Linux User & Group Management

A user or account of a system is uniquely identified by a numerical number called the UID (unique identification number). There are two types of users – the root or superuser and normal users. A root or superuser can access all the files, while the normal user has limited access to files. A superuser can add, delete and modify a user account. The full account information is stored in the /etc/passwd file and a hash password is stored in the file /etc/shadow. Some operations on a user account are discussed below.

Creating a user with a default setting: 

A user can be added by running the useradd command at the command prompt. After creating the user, set a password using the passwd utility, as follows:

root@localhost:~/Desktop#useradd yc
root@localhost:~/Desktop#passwd yc
Changing password for user yc.
New password: 
Retype new password:
passwd: all authentication tokens updated successfully.

Creating a user with the UID:

You can create a user with a custom UID with the –u option, as follows:

root@localhost:~# useradd -u 4036 yc

Creating a user with a non-default home directory:

A non-default home directory can be set by executing the following command:

root@localhost:~# useradd –d /home/test yc

Adding a user to a primary group and supplementary group:

A systems administrator can specify a primary group and a supplementary one by specifying the –g and –G options, respectively.

root@localhost:~# useradd -g “head” -G “faculty” yc

Similar: Linux File & Directory Permission

Locking and unlocking a user:

A superuser can lock and unlock a user account. To lock an account, one needs to invoke passwd with the -l option.

root@localhost:~# passwd -l yc Locking password for user yc. passwd: Success

The –u option with passwd unlock an account, as shown below:

root@localhost:~# passwd -u yc Unlocking password for user yc.
passwd: Success

Changing a user name:

The –l option with the usermod command changes the login (user) name, as shown below:

root@localhost:~# usermod -l “yc5” yc

Where “yc” is old user name and “hackonlogy5” is the new username

Removing a user:

Combining userdel with the –r option drops a user and the home directory associated with that user, as shown below:

root@localhost:~# userdel -r yc5

Linux group

Linux group is a mechanism to organize a collection of users. Like the user ID, each group is also associated with a unique ID called the GID (group ID). There are two types of groups – a primary group and a supplementary group. Each user is a member of a primary group and of zero or ‘more than zero’ supplementary groups. The group information is stored in /etc/group and the respective passwords are stored in the /etc/gshadow file. Some operations such as creating, deleting, and modifying a group are discussed below.

Creating a group with default settings:

To add a new group with default settings, run the groupadd command as a root user, as shown below:

root@localhost:~#  groupadd employee

If you wish to add a password, then type gpasswd with the group name, as follows:

root@localhost:~# gpasswd employee
Changing the password for group employee New Password:  Re-enter new password:

Must Read: Linux Fundaments and Basic Commands

Creating a group with a specified GID:

To explicitly specify the GID of a group, execute the groupadd command with the –g option, as follow:

root@localhost:~# groupadd -g 1200 manager

Removing group password:

To remove a group password, run gpasswd –r with the relevant group name, as follows:

root@localhost:~# gpasswd -r employee

Changing the group’s name:

To change the group’s name, run the groupmod command with the -n option as a superuser, as shown below:

root@localhost:~# groupmod -n hrmanager employee

Changing the group’s GID:

To change the GID of a group, run the groupmod command with –g, as follows:

root@localhost:~# groupmod -g 1050 manager

Deleting a group:

Before deleting a primary group, delete the users of that primary group. To delete a group, run the groupdel command with the group name, as shown below:

root@localhost:~# groupdel employee