DevOps enthusiast

User and Group Management- A complete guide

User and Group Management- A complete guide

ankita kumari's photo
ankita kumari
·

8 min read

This article aims to explore about user and group management. Managing user and group helps to learn how one can add, modify and remove users and groups in Linux.

User Management

User management enables administrators(superuser) to grant access and manage user access and control user accounts. It includes everything from creating a user to deleting a user on your system.

Understand the /etc/passwd

/etc/passwd is a configuration file which stores User account information. This information includes the account name, home directory location, and default shell, among other values.

It has 7 fields and each field is separated by a : .

The syntax are,

username : password : UID : GID : username : home directory : Login shell

In the above screenshot, it has seven columns separated by a colon. Starting from the left columns denotes

Attributes

Significance

Definition

root

Login name(username)

The field stores username or login name of the user at the time of creation.

x

Encrypted password

The x signifies the user's encrypted password that is stored in the etc/shadow file.

0

User id(UID)

The UID is a number used by the linux system to identify users.

0

Primary group id(GID)

As the UID, GID is also a number determines the primary group of a user.

root

Username and comment field

This field is GESOC field, basically contains a user's full name and additional details like phone number etc.

/root

Home directory

This field represents the absolute path of the user's home directory.

/bin/bash

Login shell

This field contains the name of the default shell associated with a user.

More information can be found by typing man 5 passwd,

$ man 5 passwd

Adduser

Adduser command provides a high level of interface for adding new users, as it is more easier and comes with user friendly interactive prompt that asks you for information about the new user account you are trying to add. The command adduser creates a user directory in the home(home/user) automatically.

Useradd

The useradd command just creates the user in current working system. Useradd is a low-level utility for adding users. It does not create a home directory for the new user by default. It does not ask for the password nor any additional information.

In the above snap, useradd gives us absolutely no output which actually means the user creation was successful. If we want to set password afterwards, then we need to run passwd command.

Following are the commonly options used along with useradd command while creating users.

  • -c "comment": Provide a short description(full username) of the new user account.

  • -d "home_dir": Sets the home directory for the specified user. By default, the useradd command sets it to the username (/home/name), but you can replace it with the directory of your choice.

  • -D : Rather than create a new account, save the supplied information as the new default settings for any new accounts that are created. Every linux flavour have a file called /etc/default/useradd which contains some default user operations. Besides using cat command to display this file, we can use user -D.

  • -e "expire_date": Assign the expiration date for the user account in YYYY-MM-DD format.

  • g: allows to set the specific group id of a user.

  • -G "grouplist": Add the new user to the supplied comma-separated list of multiple groups.

  • -m: Automatically create the user's home directory and copy the files in the skeleton directory (/etc/skel) to it.

  • -p "password": set an unencrypted password for the user.

In the above snap, a new user "sagar" is created with an unencrypted password "setpassword".

  • -s "shell": create a user with changed login shell.

  • -u "userid": Specify the user ID number for the account. Without the -u option, by default assigned the next available number automatically. User IDs for regular users begin at 1000, so you should use IDs for regular users that are above that number in a way that doesn't collide with the automatic assignments.

Usermod

Usermod is a command used to modify the existing properties of user in Linux.

  • -c "username": Change the user related comments associated with the user account in /etc/passwd file.

  • -d "home_dir": When you create a user in Linux, the system automatically creates a home folder for them in /home/username. To change the location of the user’s home folder, use the usermod with -d option.

  • -e "expire_date": Assign a new expiration date for the account in YYYY-MM-DD format. Replace expire_date with a date you want to use.

  • -g "group": Change the primary group (as listed in the /etc/group file) the user will be in. Replace group with the group name.

  • -G "grouplist": Set the user's secondary groups to the supplied comma-separated list of groups.

If the -a is not used, existing supplementary groups("ubuntu", "jenkins") for "pasha" are erased and the new list of groups("linux") includes the only supplementary groups assigned to that user.

  • -u "user_id": Change the user ID number for the account. Replace user_id with the ID number.

  • -s "shell": Specify a different command shell to use for this account. Replace shell with the command shell.

Userdel

Just as usermod is used to modify user settings and useradd is used to create users, userdel is used to remove users. This command basically modifies the system account files, deleting all the entries which refer to the username login. It is a low-level utility for removing the users.

In most Linux distributions, while removing a user account with userdel, the user home directories are not removed.

In the above snapshot we run command userdel ankita, but still the home directory for ankita is not deleted.

  • -r "remove": using -r along with userdel command removes the user's home directory along user's mail spool as well.

  • -f "force": using -f along with userdel command forcefully remove the user account, even if the user is still logged in or if there are running processes that belong to the user.

Understand /etc/shadow

On Linux, the /etc/shadow file keep encrypted passwords safe from prying eyes and password cracking programs. The shadow file is directly accessible only to root user. It also includes some additional account information that wasn’t provided for in the original /etc/passwd file.

The shadow file is not a superset of the passwd file, and the passwd file is not generated from it.

It has nine fields and each field is separated by colons : .

username:password:last changed password:min:max:warn:inactive:expired:unused

ParameterSpecifications
UsernameA valid user account on the system.
PasswordEncrypted password in hash format.
Last changed passwordDisplay the date when last time user changed password.
MinimumThe minimum number of days left before the user is allowed to change their password again. If the minimum is not set, the value here will be 0.
MaximumThe number of days the password is valid.i.e. how long user can go without changing password. By default, the value set at a 99,999 days.
WarningThis field determines the number of days before a password is to expire, during which the user is warned, will receive reminders to change their password.
InactiveThis is the number of days after password expires that account is disabled.
ExpireThis date is expiration of the account, when the system will automatically disable the user's account. Once disabled, the user will be unable to login until an administrator enables it again.
UnusedThis field currently always empty and is reserved for future use.
  • How to change my(root) account password?

$ passwd

  • How to change password for other user?

$ passwd <username>

Group Management

Basically there are two types of groups in Linux, PRIMARY GROUP and SECONDARY GROUP. when you create an user, the group same name as the user called primary group also gets created which belongs to user.

There can be only one primary group for each user. And the secondary groups are the one, if needed then we can create it and add the individual user to that secondary group.

Understand /etc/group

The /etc/group file contains the names of UNIX groups and a list of each group’s members.

It has four field and each field is separated by a colon : .

CharacterDefinition
Groupnamename of the group.
Passwordx in this field indicates that passwords are used.
GIDkeep the group's GID number.
Group membersList of users that are members of the group.

Groupadd

The groupadd command is used to add a group in the current working system. while creation we can get to know everything about the group as its name, password, GID and the users present in that group.

-g: You can create a new group with a specific group ID using -g option.

gpasswd

gpasswd command is used to set the password of the group.

In the above snap After executing the command we have to enter the new password which we want to assign to the group. The password has to be given twice for confirmation purposes.

groupmod

groupmod command is used to modify the properties of existing group account.

$ groupmod -n <newgroup> <oldgroup>

groupdel

This command is used to remove groups even if there are members in the group.

You cannot remove the primary group of any existing user. In order to remove the user's primary group, remove user before the group.

Conclusion

Though we came to end of this article, I hope this article has helped you to understand about all aspects of User and Group Management on Linux.

Hope you like the article. So Stay Tuned for the next article .

Thank you. Happy learning!📍

And also don't forget to like and share this article.😎

user managementBasic group managementlinux for beginnersDevopslinux-commands