This is an article that takes the reader back to the basics of Linux. It covers the various aspects of users and groups in Linux, like adding or removing them, giving them passwords, etc—all from a systems administrator’s point of view.
Linux is a multi-user operating system, which means that more than one user can use Linux at the same time. Linux provides a beautiful mechanism to manage users in a system. One of the most important roles of a system administrator is to manage the users and groups in a system. All the commands used in this article are explained using the CentOS Linux distro.
A user or account of a system is uniquely identified by a numerical number called the UID (unique identification number). There are two types of users – the root or super user and normal users. A root or super user can access all the files, while the normal user has limited access to files. A super user can add, delete and modify a user account. The full account information is stored in the /etc/passwd file and a hash password is stored in the file /etc/shadow. Some operations on a user account are discussed below.
Creating a user with a default setting: A user can be added by running the useradd command at the command prompt. After creating the user, set a password using the
passwd utility, as follows:
[[email protected] bhargab]# useradd anirban [[email protected] bhargab]# passwd anirban Changing password for user anirban. New password: Retype new password: passwd: all authentication tokens updated successfully.
The system automatically assigns a UID, creates the home directory (/home/<username>) and sets the default shell to /bin/bash. The useradd command creates a user private group whenever a new user is added to the system and names the group after the user.
Specifying a user’s full name when creating a user: A systems administrator can use the –c option with useradd to specify the user’s full name, as shown below:
[[email protected] bhargab]# useradd -c “Anirban Choudhury” anirban
Creating a user with the UID: You can create a user with a custom UID with the –u option, as follows:
[[email protected] bhargab]# useradd -u 1036 anirban
Creating a user with non-default home directory: A non-default home directory can be set by executing the following command:
[[email protected] bhargab]# useradd –d /home/test anirban
Adding a user to a primary group and supplementary group: A systems administrator can specify a primary group and a supplementary one by specifying the –g and –G option, respectively.
[[email protected] bhargab]# useradd -g “head” -G “faculty” anirban
Locking and unlocking a user: A super user can lock and unlock a user account. To lock an account, one needs to invoke passwd with the -l option.
[[email protected] bhargab]# passwd -l anirban Locking password for user anirban. passwd: Success
The –u option with passwd unlock an account, as
[[email protected] bhargab]# passwd -u anirban Unlocking password for user anirban. passwd: Success
Changing a user name: The –l option with the usermod command changes the login (user) name, as shown below:
[[email protected] bhargab]# usermod -l “nishant” anirban
Removing a user: Combining userdel with the –r option drop a user and the home directory associated with that user, as shown below:
[[email protected] bhargab]# userdel -r nishant
Linux group is a mechanism to organise a collection of users. Like the user ID, each group is also associated with a unique ID called the GID (group ID). There are two types of groups – a primary group and a supplementary group. Each user is a member of a primary group and of zero or ‘more than zero’ supplementary groups. The group information is stored in /etc/group and the respective passwords are stored in the /etc/gshadow file. Some operations such as creating, deleting and modifying on a group are discussed below.
Creating a group with default settings: To add a new group with default settings, run the groupadd command as a root user, as shown below:
[[email protected] bhargab]# groupadd employee
If you wish to add a password, then type gpasswd with the group name, as follow:
[[email protected] bhargab]# gpasswd employee Changing the password for group employee New Password: Re-enter new password:
Creating a group with a specified GID: To explicitly specify the GID of a group, execute the groupadd command with the –g option, as follow:
[[email protected] bhargab]# groupadd -g 1200 manager
Removing group password: To remove a group password, run gpasswd –r with the relevant group name, as follow:
[[email protected] bhargab]# gpasswd -r employee
Changing the group’s name: To change the group’s name, run the groupmod command with the -n option as a super user, as shown below:
[[email protected] bhargab]# groupmod -n hrmanager employee
Changing the group’s GID: To change the GID of a group, run the groupmod command with –g, as follow:
[[email protected] bhargab]# groupmod -g 1050 manager
Deleting a group: Before deleting a primary group, delete the users of that primary group. To delete a group, run the groupdel command with the group name, as shown below:
[[email protected] bhargab]# groupdel employee
If you wish to know much more about the user and group management, you can refer to the Red Hat system administration and manual page of each command.