Skip to content

User Management

Overview

Linux is a multi-user operating system, and user management is one of the core tasks of system administration. This chapter introduces the concepts, creation, modification, and deletion of users and groups.

User and Group Concepts

User Types

TypeUID RangeDescription
root0Superuser, has all permissions
System users1-999Services and daemons
Regular users1000+Daily use user accounts
FileDescription
/etc/passwdUser account information
/etc/shadowEncrypted password information
/etc/groupGroup information
/etc/gshadowGroup password information

/etc/passwd Format

username:x:UID:GID:comment:home_dir:shell
maxwell:x:1000:1000:Maxwell:/home/maxwell:/bin/bash
FieldDescription
usernameUsername
xPassword placeholder (actual password is in shadow)
UIDUser ID
GIDPrimary group ID
commentUser description
home_dirHome directory
shellLogin shell

/etc/shadow Format

username:$6$salt$hash:lastchg:min:max:warn:inactive:expire:reserved:
FieldDescription
usernameUsername
passwordEncrypted password
lastchgDays since password changed (from 1970-01-01)
minMinimum password age in days
maxMaximum password age in days
warnDays before password expiration warning
inactiveDays after expiration when account is disabled
expireAccount expiration date

/etc/group Format

groupname:x:GID:members:
developers:x:1001:alice,bob

Viewing User Information

id - User ID Information

bash
# Current user
$ id
uid=1000(maxwell) gid=1000(maxwell) groups=1000(maxwell),27(sudo),docker

# Specified user
$ id alice

# Show only UID
$ id -u maxwell

# Show only GID
$ id -g maxwell

# Show all groups
$ id -G maxwell

whoami - Current Username

bash
$ whoami
maxwell

who - Logged-in Users

bash
$ who
maxwell  pts/0        2025-01-09 10:00 (192.168.1.100)
alice    pts/1        2025-01-09 11:00 (192.168.1.101)

# More information
$ who -a

w - User Activity

bash
$ w
 10:30:00 up 5 days,  3:00,  2 users, load average: 0.00, 0.01, 0.05
 USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
maxwell  pts/0    192.168.1.100    10:00    0.00s  0.01s  0.00s w
alice    pts/1    192.168.1.101    11:00    1:00m  0.00s 0.00s bash

last - Login History

bash
$ last
maxwell  pts/0        192.168.1.100    Thu Jan 9 10:00   still logged in
alice    pts/1        192.168.1.101    Thu Jan 9 09:00 - 09:30  (00:30)

# Last 10 entries
$ last -10

# Specified user
$ last maxwell

groups - User's Groups

bash
$ groups
maxwell sudo docker

$ groups alice
alice : alice developers

Creating Users

useradd - Add User

bash
# Basic creation
$ sudo useradd username

# Create with home directory
$ sudo useradd -m username

# Specify home directory
$ sudo useradd -m -d /home/custom username

# Specify shell
$ sudo useradd -m -s /bin/bash username

# Specify primary group
$ sudo useradd -m -g groupname username

# Specify additional groups
$ sudo useradd -m -G sudo,docker username

# Specify UID
$ sudo useradd -m -u 1500 username

# Add description
$ sudo useradd -m -c "Full Name" username

# Set account expiration date
$ sudo useradd -m -e 2025-12-31 username

# Complete example
$ sudo useradd -m -s /bin/bash -c "Alice Smith" -G sudo,developers alice

adduser - Interactive Creation (Debian Family)

bash
$ sudo adduser username
Adding user `username' ...
Adding new group `username' (1001) ...
Adding new user `username' (1001) with group `username' ...
Creating home directory `/home/username' ...
Copying files from `/etc/skel/' ...
New password:
Retype new password:
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]

Setting Password

bash
# Set password
$ sudo passwd username
New password:
Retype new password:
passwd: password updated successfully

# Change your own password
$ passwd

Modifying Users

usermod - Modify User

bash
# Change username
$ sudo usermod -l newname oldname

# Change home directory
$ sudo usermod -d /home/newdir -m username

# Change shell
$ sudo usermod -s /bin/zsh username

# Change description
$ sudo usermod -c "New Description" username

# Add to additional groups
$ sudo usermod -aG sudo username
$ sudo usermod -aG docker,developers username

# Change primary group
$ sudo usermod -g newgroup username

# Lock account
$ sudo usermod -L username

# Unlock account
$ sudo usermod -U username

# Set account expiration date
$ sudo usermod -e 2025-12-31 username

chsh - Change Shell

bash
# Change your own shell
$ chsh -s /bin/zsh

# Change another user's shell
$ sudo chsh -s /bin/zsh username

# View available shells
$ cat /etc/shells

chfn - Modify User Information

bash
$ sudo chfn username
Changing finger information for username.
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:

