5.2 Creating Users and Groups

Weight: 2

Description: Creating users and groups on a Linux system.

Key Knowledge Areas:

User and group commands
User IDs

The following is a partial list of the used files, terms and utilities:

/etc/passwd, /etc/shadow, /etc/group, /etc/skel/
useradd, groupadd
passwd

In Linux, user management is crucial for system security, access control, and permissions. In this section we take a look at useful linux commands for user management.

User Management Commands

useradd

useradd is a command in Linux that is used to add user accounts to your system. It is just a symbolic link to adduser command in Linux and the difference between both of them is that useradd is a native binary compiled with the system

It makes changes to the following files:

/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
creates a directory for new user in /home

home directory

A home directory, also called a login directory, is the directory on Unix-like operating systems that serves as the repository for a user's personal files, directories and programs, including personal configuration files. It is also the directory that a user is first in after logging into the system.

Only root or users with sudo privileges can create new user accounts with useradd.

Syntax:

useradd [options] [User_name]

useradd command examples:

command

description

sudo useradd test_user

Add a user

sudo useradd -d /home/test_user test_user

Add User by Specifying a home directory path for the new user

sudo useradd -u 1234 test_user

Create a User with a Specific User ID (UID)

sudo useradd -g 1000 test_user

Create a User with a Specific Group ID (GID)

sudo useradd -M test_user

Create a User Without a Home Directory

sudo useradd -e 2026-05-30 test_user

Create User with an Expiry Date

sudo useradd -c "This is a test user" test_user

Create User with a Comment

sudo useradd -s /bin/sh test_user

Create a User with Changed Login Shell

sudo useradd -p test_password test_user

Set an Unencrypted Password for the User

/etc/skel

The /etc/skel directory contains files and directories that are automatically copied over to a new user's home directory when such user is created by the useradd program.

/etc/skel allows a system administrator to create a default home directory for all new users on a computer or network and thus to make certain that all users begin with the same settings or environment.

Several user configuration files are placed in /etc/skel by default when the operating system is installed.

The contents of /etc/skel can be viewed by using the ls (i.e., list) command with its -a option (which shows all files and directories, including hidden ones), i.e.,

[payam@earth ~]$ ls -l -a /etc/skel
total 24
drwxr-xr-x.   3 root root   78 Nov 17 12:03 .
drwxr-xr-x. 157 root root 8192 Dec 14 08:33 ..
-rw-r--r--.   1 root root   18 Apr 30  2024 .bash_logout
-rw-r--r--.   1 root root  141 Apr 30  2024 .bash_profile
-rw-r--r--.   1 root root  492 Apr 30  2024 .bashrc
drwxr-xr-x.   4 root root   39 Nov 17 12:03 .mozilla

The dots preceding the names of these files indicate that they are hidden files, i.e., files that are not normally visible in order to avoid visual clutter and help reduce the chances of accidental damage.

The location of /etc/skel can be changed by editing the line that begins with SKEL= in the configuration file /etc/default/useradd. By default this line says SKEL=/etc/skel.

usermod

usermod command or modify user is a command in Linux that is used to change the properties of a user in Linux through the command line. After creating a user we have to sometimes change their attributes like password or login directory etc. so in order to do that we use the Usermod command.

Note: usermod command needs to be executed only as a root user.

Syntax:

usermod [options] USER

Working with usermod command:

Command

Description

sudo usermod -c "This is test user" test_user

add a comment for a user

sudo usermod -d /home/bob test_user

change the home directory of a user

sudo usermod -e 2020-05-29 test_user

change the expiry date of a user

sudo usermod -g sales test_user

change the group of a user

sudo usermod -l test_account test_user

change user login name

sudo usermod -L test_user

To lock a user

sudo usermod -U test_user

To unlock a user

sudo usermod -p test_password test_user

set an unencrypted password for the user

sudo usermod -s /bin/sh test_user

change/create a shell for the user

sudo usermod -u 1234 test_user

change the user id of a user

userdel

'userdel' command in Linux system is used to delete a user account and related files. This command basically modifies the system account files, deleting all the entries which refer to the username LOGIN. It is a low-level utility for removing the users.

Syntax:

userdel [options] username

When a user is removed from the system by an administrator with the userdel command, that user's home directory, including the files and directories that have been copied into it from /etc/skel, remains intact.

Common Options for the 'userdel' Command:

Option

Description

-f

Force removal of the user account, including home directory and mail spool, even if the user is logged in.

-r

Remove the user's home directory along with the account. Useful for a complete cleanup.

passwd

The passwd command is the standard Linux utility for managing user passwords and account access. You use it to change your own password (passwd) or, as an administrator, to reset another user’s password. It also controls login access by locking and unlocking accounts and can force a password reset on next login.

passwd

[payam@earth ~]$ passwd
Changing password for user payam.
Current password: 
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.

If you are not the root user, you will be prompted to enter your current password to proceed.
You will then be prompted to enter the new password. Type the new password and press Enter.
Retype the new password when prompted to confirm.
The password for the specified user account is now changed.

