Managing users and groups is essential for system administration. Learn to create accounts, manage permissions, and implement security best practices.
Understanding Users
Every user has:
- UID: Unique numeric identifier
- GID: Primary group ID
- Home directory: Personal workspace
- Login shell: Command interpreter
- Password: Stored in /etc/shadow
# View your user info
id
# uid=1000(user) gid=1000(user) groups=1000(user),27(sudo)
# View all users
cat /etc/passwd
# View password info (requires root)
sudo cat /etc/shadowCreating Users
useradd (Low-level)
# Basic user creation
sudo useradd newuser
# Full featured user creation
sudo useradd -m -s /bin/bash -c "John Doe" -G sudo,developers johndoe
# -m = create home directory
# -s = login shell
# -c = comment (full name)
# -G = additional groups
# Set password
sudo passwd johndoe
# Create system user (no home, no login)
sudo useradd -r -s /usr/sbin/nologin appuseradduser (Interactive, Debian/Ubuntu)
# Interactive user creation
sudo adduser newuser
# Prompts for password, full name, etc.Modifying Users
# Change username
sudo usermod -l newname oldname
# Change home directory
sudo usermod -d /new/home -m username
# Change shell
sudo usermod -s /bin/zsh username
# Add to groups (append)
sudo usermod -aG docker,developers username
# IMPORTANT: -a (append) is crucial! Without it, you REPLACE groups
# Lock account (disable login)
sudo usermod -L username
# Unlock account
sudo usermod -U username
# Set account expiration
sudo usermod -e 2025-12-31 contractorDeleting Users
# Delete user (keep home directory)
sudo userdel username
# Delete user and home directory
sudo userdel -r username
# Delete user, home, and remove from all groups
sudo deluser --remove-home --remove-all-files usernameManaging Groups
# View all groups
cat /etc/group
# View user's groups
groups username
# Create group
sudo groupadd developers
# Create system group
sudo groupadd -r appgroup
# Delete group
sudo groupdel groupname
# Rename group
sudo groupmod -n newname oldname
# Add user to group
sudo gpasswd -a username groupname
# Remove user from group
sudo gpasswd -d username groupnamePassword Management
# Change your password
passwd
# Change another user's password (root)
sudo passwd username
# Force password change on next login
sudo passwd -e username
# Set password expiration policy
sudo chage -M 90 username # Max days before change
sudo chage -m 7 username # Min days between changes
sudo chage -W 14 username # Warn days before expiration
# View password aging info
sudo chage -l username
# Lock password (cannot login with password)
sudo passwd -l username
# Unlock password
sudo passwd -u usernameThe passwd and shadow Files
/etc/passwd (readable by all)
username:x:1000:1000:Full Name:/home/username:/bin/bash
1 2 3 4 5 6 7
1. Username
2. Password placeholder (x means shadow file)
3. UID
4. GID (primary group)
5. GECOS (comment/full name)
6. Home directory
7. Login shell/etc/shadow (root only)
username:$6$salt$hash:19500:0:99999:7:::
1 2 3 4 5 6
1. Username
2. Password hash ($6$ = SHA-512)
3. Days since epoch when password was last changed
4. Minimum days between changes
5. Maximum days before change required
6. Warning days before expirationSudo Access
# Add user to sudo group (Debian/Ubuntu)
sudo usermod -aG sudo username
# Add user to wheel group (RHEL/CentOS)
sudo usermod -aG wheel username
# Edit sudoers file safely
sudo visudo
# Grant full sudo (in sudoers)
username ALL=(ALL:ALL) ALL
# Grant specific command without password
username ALL=(ALL) NOPASSWD: /usr/bin/apt update
# Grant sudo to group
%developers ALL=(ALL:ALL) ALLPractical Examples
Create Developer User
# Create user with proper groups
sudo useradd -m -s /bin/bash -c "Alice Developer" \
-G sudo,docker,developers alice
# Set password
sudo passwd alice
# Create SSH directory
sudo -u alice mkdir -p /home/alice/.ssh
sudo -u alice chmod 700 /home/alice/.sshCreate Service Account
# No home, no login shell
sudo useradd -r -s /usr/sbin/nologin -M appservice
# Give ownership of app directory
sudo chown -R appservice:appservice /opt/myappBulk User Creation
#!/bin/bash
# Create users from list
while IFS=: read -r username fullname; do
sudo useradd -m -c "$fullname" "$username"
echo "$username:ChangeMe123" | sudo chpasswd
sudo passwd -e "$username" # Force password change
done < users.txtAudit User Accounts
# Find users who can login
grep -v '/nologin\|/false' /etc/passwd
# Find users with UID 0 (root privileges)
awk -F: '$3 == 0 {print $1}' /etc/passwd
# Find users with empty passwords
sudo awk -F: '$2 == "" {print $1}' /etc/shadow
# Find users who haven't logged in
lastlog | grep "Never logged in" beginner Getting Started 25 min read
Related Tutorials
useraddusermodgroupaddpasswdlinux usersgroups