Every experienced System Administrator should have a knowledge of user and group management in a Linux system. Executing this tasks like viewing, editing, adding, and deleting local users and groups in the command line is more important than employing Graphical User Interface(GUI) as you will be able to administer not only local accounts but also the remote accounts.

In this tutorial, we are going to learn how to manage user and group accounts on Linux server. This can be any flavor of Linux distribution – Debian, RHEL, Arch Linux among many others.

Adding, Modifying and Deleting Linux User Accounts

Adding Linux User Accounts

We use useradd command when adding a new user account either being root or having root privileges then after we can set the password of newly created user account using passwd command.

Syntax;

useradd [options] LOGIN

Let’s create our new user account by the name John;

$ sudo useradd John

Now we can set the password for our user John;

$ sudo passwd John
New password: 
Retype new password: 
passwd: password updated successfully

We can use id and groups commands to display User ID (UID), Group ID (GID) and the groups John belong to respectively.

#id
$ id John
uid=1001(John) gid=1001(John) groups=1001(John)

#groups
$ groups John
John : John

Important useradd Options

Below are the options used with useradd command.

OptionUse
-d or –home-dircreating new user account with its home directory.
-c or –commentcreating new user account with comments i.e user’s full name.
-u or –uidcreating new user account with its specific UID.
-g or –gidcreating new user account with its specific GID.
-G or –groupscreating new user account by adding it to multiple secondary groups.
-m or –create-homecreating new user account with its home directory only if it doesn’t exist.

Modifying User Accounts

We use usermod with root privileges to change an existing user account’s features like;

  • Login shell
  • Login name
  • Lock the specified user account
  • Change the UID

and many more.

Syntax;

usermod [options] LOGIN

In the following example we are going to change John’s login shell and group it belong to.

Changing John’s login shell to bash;

$ sudo usermod -s /bin/bash John

Changing John’s group Tutor;

$ sudo usermod -g Tutor John

Important usermod Options

Below are the options used with usermod command.

OptionUse
-e or –expiredatesetting the expiration date of the specified user account.
-d or –homechanging the home directory of the specified user account. The contents of the current home directory are moved to the new home directory when used with option -m.
-c or –commentadding a brief comment to the specified user account.
-l or –loginchanging the login name of the specified user account.
-L or –locklocking the specified user account. for the locked account you will see an exclamation mark (!) in front of the encrypted password in the /etc/shadow.
-U or –unlockunlocking the specified user account.

Deleting User Accounts

In any case if we want to delete a certain user account, we use userdel command root privileges to accomplish this task.

Syntax;

userdel [options] LOGIN

Let’s remove the previously created user account John. To remove this user account with its home directory, we use -r option.

$ sudo userdel -r John

Adding, Modifying and Deleting Groups

Adding Groups

We use groupadd command with root privileges in order to add new group to the system. When used with -g option it will create a new group with a specific group id.

Syntax;

groupadd [options] group

Creating new group by the name Tech;

$ sudo groupadd -g 1020 Tech

Modifying Groups

Also, to modify the a certain group, we use groupmod command with root privileges.

Syntax;

groupmod [options] GROUP

Renaming the group Tech to Nixtech and assign a new group ID we use the following command.

$ sudo groupmod -n Nixtech -g 1026 Tech

Deleting Groups

We use groupdel command to delete groups on the system.

Syntax;

groupdel [options] GROUP

Let’s delete our group Nixtech;

$ sudo groupdel Nixtech

If it happens that the group you wanted to delete is a primary group of a certain user, you will not be able to delete the group until you remove the user first.

The Skeleton Directory

With /etc/skel directory, when creating new users together with its home directory files and folders are copied from /etc/skel directory to created home directory by default. The System Admin will copy the modified files and folders to skeleton directory when he wants new users to acquire the same to have the same files and directories automatically.

The passwd Command

The root can change anyone’s password in the system but any user can change its password also. The passwd command is used to change user’s password. This command has the SUID bit set meaning that it is executed with the file’s owner permission which is root.

Syntax;

passwd [options] [LOGIN]

Let’s look at this passwd file;

$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 68208 May 28  2020 /usr/bin/passwd

passwd Options

The following are the options used with passwd command.

OptionUse
-dDeleting the password of a user account thus making the user disabled.
-iSetting the number of days of inactivity after a password expires.
-lLocking the user account, therefore the encrypted password is prefixed with an exclamation mark (!) in the /etc/shadow file.
-eForcing the user account to change the password.
-uUnlocking the user account.
-SDisplaying information about the password status of a specific user account

The chage Command

chage command acronym change age is used to change the password aging details of the user.

Syntax;

chage [options] LOGIN

chage Options

The following are the options used with chage command.

OptionUse
-ESetting the expiration date for a user account.
-mSetting the minimum password lifetime for a user account.
-dSetting the last password change for a user account.
-ISetting the number of days of inactivity after a password expires.
-MSeting the maximum password lifetime for a user account.
-WSetting the number of days of warning before the password expires

Example to set user account password to expire at first login:

$ sudo chage -d 0 <username>

The /etc/passwd File

This is a file which contains user’s information and it has seven colon-delimited fields.

/etc/passwd file;

$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin

The /etc/group File

This is a file which contains groups information and it has four colon-delimited fields.

/etc/group file;

$ cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,frank
tty:x:5:syslog
disk:x:6:
lp:x:7:

The /etc/shadow File

This is a file which contains encrypted user passwords information and it has nine colon-delimited fields.

/etc/shadow;

$ sudo cat /etc/shadow
root:!:18511:0:99999:7:::
daemon:*:18354:0:99999:7:::
bin:*:18354:0:99999:7:::
sys:*:18354:0:99999:7:::
sync:*:18354:0:99999:7:::
frank:$6$4mvWT.oZK0CzaxfT$LoqS1D6.AIMQSFSA6nSJK6l3CM6m9cTAaI3tbb8INT/ixcpt7KP5H3kvkZCBt.PatlLOT0KvH3pB5AlZyyJdG.:18511:0:99999:7:::

The /etc/gshadow File

This is a file which contains encrypted group passwords and it has four colon-delimited fields.

/etc/gshadow;

$ sudo cat /etc/gshadow
root:*::
daemon:*::
bin:*::
sys:*::
adm:*::syslog,frank
tty:*::syslog

Filtering the Password and Group Databases

Using grep Command

At times you want to check users and group information store in the above four files to search for a specific details, we can accomplish these tasks using grep command.

Reviewing user frank;

$ grep frank /etc/passwd
frank:x:1000:1000:frank,,,:/home/frank:/bin/bash

Using getent command

Another way for checking user and group information is by using getent command.

Reviewing user frank with getent command;

$ getent passwd frank
frank:x:1000:1000:frank,,,:/home/frank:/bin/bash

We can also check the group;

$ getent group Nixtech
Nixtech:x:1026:

Conclusion

Up to this far am sure that you enjoyed this tutorial on how to manage user and group accounts on Linux. For more information about this tutorial visit the above mention command man pages, i.e.

  • man useradd
  • man usermod
  • man userdel
  • man groupadd
  • man groupmod
  • man groupdel
  • man passwd
  • man chage

Check on our previous guides;

LPIC 102 – List of Major Linux Desktop Environments

LPIC 102 – Install and Configure X11 Server on Linux

LPIC 102 – Working with Locale Settings and Environment Variables in…

LPIC 102 – Managing Linux System Date and Time with UTC…

LEAVE A REPLY

Please enter your comment!
Please enter your name here