Note: Linux does not display any characters on the screen while you type the password for security reasons.

Syntax:

 passwd [options] [username]

'passwd' Command Table :

Command

What It Does

passwd

Change your own password (interactive).

sudo passwd [user]

Change another user's password (admin only).

-l [user]

Locks the specified user's account.

-u [user]

Unlocks the specified user's account.

-e [user]

Expires the user's password, forcing a change on next login.

-S [user]

Shows the Status of the account (very useful).

-x [days] [user]

Sets the maximum number of days a password is valid.

-n [days] [user]

Sets the minimum number of days between password changes.

-w [days] [user]

Sets the number of warning days before a password expires.

How `passwd` Works

The passwd command is a safe tool for modifying the /etc/shadow file, which stores critical, encrypted password and aging information.

You should never edit this file directly. passwd is the correct interface.

A line in /etc/shadow looks like this: user1:$6$x8wA...an/:17887:0:99999:7:::

It's a list of 9 fields separated by colons:

User name: user1
Encrypted Password: $6$x8wA...an/ (If this starts with ! or *, the account is locked).
Last Change: The date the password was last changed.
Min Age: Minimum number of days before a password can be changed (default 0).
Max Age: Maximum number of days a password is valid (default 99999, meaning never expires).
Warn Days: Number of days before expiration to warn the user.
Inactive Days: Number of days after expiration before the account is fully disabled.
Expire Date: A specific date when the account is disabled.
Reserved: Unused.

When you run passwd -x 30 user1, you are simply changing Field 5 to 30. When you run passwd -l user1, you are just adding a ! to the start of Field 2.

Group management Commands

Groups in Linux refer to the user groups. In Linux, there can be many users of a single system. In a scenario where there are many users, there might be some privileges that some users have and some don't, and it becomes difficult to manage all the permissions at the individual user level. So, using groups, we can group together a number of users, and set privileges and permissions for the entire group.

groupadd

The general syntax for the groupadd command is as follows:

groupadd [OPTIONS] GROUPNAME

Only the root or a user with sudo privileges can create new groups.

Some of options Available with`groupadd` command:

Options

Description

-f, --force

This option forces the command to silently abort if the group with the given name already exists.
If used with the -g or --gid option and the specified group id already exists, the command forcefully ignores the given group id and assigns a new and unique group id.

-g GID, --gid GID

This option assigns a specific numeric group id to the newly created group.
The group id (GID) should be non-negative and unique, unless explicitly created to be non-unique using the -o or --non-unique option.
If not specified, the command assigns a default group id greater than any existing group id.

-p PASSWORD, --password PASSWORD

Sets an encrypted password for the group.
The password, returned by crypt(3), is visible to users and is stored in the /etc/gshadow file.
By default, the password is disabled, and it is crucial to ensure it adheres to the system's password policy.

-r, --system

Creates a system group.
System groups have numeric identifiers

groupmod

groupmod command in Linux is used to modify or change the existing group on Linux system. It can be handled by superuser or root user. Basically, it modifies a group definition on the system by modifying the right entry in the database of the group.

Syntax:

groupmod [option] GROUP

Options: There are some of options available in groupmod command.

-g, --gid GID: The group ID of the given GROUP will be changed to GID.
-n, --new-name NEW_GROUP: The name of group will change into newname.
-h, --help: This option display help message and exist.
-o, --non-unique: This option used with the -g option that allow to change the group GID to a non-unique value.
-p, --password PASSWORD: This gives the encrypted password.

Example: Below command will change the group group_old to group_new using -n option.

groupmod -n group_new group_old

groupdel

The 'groupdel' command is a powerful tool in Linux that allows system administrators to delete existing groups. It is a part of the 'passwd' package and provides a straightforward way to manage group accounts on a Linux system.

In simple words groupdel command is used to delete a existing group. It will delete all entry that refers to the group, modifies the system account files, and it is handled by superuser or root user.

Syntax:

groupdel [options] group_name

Some of options Available in `groupdel` Command:

Options

Description

'-r', '--remove'

Removes the group along with its associated files.

'-f', '--force'

This option forces the deletion of the group, even if it is still in use.

that's all.

sources:

https://www.geeksforgeeks.org/linux-unix/useradd-command-in-linux-with-examples/ https://www.linfo.org/etc_skel.html https://www.geeksforgeeks.org/linux-unix/usermod-command-in-linux-with-examples/ https://www.geeksforgeeks.org/linux-unix/userdel-command-in-linux-with-examples/ https://www.geeksforgeeks.org/linux-unix/passwd-command-in-linux-with-examples/ https://linuxize.com/post/how-to-create-groups-in-linux/ https://www.geeksforgeeks.org/linux-unix/groupadd-command-in-linux-with-examples/ https://www.geeksforgeeks.org/linux-unix/groupmod-command-in-linux-with-examples/ https://www.geeksforgeeks.org/linux-unix/groupdel-command-in-linux-with-examples/

Previous5.1 Basic Security and Identifying User Types Next5.3 Managing File Permissions and Ownership

Last updated 13 days ago

Good morning