Deleting Users

userdel - Delete User

bash
# Delete user only
$ sudo userdel username

# Delete user and home directory
$ sudo userdel -r username

# Force delete (even if user is logged in)
$ sudo userdel -f username

deluser (Debian Family)

bash
# Delete user
$ sudo deluser username

# Delete user and home directory
$ sudo deluser --remove-home username

# Delete all user's files
$ sudo deluser --remove-all-files username

Group Management

Create Group

bash
# Create group
$ sudo groupadd groupname

# Specify GID
$ sudo groupadd -g 1500 groupname

# Create system group
$ sudo groupadd -r systemgroup

Modify Group

bash
# Rename group
$ sudo groupmod -n newname oldname

# Modify GID
$ sudo groupmod -g 1600 groupname

Delete Group

bash
$ sudo groupdel groupname

Managing Group Members

bash
# Add user to group
$ sudo usermod -aG groupname username
$ sudo gpasswd -a username groupname

# Remove user from group
$ sudo gpasswd -d username groupname

# Set group administrator
$ sudo gpasswd -A admin_user groupname

# View group members
$ getent group groupname

Password Management

passwd - Password Operations

bash
# Set password
$ sudo passwd username

# Lock account
$ sudo passwd -l username

# Unlock account
$ sudo passwd -u username

# Delete password (no password login)
$ sudo passwd -d username

# Force password change on next login
$ sudo passwd -e username

# View password status
$ sudo passwd -S username
username P 01/09/2025 0 99999 7 -1

chage - Password Expiration Policy

bash
# View password information
$ sudo chage -l username
Last password change                : Jan 09, 2025
Password expires                    : never
Password inactive                   : never
Account expires                     : never
Minimum number of days between password change   : 0
Maximum number of days between password change   : 99999
Number of days of warning before password expires: 7

# Set maximum age
$ sudo chage -M 90 username

# Set minimum age
$ sudo chage -m 7 username

# Set warning days
$ sudo chage -W 14 username

# Set expiration date
$ sudo chage -E 2025-12-31 username

# Force password change on next login
$ sudo chage -d 0 username

sudo Permissions

Configuring sudo

Edit /etc/sudoers (using visudo):

bash
$ sudo visudo
bash
# User permission rules
# Username Host=(Identity) Commands
maxwell ALL=(ALL:ALL) ALL

# Group permission rules
%sudo ALL=(ALL:ALL) ALL

# No password execution
maxwell ALL=(ALL) NOPASSWD: ALL

# Limit commands
bob ALL=(ALL) /usr/bin/apt, /usr/bin/systemctl

# Aliases
User_Alias ADMINS = alice, bob
Cmnd_Alias SERVICES = /usr/bin/systemctl
ADMINS ALL=(ALL) SERVICES

Adding User to sudo Group

bash
# Method 1: Use usermod
$ sudo usermod -aG sudo username

# Method 2: Edit sudoers
$ sudo visudo
# Add: username ALL=(ALL:ALL) ALL

Using sudo

bash
# Execute as root
$ sudo command

# Execute as different user
$ sudo -u username command

# Switch to root shell
$ sudo -i
$ sudo su -

# Keep environment variables
$ sudo -E command

# Edit file
$ sudo -e /etc/hosts
$ sudoedit /etc/hosts

Switching Users

su - Switch User

bash
# Switch to root
$ su -
Password:

# Switch to other user
$ su - username

# Don't load user environment
$ su username

# Execute single command
$ su - username -c "command"

sudo su vs su

bash
# Use sudo su (use current user password)
$ sudo su -

# Use su (use root password)
$ su -

Practical Tips

Batch Create Users

bash
#!/bin/bash
# Batch create users from file
while IFS=: read -r username password; do
    sudo useradd -m -s /bin/bash "$username"
    echo "$username:$password" | chpasswd
done < users.txt

Find Users Without Passwords

bash
$ sudo awk -F: '($2 == "" || $2 == "!") {print $1}' /etc/shadow

Find UID 0 Users

bash
$ awk -F: '$3 == 0 {print $1}' /etc/passwd

List All Regular Users

bash
$ awk -F: '$3 >= 1000 && $3 < 65534 {print $1}' /etc/passwd

Summary

This chapter introduced Linux user management:

  • User operations: useradd, usermod, userdel
  • Group operations: groupadd, groupmod, groupdel
  • Password management: passwd, chage
  • sudo permissions: Configuring and using sudo
  • User switching: su, sudo su

Good user management is foundation of system security. Follow principle of least privilege - grant only necessary permissions.


Previous chapter: Regular Expressions

Next chapter: Process Management

Content is for learning and research only.