# 5.2 Creating Users and Groups ### **5.2 Creating Users and Groups** **Weight:** 2 **Description:** Creating users and groups on a Linux system. **Key Knowledge Areas:** * User and group commands * User IDs **The following is a partial list of the used files, terms and utilities:** * /etc/passwd, /etc/shadow, /etc/group, /etc/skel/ * useradd, groupadd * passwd
In **Linux**, user management is crucial for **system security, access control, and permissions**. In this section we take a look at useful linux commands for user management. ## User Management Commands ### useradd **useradd** is a command in Linux that is used to add user accounts to your system. It is just a symbolic link to adduser command in Linux and the difference between both of them is that useradd is a native binary compiled with the system It makes changes to the following files: * /etc/passwd * /etc/shadow * /etc/group * /etc/gshadow * creates a directory for new user in /home {% hint style="info" %} #### **home directory** A home directory, also called a *login directory*, is the directory on [Unix-like](https://www.linfo.org/unix-like.html) operating systems that serves as the repository for a user's personal files, directories and programs, including personal configuration files. It is also the directory that a user is first in after logging into the system. {% endhint %} > Only root or users with sudo privileges can create new user accounts with `useradd`. **Syntax:** ``` useradd [options] [User_name] ``` **useradd command examples:**

command	description
`sudo useradd test_user`	Add a user
`sudo useradd -d /home/test_user test_user`	Add User by Specifying a home directory path for the new user
`sudo useradd -u 1234 test_user`	Create a User with a Specific User ID (UID)
`sudo useradd -g 1000 test_user`	Create a User with a Specific Group ID (GID)
`sudo useradd -M test_user`	Create a User Without a Home Directory
`sudo useradd -e 2026-05-30 test_user`	Create User with an Expiry Date
`sudo useradd -c "This is a test user" test_user`	Create User with a Comment
`sudo useradd -s /bin/sh test_user`	Create a User with Changed Login Shell
`sudo useradd -p test_password test_user`	Set an Unencrypted Password for the User

### /etc/skel The */etc/skel* directory contains files and directories that are automatically copied over to a new user's *home directory* when such user is created by the *useradd* program. /etc/skel allows a system administrator to create a default home directory for all new users on a computer or network and thus to make certain that all users begin with the same settings or *environment*. Several user configuration files are placed in /etc/skel by default when the operating system is installed. The contents of /etc/skel can be viewed by using the *ls* (i.e., *list*) command with its *-a* option (which shows all files and directories, including hidden ones), i.e., ``` [payam@earth ~]$ ls -l -a /etc/skel total 24 drwxr-xr-x. 3 root root 78 Nov 17 12:03 . drwxr-xr-x. 157 root root 8192 Dec 14 08:33 .. -rw-r--r--. 1 root root 18 Apr 30 2024 .bash_logout -rw-r--r--. 1 root root 141 Apr 30 2024 .bash_profile -rw-r--r--. 1 root root 492 Apr 30 2024 .bashrc drwxr-xr-x. 4 root root 39 Nov 17 12:03 .mozilla ``` > The dots preceding the names of these files indicate that they are *hidden files*, i.e., files that are not normally visible in order to avoid visual clutter and help reduce the chances of accidental damage. The location of /etc/skel can be changed by editing the line that begins with SKEL= in the configuration file */etc/default/useradd*. By default this line says SKEL=/etc/skel. ### usermod usermod command or modify user is a command in Linux that is used to change the properties of a user in Linux through the command line. After creating a user we have to sometimes change their attributes like password or login directory etc. so in order to do that we use the Usermod command. > **Note:** usermod command needs to be executed only as a root user. **Syntax:** ``` usermod [options] USER ``` Working with usermod command:

Command	Description
`sudo usermod -c "This is test user" test_user`	add a comment for a user
`sudo usermod -d /home/bob test_user`	change the home directory of a user
`sudo usermod -e 2020-05-29 test_user`	change the expiry date of a user
`sudo usermod -g sales test_user`	change the group of a user
`sudo usermod -l test_account test_user`	change user login name
`sudo usermod -L test_user`	To lock a user
`sudo usermod -U test_user`	To unlock a user
`sudo usermod -p test_password test_user`	set an unencrypted password for the user
`sudo usermod -s /bin/sh test_user`	change/create a shell for the user
`sudo usermod -u 1234 test_user`	change the user id of a user

