Linux User and Group Management
User and group management is fundamental to Linux system administration, controlling access to files, directories, and system resources. Here’s a comprehensive guide:
User Management
1. Viewing Users
cat /etc/passwd # List all users
getent passwd # Alternative method
id username # Show user details
whoami # Show current user2. Creating Users
useradd username # Basic user creation
useradd -m username # Create with home directory
useradd -G group1,group2 username # Add to supplementary groups
useradd -s /bin/bash username # Set default shell
useradd -u 1005 username # Specify UID3. Modifying Users
usermod -aG sudo username # Add to sudo group
usermod -s /bin/zsh username # Change shell
usermod -L username # Lock account
usermod -U username # Unlock account
usermod -d /new/home username # Change home directory4. Deleting Users
userdel username # Delete user (keeps home dir)
userdel -r username # Delete user and home directory5. Password Management
passwd username # Set/change password
passwd -l username # Lock password
passwd -u username # Unlock password
passwd -e username # Expire password (force change)
chage -l username # View password aging infoGroup Management
1. Viewing Groups
cat /etc/group # List all groups
getent group # Alternative method
groups username # Show user's groups2. Creating Groups
groupadd groupname # Create new group
groupadd -g 1005 groupname # Create with specific GID3. Modifying Groups
groupmod -n newname oldname # Rename group
groupmod -g 1006 groupname # Change GID4. Deleting Groups
groupdel groupname # Delete group5. Managing Group Memberships
gpasswd -a user group # Add user to group
gpasswd -d user group # Remove user from group
usermod -aG group1,group2 user # Add to multiple groupsImportant Files
-
/etc/passwd - User account information
- Format:
username:x:UID:GID:description:homedir:shell
- Format:
-
/etc/shadow - Encrypted passwords and aging info (root only)
-
/etc/group - Group definitions
- Format:
groupname:x:GID:members
- Format:
-
/etc/gshadow - Secure group information (root only)
Special Users
- Root (UID 0) - Superuser with full system access
- System Users (UID 1-999) - For services/daemons (varies by distro)
- Regular Users (UID 1000+) - Normal user accounts
Best Practices
- Use
-aGwithusermodto append groups rather than replace - Always use
visudoto edit sudoers file - Regularly audit users with
last,who, andwcommands - Set appropriate password policies in
/etc/login.defs - Use
adduserinstead ofuseraddon Debian-based systems (more user-friendly)
Sudo Privileges
To grant administrative privileges:
usermod -aG sudo username # Debian/Ubuntu
usermod -aG wheel username # RHEL/CentOSThen edit sudoers file safely:
visudo
# Add line: username ALL=(ALL) ALLUser Environment
User-specific configuration files:
~/.bashrc- Shell configuration~/.profile- Login configuration~/.ssh/- SSH keys and config
Practical Examples
- Create a developer user with home directory and add to appropriate groups:
useradd -m -G developers,sudo -s /bin/bash devuser
passwd devuser- Find all users belonging to a specific group:
getent group developers | cut -d: -f4- List all users with UID ≥ 1000 (normal users):
awk -F: '$3 >= 1000 {print $1}' /etc/passwd- Set password expiration policy:
chage -M 90 -W 7 username # Expire after 90 days, warn 7 days beforeProper user and group management is essential for system security and resource access control in Linux environments.