100 Days of DevOps, Day 1: Understanding Linux User Management and Shells

Welcome to Day 1 of our DevOps journey. DevOps engineers spend much of their time working with Linux servers, either manually or via automation. So, we’re going to start right at the core: Linux user management and shell types.

CRUD Operations on Users in Linux

Think of CRUD (Create, Read, Update, Delete) as the four verbs of system management. Same idea you see in databases, but here applied to users:

1. Create a user

sudo useradd yousuf

This creates a new user account named yousuf.

Would you like to add a home directory as well? Use:

sudo useradd -m yousuf

2. Read (check/display) user info

id yousuf
getent passwd yousuf

This gives you the UID (User ID), GID (Group ID), and assigned shell.

3. Update (modify) a user

Change the user’s shell:

sudo usermod -s /bin/bash yousuf

Change the user’s home directory:

sudo usermod -d /home/new_home yousuf

4. Delete a user

Delete account but keep home directory:

sudo userdel yousuf

Delete account along with home directory:

sudo userdel -r yousuf

💡 Remember: deleting a user won’t magically destroy files they created elsewhere unless you track them down. So always think before you hit the red button.

Interactive vs Non-Interactive Shell

Now let’s add nuance: what happens when a user logs in?

Interactive Shell

• User logs in → gets a prompt.
• Example:

  $ ssh yousuf@server
  yousuf@server:~$

• Here, yousuf has /bin/bash or /bin/sh as login shell. He can interactively run commands.

Non-Interactive Shell

• User logs in → no prompt, no mercy.
• Example shells for this are /sbin/nologin or /bin/false.
• If someone tries:

  ssh yousuf@server

• With /sbin/nologin: system politely says “This account is not available.”
• With /bin/false: just exits immediately, no message.

✅ This is useful for service accounts (databases, backup agents, monitoring tools) that don’t require human logins.

Practical Challenge

Now let’s take the real-world styled problem (straight out of KodeKloud Labs)

Scenario:

To accommodate the backup agent tool’s specifications, the system admin team at xFusionCorp Industries requires the creation of a user with a non-interactive shell.

Task: Create a user named yousuf with a non-interactive shell on App Server 3.

📑 Connection Details (important bits):

• Target server: stapp03 → 172.16.238.12
• Login user: banner
• Password: BigGr33n
• Jump host: jump_host.stratos.xfusioncorp.com (thor / mjolnir123)

Step-by-Step Solution

Step 1: SSH into the Jump Host

ssh thor@jump_host.stratos.xfusioncorp.com
# password: mjolnir123

Step 2: From Jump Host, SSH into App Server 3

ssh banner@stapp03.stratos.xfusioncorp.com
# password: BigGr33n

Now you’re inside App Server 3.

Step 3: Create the user with a non-interactive shell

We’ll use /sbin/nologin (common on most Linux distros) to ensure no interactive login:

sudo useradd -s /sbin/nologin yousuf

If /sbin/nologin isn’t available, fall back on /bin/false:

sudo useradd -s /bin/false yousuf

Step 4: Verify the user

getent passwd yousuf

Expected output (example):

yousuf:x:1005:1005::/home/yousuf:/sbin/nologin

That last field confirms it is non-interactive. 🎉

Conclusion

On Day 1, we:

1. Learned CRUD operations for user accounts.
2. Explored interactive vs non-interactive shells with clear examples.
3. Applied this in a practical scenario: creating the yousuf user with a non-interactive shell on App Server 3.