the user's PRIMARY group
sudo usermod -g devops-team tom

# Add user to ADDITIONAL groups (keeps existing groups)
sudo usermod -aG developers,database-admins tom

# DANGER: This REPLACES all secondary groups
sudo usermod -G developers tom  # Tom loses other group memberships!

# Make DevOps the user's PRIMARY group
sudo usermod -g devops-team tom

# Add user to ADDITIONAL groups (keeps existing groups)
sudo usermod -aG developers,database-admins tom

# DANGER: This REPLACES all secondary groups
sudo usermod -G developers tom  # Tom loses other group memberships!

# See groups for current user
groups

# See groups for specific user
groups tom

# Output: tom : devops-team developers database-admins

# See groups for current user
groups

# See groups for specific user
groups tom

# Output: tom : devops-team developers database-admins

# The secret user database
cat /etc/passwd

# The secret user database
cat /etc/passwd

# Move user to a different primary group
sudo usermod -g new-primary-group username

# Example: Make alice's primary group 'managers'
sudo usermod -g managers alice

# Move user to a different primary group
sudo usermod -g new-primary-group username

# Example: Make alice's primary group 'managers'
sudo usermod -g managers alice

# ADD to existing groups (safe - keeps current groups)
sudo usermod -aG group1,group2,group3 username

# REPLACE all secondary groups (dangerous!)
sudo usermod -G group1,group2 username

# Example: Add alice to admin and developers groups
sudo usermod -aG admin,developers alice

# ADD to existing groups (safe - keeps current groups)
sudo usermod -aG group1,group2,group3 username

# REPLACE all secondary groups (dangerous!)
sudo usermod -G group1,group2 username

# Example: Add alice to admin and developers groups
sudo usermod -aG admin,developers alice

# Change user's home directory
sudo usermod -d /new/home/path -m username

# Change user's default shell
sudo usermod -s /bin/zsh username

# Change username itself
sudo usermod -l newname oldname

# Lock a user account (disable login)
sudo usermod -L username

# Unlock a user account
sudo usermod -U username

# Change user's home directory
sudo usermod -d /new/home/path -m username

# Change user's default shell
sudo usermod -s /bin/zsh username

# Change username itself
sudo usermod -l newname oldname

# Lock a user account (disable login)
sudo usermod -L username

# Unlock a user account
sudo usermod -U username

# Alice gets promoted from developer to DevOps lead
sudo usermod -aG devops-team,admin alice
sudo usermod -c "Alice Johnson, DevOps Lead" alice

# Alice gets promoted from developer to DevOps lead
sudo usermod -aG devops-team,admin alice
sudo usermod -c "Alice Johnson, DevOps Lead" alice

# Switch to specific user (asks for THEIR password)
su - tom

# Switch to root user (asks for root password)
su -
# or
su - root

# Switch to specific user (asks for THEIR password)
su - tom

# Switch to root user (asks for root password)
su -
# or
su - root

# WITH dash: Full login (loads user's environment)
su - tom
# Result: You're in /home/tom with tom's PATH and settings

# WITHOUT dash: Keeps current environment  
su tom
# Result: You're still in your current directory with your settings

# WITH dash: Full login (loads user's environment)
su - tom
# Result: You're in /home/tom with tom's PATH and settings

# WITHOUT dash: Keeps current environment  
su tom
# Result: You're still in your current directory with your settings

# Execute single command as another user
sudo -u tom whoami

# Switch to another user (asks for YOUR password, not theirs)
sudo su - tom

# Become root temporarily
sudo su -

# Execute single command as another user
sudo -u tom whoami

# Switch to another user (asks for YOUR password, not theirs)
sudo su - tom

# Become root temporarily
sudo su -

whoami           # Shows current username
id               # Shows user ID and all groups
pwd              # Shows current directory
echo $HOME       # Shows home directory path

whoami           # Shows current username
id               # Shows user ID and all groups
pwd              # Shows current directory
echo $HOME       # Shows home directory path

# You're troubleshooting why tom can't access a file
echo "I am: $(whoami)"
sudo su - tom
echo "Now I am: $(whoami)"
ls -la /path/to/problem/file
exit             # Return to your original user
echo "Back to: $(whoami)"

# You're troubleshooting why tom can't access a file
echo "I am: $(whoami)"
sudo su - tom
echo "Now I am: $(whoami)"
ls -la /path/to/problem/file
exit             # Return to your original user
echo "Back to: $(whoami)"