Every experienced System Administrator should have a knowledge of user and group management in a Linux system. Executing this tasks like viewing, editing, adding, and deleting local users and groups in the command line is more important than employing Graphical User Interface(GUI) as you will be able to administer not only local accounts but also the remote accounts.
In this tutorial, we are going to learn how to manage user and group accounts on Linux server. This can be any flavor of Linux distribution – Debian, RHEL, Arch Linux among many others.
Adding, Modifying and Deleting Linux User Accounts
Adding Linux User Accounts
We use useradd command when adding a new user account either being root or having root privileges then after we can set the password of newly created user account using passwd command.
Syntax:
useradd [options] LOGINLet’s create our new user account by the name John;
$ sudo useradd JohnNow we can set the password for our user John;
$ sudo passwd John
New password:
Retype new password:
passwd: password updated successfullyWe can use id and groups commands to display User ID (UID), Group ID (GID) and the groups John belong to respectively.
#id
$ id John
uid=1001(John) gid=1001(John) groups=1001(John)
#groups
$ groups John
John : JohnImportant useradd Options
Below are the options used with useradd command.
| Option | Use |
| -d or –home-dir | creating new user account with its home directory. |
| -c or –comment | creating new user account with comments i.e user’s full name. |
| -u or –uid | creating new user account with its specific UID. |
| -g or –gid | creating new user account with its specific GID. |
| -G or –groups | creating new user account by adding it to multiple secondary groups. |
| -m or –create-home | creating new user account with its home directory only if it doesn’t exist. |
Modifying User Accounts
We use usermod with root privileges to change an existing user account’s features like;
- Login shell
- Login name
- Lock the specified user account
- Change the UID
and many more.
Syntax:
usermod [options] LOGINIn the following example we are going to change John’s login shell and group it belong to.
Changing John’s login shell to bash:
$ sudo usermod -s /bin/bash JohnChanging John’s group Tutor:
$ sudo usermod -g Tutor JohnImportant usermod Options
Below are the options used with usermod command.
| Option | Use |
| -e or –expiredate | setting the expiration date of the specified user account. |
| -d or –home | changing the home directory of the specified user account. The contents of the current home directory are moved to the new home directory when used with option -m. |
| -c or –comment | adding a brief comment to the specified user account. |
| -l or –login | changing the login name of the specified user account. |
| -L or –lock | locking the specified user account. for the locked account you will see an exclamation mark (!) in front of the encrypted password in the /etc/shadow. |
| -U or –unlock | unlocking the specified user account. |
Deleting User Accounts
In any case if we want to delete a certain user account, we use userdel command root privileges to accomplish this task.
Syntax:
userdel [options] LOGINLet’s remove the previously created user account John. To remove this user account with its home directory, we use -r option.
$ sudo userdel -r JohnAdding, Modifying and Deleting Groups
Adding Groups
We use groupadd command with root privileges in order to add new group to the system. When used with -g option it will create a new group with a specific group id.
Syntax:
groupadd [options] groupCreating new group by the name Tech:
$ sudo groupadd -g 1020 TechModifying Groups
Also, to modify the a certain group, we use groupmod command with root privileges.
Syntax:
groupmod [options] GROUPRenaming the group Tech to Nixtech and assign a new group ID we use the following command.
$ sudo groupmod -n Nixtech -g 1026 TechDeleting Groups
We use groupdel command to delete groups on the system.
Syntax:
groupdel [options] GROUPLet’s delete our group Nixtech:
$ sudo groupdel NixtechIf it happens that the group you wanted to delete is a primary group of a certain user, you will not be able to delete the group until you remove the user first.
The Skeleton Directory
With /etc/skel directory, when creating new users together with its home directory files and folders are copied from /etc/skel directory to created home directory by default. The System Admin will copy the modified files and folders to skeleton directory when he wants new users to acquire the same to have the same files and directories automatically.
The passwd Command
The root can change anyone’s password in the system but any user can change its password also. The passwd command is used to change user’s password. This command has the SUID bit set meaning that it is executed with the file’s owner permission which is root.
Syntax:
passwd [options] [LOGIN]Let’s look at this passwd file:
$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 68208 May 28 2020 /usr/bin/passwdpasswd Options
The following are the options used with passwd command.
| Option | Use |
| -d | Deleting the password of a user account thus making the user disabled. |
| -i | Setting the number of days of inactivity after a password expires. |
| -l | Locking the user account, therefore the encrypted password is prefixed with an exclamation mark (!) in the /etc/shadow file. |
| -e | Forcing the user account to change the password. |
| -u | Unlocking the user account. |
| -S | Displaying information about the password status of a specific user account |
The chage Command
chage command acronym change age is used to change the password aging details of the user.
Syntax:
chage [options] LOGINchage Options
The following are the options used with chage command.
| Option | Use |
| -E | Setting the expiration date for a user account. |
| -m | Setting the minimum password lifetime for a user account. |
| -d | Setting the last password change for a user account. |
| -I | Setting the number of days of inactivity after a password expires. |
| -M | Seting the maximum password lifetime for a user account. |
| -W | Setting the number of days of warning before the password expires |
Example to set user account password to expire at first login:
$ sudo chage -d 0 <username>The /etc/passwd File
This is a file which contains user’s information and it has seven colon-delimited fields.
/etc/passwd file;
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologinThe /etc/group File
This is a file which contains groups information and it has four colon-delimited fields.
/etc/group file:
$ cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,frank
tty:x:5:syslog
disk:x:6:
lp:x:7:The /etc/shadow File
This is a file which contains encrypted user passwords information and it has nine colon-delimited fields.
/etc/shadow
$ sudo cat /etc/shadow
root:!:18511:0:99999:7:::
daemon:*:18354:0:99999:7:::
bin:*:18354:0:99999:7:::
sys:*:18354:0:99999:7:::
sync:*:18354:0:99999:7:::
frank:$6$4mvWT.oZK0CzaxfT$LoqS1D6.AIMQSFSA6nSJK6l3CM6m9cTAaI3tbb8INT/ixcpt7KP5H3kvkZCBt.PatlLOT0KvH3pB5AlZyyJdG.:18511:0:99999:7:::The /etc/gshadow File
This is a file which contains encrypted group passwords and it has four colon-delimited fields.
/etc/gshadow
$ sudo cat /etc/gshadow
root:*::
daemon:*::
bin:*::
sys:*::
adm:*::syslog,frank
tty:*::syslogFiltering the Password and Group Databases
Using grep Command
At times you want to check users and group information store in the above four files to search for a specific details, we can accomplish these tasks using grep command.
Reviewing user frank:
$ grep frank /etc/passwd
frank:x:1000:1000:frank,,,:/home/frank:/bin/bashUsing getent command
Another way for checking user and group information is by using getent command.
Reviewing user frank with getent command:
$ getent passwd frank
frank:x:1000:1000:frank,,,:/home/frank:/bin/bashWe can also check the group:
$ getent group Nixtech
Nixtech:x:1026:Conclusion
Up to this far am sure that you enjoyed this tutorial on how to manage user and group accounts on Linux. For more information about this tutorial visit the above mention command man pages, i.e.
- man useradd
- man usermod
- man userdel
- man groupadd
- man groupmod
- man groupdel
- man passwd
- man chage
Check on our previous guides:
