DEV Community

Cover image for 2.Group Creation and User Assignment
Thu Kha Kyawe
Thu Kha Kyawe

Posted on

2.Group Creation and User Assignment

#aws #linuxlevel1

Lab Information

The system admin team at xFusionCorp Industries has streamlined access management by implementing group-based access control. Here's what you need to do:

a. Create a group named nautilus_developers across all App servers within the Stratos Datacenter.

b. Add the user kano into the nautilus_developers group on all App servers. If the user doesn't exist, create it as well.

Lab Solutions

🧭 Part 1: Lab Step-by-Step Guidelines
Scope

You must perform the same steps on ALL App servers:

stapp01

stapp02

stapp03

πŸ”Ή Step 1: Log in to the Jump Host

ssh thor@jump_host.stratos.xfusioncorp.com


Password:

mjolnir123
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Step 2: Connect to Each App Server (One by One)

App Server 1
ssh tony@stapp01.stratos.xfusioncorp.com
Ir0nM@n
sudo -i

App Server 2
ssh steve@stapp02.stratos.xfusioncorp.com
Am3ric@
sudo -i

App Server 3
ssh banner@stapp03.stratos.xfusioncorp.com
BigGr33n
sudo -i
Enter fullscreen mode Exit fullscreen mode

⚠️ Perform Steps 3–6 on EACH server

πŸ”Ή Step 3: Create the group nautilus_developers

groupadd nautilus_developers
Enter fullscreen mode Exit fullscreen mode

If the group already exists, this command is safe to ignore the error.

πŸ”Ή Step 4: Check if user kano exists

id kano
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Step 5: Create user kano (ONLY if it does not exist)

useradd kano
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Step 6: Add kano to the group nautilus_developers

usermod -aG nautilus_developers kano
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Step 7: Verify group membership

groups kano
Enter fullscreen mode Exit fullscreen mode

πŸ” Repeat Steps 2–7 on all three App servers

🧠 Part 2: Simple Step-by-Step Explanation (Beginner Friendly)

Why do we use groups?
Instead of managing permissions per user, Linux allows access control via groups, which is cleaner and more secure.

Why create the group on all App servers?
Each server has its own local users and groups.
Creating it on only one server is not enough.

Why check if the user exists first?
The task says:

β€œIf the user doesn't exist, create it as well”
So we verify before creating to avoid errors.

What does usermod -aG do?

-a β†’ append (don’t remove existing groups)

-G β†’ specify group

Adds kano safely to nautilus_developers

Why verify with groups kano?
Labs are strict β€” verification confirms:

User exists

Group membership is correct

Resources & Next Steps
πŸ“¦ Full Code Repository: KodeKloud Learning Labs
πŸ“– More Deep Dives: Whispering Cloud Insights - Read other technical articles
πŸ’¬ Join Discussion: DEV Community - Share your thoughts and questions
πŸ’Ό Let's Connect: LinkedIn - I'd love to connect with you
Credits
β€’ All labs are from: KodeKloud
β€’ I sincerely appreciate your provision of these valuable resources.

Top comments (0)