### userdel **'userdel'** command in Linux system is used to delete a user account and related files. This command basically modifies the system account files, deleting all the entries which refer to the username LOGIN. It is a low-level utility for removing the users. **Syntax:** ``` userdel [options] username ``` {% hint style="warning" %} When a user is removed from the system by an administrator with the *userdel* command, that user's home directory, including the files and directories that have been copied into it from /etc/skel, remains intact. {% endhint %} **Common Options for the 'userdel' Command:** | Option | Description | | ------ | ---------------------------------------------------------------------------------------------------------- | | -f | Force removal of the user account, including home directory and mail spool, even if the user is logged in. | | -r | Remove the user's home directory along with the account. Useful for a complete cleanup. | ### passwd The `passwd` command is the standard Linux utility for managing user passwords and account access. You use it to change your own password (`passwd`) or, as an administrator, to reset another user’s password. It also controls login access by locking and unlocking accounts and can force a password reset on next login. ``` passwd ``` ``` [payam@earth ~]$ passwd Changing password for user payam. Current password: New password: Retype new password: passwd: all authentication tokens updated successfully. ``` * If you are not the root user, you will be prompted to enter your current password to proceed. * You will then be prompted to enter the new password. Type the new password and press Enter. * Retype the new password when prompted to confirm. * The password for the specified user account is now changed. > **Note:** Linux does not display any characters on the screen while you type the password for security reasons. **Syntax:** ``` passwd [options] [username] ``` **'passwd' Command Table :** | **Command** | **What It Does** | | -------------------- | ---------------------------------------------------------------- | | `passwd` | Change your *own* password (interactive). | | `sudo passwd [user]` | Change *another user's* password (admin only). | | **`-l [user]`** | **L**ocks the specified user's account. | | **`-u [user]`** | **U**nlocks the specified user's account. | | **`-e [user]`** | **E**xpires the user's password, forcing a change on next login. | | **`-S [user]`** | Shows the **S**tatus of the account (very useful). | | `-x [days] [user]` | Sets the ma**x**imum number of days a password is valid. | | `-n [days] [user]` | Sets the mi**n**imum number of days between password changes. | | `-w [days] [user]` | Sets the number of **w**arning days before a password expires. | #### How `passwd` Works The `passwd` command is a safe tool for modifying the **`/etc/shadow` file**, which stores critical, encrypted password and aging information. You should never edit this file directly. `passwd` is the correct interface. A line in `/etc/shadow` looks like this: `user1:$6$x8wA...an/:17887:0:99999:7:::` It's a list of 9 fields separated by colons: 1. **User name:** `user1` 2. **Encrypted Password:** `$6$x8wA...an/` (If this starts with `!` or `*`, the account is locked). 3. **Last Change:** The date the password was last changed. 4. **Min Age:** Minimum number of days before a password *can* be changed (default `0`). 5. **Max Age:** Maximum number of days a password is valid (default `99999`, meaning never expires). 6. **Warn Days:** Number of days before expiration to warn the user. 7. **Inactive Days:** Number of days after expiration before the account is fully disabled. 8. **Expire Date:** A specific date when the account is disabled. 9. **Reserved:** Unused. When you run `passwd -x 30 user1`, you are simply changing **Field 5** to `30`. When you run `passwd -l user1`, you are just adding a `!` to the start of **Field 2**. *** ## Group management Commands Groups in Linux refer to the user groups. In Linux, there can be many users of a single system. In a scenario where there are many users, there might be some privileges that some users have and some don't, and it becomes difficult to manage all the permissions at the individual user level. So, using groups, we can group together a number of users, and set privileges and permissions for the entire group. ### groupadd The general syntax for the `groupadd` command is as follows: ``` groupadd [OPTIONS] GROUPNAME ``` > Only the root or a user with sudo privileges can create new groups. #### Some of options Available with\`groupadd\` command: | Options | Description | | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | -f, --force |

This option forces the command to silently abort if the group with the given name already exists.
If used with the -g or --gid option and the specified group id already exists, the command forcefully ignores the given group id and assigns a new and unique group id.

| | -g GID, --gid GID |

This option assigns a specific numeric group id to the newly created group.
The group id (GID) should be non-negative and unique, unless explicitly created to be non-unique using the -o or --non-unique option.
If not specified, the command assigns a default group id greater than any existing group id.

| | -p PASSWORD, --password PASSWORD |

Sets an encrypted password for the group.
The password, returned by crypt(3), is visible to users and is stored in the /etc/gshadow file.
By default, the password is disabled, and it is crucial to ensure it adheres to the system's password policy.

| | -r, --system |

Creates a system group.
System groups have numeric identifiers

| ### groupmod **groupmod** command in Linux is used to modify or change the existing group on Linux system. It can be handled by superuser or root user. Basically, it modifies a group definition on the system by modifying the right entry in the database of the group. **Syntax:** ``` groupmod [option] GROUP ``` **Options:** There are some of options available in *groupmod* command. * **-g, --gid GID:** The group ID of the given GROUP will be changed to GID. * **-n, --new-name NEW\_GROUP:** The name of group will change into newname. * **-h, --help:** This option display help message and exist. * **-o, --non-unique:** This option used with the -g option that allow to change the group GID to a non-unique value. * **-p, --password PASSWORD:** This gives the encrypted password. Example: Below command will change the group *group\_old* to *group\_new* using *-n* option. ``` groupmod -n group_new group_old ``` ### groupdel The 'groupdel' command is a powerful tool in Linux that allows system administrators to delete existing groups. It is a part of the 'passwd' package and provides a straightforward way to manage group accounts on a Linux system. In simple words groupdel command is used to delete a existing group. It will delete all entry that refers to the group, modifies the system account files, and it is handled by superuser or root user. **Syntax:** ``` groupdel [options] group_name ``` **Some of options Available in \`groupdel\` Command:** | Options | Description | | ---------------- | ------------------------------------------------------------------------- | | '-r', '--remove' | Removes the group along with its associated files. | | '-f', '--force' | This option forces the deletion of the group, even if it is still in use. | that's all. . . . *** sources: \ \ \ \ \ \ \ \ --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://borosan.gitbook.io/lpi-linux-essentials/5.2-creating-users-and-groups.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.