This is an article that takes the reader back to the basics of Linux. It covers the various aspects of users and groups in Linux, like adding or removing them, giving them passwords, etc—all from a systems administrator’s point of view.
Linux is a multi-user operating system, which means that more than one user can use Linux at the same time. Linux provides a beautiful mechanism to manage users in a system. One of the most important roles of a system administrator is to manage the users and groups in a system. All the commands used in this article are explained using the CentOS Linux distro.
A user or account of a system is uniquely identified by a numerical number called the UID (unique identification number). There are two types of users – the root or super user and normal users. A root or super user can access all the files, while the normal user has limited access to files. A super user can add, delete and modify a user account. The full account information is stored in the /etc/passwd file and a hash password is stored in the file /etc/shadow. Some operations on a user account are discussed below.
Creating a user with a default setting: A user can be added by running the useradd command at the command prompt. After creating the user, set a password using the
passwd utility, as follows:
[root@localhost bhargab]# useradd anirban [root@localhost bhargab]# passwd anirban Changing password for user anirban. New password: Retype new password: passwd: all authentication tokens updated successfully.
The system automatically assigns a UID, creates the home directory (/home/<username>) and sets the default shell to /bin/bash. The useradd command creates a user private group whenever a new user is added to the system and names the group after the user.
Specifying a user’s full name when creating a user: A systems administrator can use the –c option with useradd to specify the user’s full name, as shown below:
[root@localhost bhargab]# useradd -c “Anirban Choudhury” anirban
Creating a user with the UID: You can create a user with a custom UID with the –u option, as follows:
[root@localhost bhargab]# useradd -u 1036 anirban
Creating a user with non-default home directory: A non-default home directory can be set by executing the following command:
[root@localhost bhargab]# useradd –d /home/test anirban
Adding a user to a primary group and supplementary group: A systems administrator can specify a primary group and a supplementary one by specifying the –g and –G option, respectively.
[root@localhost bhargab]# useradd -g “head” -G “faculty” anirban
Locking and unlocking a user: A super user can lock and unlock a user account. To lock an account, one needs to invoke passwd with the -l option.
[root@localhost bhargab]# passwd -l anirban Locking password for user anirban. passwd: Success
The –u option with passwd unlock an account, as
[root@localhost bhargab]# passwd -u anirban Unlocking password for user anirban. passwd: Success
Changing a user name: The –l option with the usermod command changes the login (user) name, as shown below:
[root@localhost bhargab]# usermod -l “nishant” anirban
Removing a user: Combining userdel with the –r option drop a user and the home directory associated with that user, as shown below:
[root@localhost bhargab]# userdel -r nishant
Linux group is a mechanism to organise a collection of users. Like the user ID, each group is also associated with a unique ID called the GID (group ID). There are two types of groups – a primary group and a supplementary group. Each user is a member of a primary group and of zero or ‘more than zero’ supplementary groups. The group information is stored in /etc/group and the respective passwords are stored in the /etc/gshadow file. Some operations such as creating, deleting and modifying on a group are discussed below.
Creating a group with default settings: To add a new group with default settings, run the groupadd command as a root user, as shown below:
[root@localhost bhargab]# groupadd employee
If you wish to add a password, then type gpasswd with the group name, as follow:
[root@localhost bhargab]# gpasswd employee Changing the password for group employee New Password: Re-enter new password:
Creating a group with a specified GID: To explicitly specify the GID of a group, execute the groupadd command with the –g option, as follow:
[root@localhost bhargab]# groupadd -g 1200 manager
Removing group password: To remove a group password, run gpasswd –r with the relevant group name, as follow:
[root@localhost bhargab]# gpasswd -r employee
Changing the group’s name: To change the group’s name, run the groupmod command with the -n option as a super user, as shown below:
[root@localhost bhargab]# groupmod -n hrmanager employee
Changing the group’s GID: To change the GID of a group, run the groupmod command with –g, as follow:
[root@localhost bhargab]# groupmod -g 1050 manager
Deleting a group: Before deleting a primary group, delete the users of that primary group. To delete a group, run the groupdel command with the group name, as shown below:
[root@localhost bhargab]# groupdel employee
If you wish to know much more about the user and group management, you can refer to the Red Hat system administration and manual page of each command.