Every experienced System Administrator should have a knowledge of user and group management in a Linux system. Executing this tasks like viewing, editing, adding, and deleting local users and groups in the command line is more important than employing Graphical User Interface(GUI) as you will be able to administer not only local accounts but also the remote accounts.
In this tutorial, we are going to learn how to manage user and group accounts on Linux server. This can be any flavor of Linux distribution – Debian, RHEL, Arch Linux among many others.
Adding, Modifying and Deleting Linux User Accounts
Adding Linux User Accounts
useradd command when adding a new user account either being root or having root privileges then after we can set the password of newly created user account using
useradd [options] LOGIN
Let’s create our new user account by the name John;
$ sudo useradd John
Now we can set the password for our user John;
$ sudo passwd John New password: Retype new password: passwd: password updated successfully
We can use
groups commands to display User ID (UID), Group ID (GID) and the groups John belong to respectively.
#id $ id John uid=1001(John) gid=1001(John) groups=1001(John) #groups $ groups John John : John
Important useradd Options
Below are the options used with
|-d or –home-dir||creating new user account with its home directory.|
|-c or –comment||creating new user account with comments i.e user’s full name.|
|-u or –uid||creating new user account with its specific UID.|
|-g or –gid||creating new user account with its specific GID.|
|-G or –groups||creating new user account by adding it to multiple secondary groups.|
|-m or –create-home||creating new user account with its home directory only if it doesn’t exist.|
Modifying User Accounts
usermod with root privileges to change an existing user account’s features like;
- Login shell
- Login name
- Lock the specified user account
- Change the UID
and many more.
usermod [options] LOGIN
In the following example we are going to change John’s login shell and group it belong to.
Changing John’s login shell to bash;
$ sudo usermod -s /bin/bash John
Changing John’s group Tutor;
$ sudo usermod -g Tutor John
Important usermod Options
Below are the options used with
|-e or –expiredate||setting the expiration date of the specified user account.|
|-d or –home||changing the home directory of the specified user account. The contents of the current home directory are moved to the new home directory when used with option -m.|
|-c or –comment||adding a brief comment to the specified user account.|
|-l or –login||changing the login name of the specified user account.|
|-L or –lock||locking the specified user account. for the locked account you will see an exclamation mark (!) in front of the encrypted password in the /etc/shadow.|
|-U or –unlock||unlocking the specified user account.|
Deleting User Accounts
In any case if we want to delete a certain user account, we use
userdel command root privileges to accomplish this task.
userdel [options] LOGIN
Let’s remove the previously created user account John. To remove this user account with its home directory, we use
$ sudo userdel -r John
Adding, Modifying and Deleting Groups
groupadd command with root privileges in order to add new group to the system. When used with
-g option it will create a new group with a specific group id.
groupadd [options] group
Creating new group by the name Tech;
$ sudo groupadd -g 1020 Tech
Also, to modify the a certain group, we use
groupmod command with root privileges.
groupmod [options] GROUP
Renaming the group Tech to Nixtech and assign a new group ID we use the following command.
$ sudo groupmod -n Nixtech -g 1026 Tech
groupdel command to delete groups on the system.
groupdel [options] GROUP
Let’s delete our group Nixtech;
$ sudo groupdel Nixtech
If it happens that the group you wanted to delete is a primary group of a certain user, you will not be able to delete the group until you remove the user first.
The Skeleton Directory
With /etc/skel directory, when creating new users together with its home directory files and folders are copied from /etc/skel directory to created home directory by default. The System Admin will copy the modified files and folders to skeleton directory when he wants new users to acquire the same to have the same files and directories automatically.
The passwd Command
The root can change anyone’s password in the system but any user can change its password also. The
passwd command is used to change user’s password. This command has the SUID bit set meaning that it is executed with the file’s owner permission which is root.
passwd [options] [LOGIN]
Let’s look at this passwd file;
$ ls -l /usr/bin/passwd -rwsr-xr-x 1 root root 68208 May 28 2020 /usr/bin/passwd
The following are the options used with
|-d||Deleting the password of a user account thus making the user disabled.|
|-i||Setting the number of days of inactivity after a password expires.|
|-l||Locking the user account, therefore the encrypted password is prefixed with an exclamation mark (!) in the /etc/shadow file.|
|-e||Forcing the user account to change the password.|
|-u||Unlocking the user account.|
|-S||Displaying information about the password status of a specific user account|
The chage Command
chage command acronym change age is used to change the password aging details of the user.
chage [options] LOGIN
The following are the options used with
|-E||Setting the expiration date for a user account.|
|-m||Setting the minimum password lifetime for a user account.|
|-d||Setting the last password change for a user account.|
|-I||Setting the number of days of inactivity after a password expires.|
|-M||Seting the maximum password lifetime for a user account.|
|-W||Setting the number of days of warning before the password expires|
Example to set user account password to expire at first login:
$ sudo chage -d 0 <username>
The /etc/passwd File
This is a file which contains user’s information and it has seven colon-delimited fields.
$ cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin
The /etc/group File
This is a file which contains groups information and it has four colon-delimited fields.
$ cat /etc/group root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,frank tty:x:5:syslog disk:x:6: lp:x:7:
The /etc/shadow File
This is a file which contains encrypted user passwords information and it has nine colon-delimited fields.
$ sudo cat /etc/shadow root:!:18511:0:99999:7::: daemon:*:18354:0:99999:7::: bin:*:18354:0:99999:7::: sys:*:18354:0:99999:7::: sync:*:18354:0:99999:7::: frank:$6$4mvWT.oZK0CzaxfT$LoqS1D6.AIMQSFSA6nSJK6l3CM6m9cTAaI3tbb8INT/ixcpt7KP5H3kvkZCBt.PatlLOT0KvH3pB5AlZyyJdG.:18511:0:99999:7:::
The /etc/gshadow File
This is a file which contains encrypted group passwords and it has four colon-delimited fields.
$ sudo cat /etc/gshadow root:*:: daemon:*:: bin:*:: sys:*:: adm:*::syslog,frank tty:*::syslog
Filtering the Password and Group Databases
Using grep Command
At times you want to check users and group information store in the above four files to search for a specific details, we can accomplish these tasks using
Reviewing user frank;
$ grep frank /etc/passwd frank:x:1000:1000:frank,,,:/home/frank:/bin/bash
Using getent command
Another way for checking user and group information is by using
Reviewing user frank with
$ getent passwd frank frank:x:1000:1000:frank,,,:/home/frank:/bin/bash
We can also check the group;
$ getent group Nixtech Nixtech:x:1026:
Up to this far am sure that you enjoyed this tutorial on how to manage user and group accounts on Linux. For more information about this tutorial visit the above mention command
man pages, i.e.
- man useradd
- man usermod
- man userdel
- man groupadd
- man groupmod
- man groupdel
- man passwd
- man chage
Check on our previous guides;