Managing Users and Groups in Linux
This simple article provides a list of command-line utilities (including examples) that can be used to manage users and groups on Linux based operating systems. (commands marked † require root
privilege, or a user with suitable sudo
access rights to run).
useradd†
The useradd
command is used to create a new user on a Linux system.
(man page here)
- Create a new user "testuser1" using default settings as specified in "/etc/default/useradd" and "/etc/skel".
root@host# useradd testuser1
- List defaults used when creating new users
root@host# useradd -D GROUP=100 HOME=/export/home INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREAT_MAIL_SPOOL=no
- Create a new user "testuser2" and set their default shell to "/bin/bash"
root@host# useradd -m -s /bin/bash testuser2
The-m
is specified to create the home directory - Create a new user "testuser3" and specify user id (uid) "1234"
root@host# useradd -m -u 1234 testuser3
- Create a new user "testuser4" and specify group membership
root@host# useradd -m -g group1 -G group2,group3 testuser4
- Create a new user "testuser5" and specify it's home directory
root@host# useradd -m -d /users/testuser5 testuser5
usermod†
The usermod
command is used to modify an existing account on a Linux system.
(man page here)
- Change a users home directory to "/export/home/testuser1"
root@host# usermod -d /export/home/testuser1 testuser1
The original users directory is NOT removed. - Add additional groups to an existing user
root@host# usermod -a -G group1,group2,group3 testuser2
- Change an existings users default shell to "/bin/zsh"
root@host# usermod -s /bin/zsh testuser3
userdel†
The userdel
command is used to remove an account on a Linux system. The userdel
command will remove any entries for the specified user from "/etc/passwd", "/etc/shadow"/ and "/etc/group".
(man page here)
- Remove user "testuser1" without removing it's home directory
root@host# userdel testuser1
Useful if you want to keep the users files online, or if you are archiving them at a later date. - Remove user "testuser2" and it's home directory
root@host# userdel -r testuser2
Make sure you have a backup of the users home directory just in case.
passwd†
The passwd
command is used to set or change a password for an existing user. The command may also be used for locking and unlocking an account.
(man page here)
- User "testuser1" changes their own password
testuser1@host$ passwd
Any user can change their own password in this way. - Change password for "testuser2"
root@host# passwd testuser2
Only the
root
user can change another users password (or a user who has elevated privileges using the sudo
. For example
testuser2@host$ sudo passwd testuser3
root@host# passwd -l testuser3
root@host# passwd -u testuser4
root@host# passwd -a -S
root@host# passwd -d testuser5
chage†
The chage
command is used to set or change a users password expiry information.
(man page here)
- Display password expiry for user "testuser1"
root@host# chage -l testuser1
- Change password expiry details interactively for "testuser2"
root@host# chage testuser2
- Force user "testuser3" to change their password at next login
root@host# chage -d 0 testuser3
groupadd†
The groupadd
command is used for creating a new group on a Linux system.
(man page here)
- Add a new group "group1"
root@host# groupadd group1
- Add a new group "group2" with a specific group id (gid) "1234"
root@host# groupadd -g 1234 group2
groupmod†
The groupmod
command is used for modifying a group definition on a Linux system.
(man page here)
- Change the gid of group "group1"
root@host# groupmod -g 1234 group1
- Change the name of existing group "group2" to "group3"
root@host# groupmod -n group2 group3
groupdel†
The groupdel
command is used for deleting a group definition on a Linux system.
(man page here)
- Remove group "group1"
root@host# groupdel group1
groups
The groups
command is used for displaying group membership of a user on a Linux system.
(man page here)
- User "testuser1" querying which groups the account belongs to
testuser1@host$ groups
- Display groups membership with user "testuser2"
root@host# groups testuser2
id
The id
command is used for displaying a users UID/GID and group membership on a Linux system.
(man page here)
- User "testuser1" displays their own user and group membership information
testuser1@host$ id
- Display user and group membership information for user "testuser2"
root@host# id testuser2
Other utilities
pwck
,grpck
— Utilities that can be used for verification of the password, group and associated shadow files.gpasswd
— Utility for administering the "/etc/group" file.pwconv
,pwunconv
— Utilities that can be used for the conversion of passwords to shadow passwords, or back from shadow passwords to standard passwords.