Creating a User Account

This document explains how to create a regular user account in Alpine Linux.

Page Contents

Why Not Run as Root?
How Accounts Work Internally
Creating a User Account
Group Membership
Legacy Groups
Switching to the New Account

Why Not Run as Root?

While using the root account is appropriate for the initial Alpine Linux system setup process, we really don’t want to use this account on a day-to-day basis. Any command we mistype as root can destroy the entire system, and any malicious code we encounter has the ability to compromise the entire system. For these reasons, we need to create a regular user account.

How Accounts Work Internally

When we create a regular user account, we’re really doing several things:

Allocating a new user ID number (uid) on the system.
Mapping the new uid to a symbolic, human-readable name.
Associating the new uid with a group ID number (gid) that indicates the user’s primary group. On most Linux systems today (Alpine included) creating a user also creates a group with a new gid at the same time. A new user will have its primary group set to this newly created group by default, and that group will be private to the newly created user.
Creating and setting the location of the home directory associated with the new user account.
Specifying which shell the user will run when logging into the system.

It’s important to remember that Linux operates using uid and gid numbers for Discretionary Access Control (DAC). These numbers are associated with the permissions that a given user (or group member) has to access files and perform other operations on the system. User names are for the benefit of the humans sitting at the keyboard, and they need to mapped to uid numbers. On our installation, this mapping is performed by the /etc/passwd file.

Creating a User Account

Alpine Linux includes a flexible and powerful adduser command that both handles the creation of new users and the addition of users to groups. In the following example, I’m going to demonstrate creating an account that has the username mmurphy2, corresponding to my CCU username. Substitute my username for the username of the new account in the following steps.

Begin by creating the account:

adduser -h /home/mmurphy2 mmurphy2

Set the user’s password when prompted. You won’t see any characters displayed while you’re doing this step. If you make a mistake in the confirmation and see an error message, simply run (again, replacing my username with yours) the following command and set it again:

passwd mmurphy2

We can check that the user was created successfully by running:

id mmurphy2

The result will look something like:

uid=1000(mmurphy2) gid=1000(mmurphy2) groups=1000(mmurphy2)

Since this is the first regular user account we created on this system, both the uid and private gid numbers default to 1000.

Group Membership

Note that we need to be members of a few extra groups to be able to do useful things with our system. The first of these groups is the wheel group, which we normally configure to allow use of the doas command. Alpine Linux has a neat shortcut for adding the user account to this group, since we can just use the adduser command again with slightly different syntax:

adduser mmurphy2 wheel

We can add any user to any group simply by substituting the user and group names in the above command.

Legacy Groups

With proper seat management, it theoretically isn’t necessary to add our new user account to any additional groups. In practice, however, I’ve found that things work a bit more reliably if we just go ahead and add ourselves to these “legacy” groups on desktop/laptop and Raspberry Pi devices. We’re normally going to be the only user anyway, so it makes sense to give ourselves access to the hardware. The following sequence of commands will perform these additions:

adduser mmurphy2 audio
adduser mmurphy2 dialout
adduser mmurphy2 games
adduser mmurphy2 input
adduser mmurphy2 kvm
adduser mmurphy2 lp
adduser mmurphy2 tty
adduser mmurphy2 video

The audio, input, and video groups make configuring graphical environments a bit easier, while the tty and dialout groups allow our user account to have direct access to various other hardware devices like serial ports. Membership in the lp group allows for printing if we set up a printer later. The kvm group allows for the use of virtualization, while the games group is used for certain video game packages (mostly for shared high score records).

Switching to the New Account

Now that we have our regular user account, let’s stop running as root. Run the command:

exit

to log out. Now log in using your CCU username and the password you set in the previous step. Verify that you’re running as your regular user instead of the root user by running:

whoami

The command should print your username.