This article aims to explore about user and group management. Managing user and group helps to learn how one can add, modify and remove users and groups in Linux.
User Management
User management enables administrators(superuser) to grant access and manage user access and control user accounts. It includes everything from creating a user to deleting a user on your system.
Understand the /etc/passwd
/etc/passwd is a configuration file which stores User account information. This information includes the account name, home directory location, and default shell, among other values.
It has 7 fields and each field is separated by a :
.
The syntax are,
username : password : UID : GID : username : home directory : Login shell
In the above screenshot, it has seven columns separated by a colon. Starting from the left columns denotes
|
|
|
root |
| The field stores username or login name of the user at the time of creation. |
x |
| The x signifies the user's encrypted password that is stored in the etc/shadow file. |
0 |
| The UID is a number used by the linux system to identify users. |
0 |
| As the UID, GID is also a number determines the primary group of a user. |
root |
| This field is GESOC field, basically contains a user's full name and additional details like phone number etc. |
/root |
| This field represents the absolute path of the user's home directory. |
/bin/bash |
| This field contains the name of the default shell associated with a user. |
More information can be found by typing man 5 passwd,
$ man 5 passwd
Adduser
Adduser command provides a high level of interface for adding new users, as it is more easier and comes with user friendly interactive prompt that asks you for information about the new user account you are trying to add. The command adduser creates a user directory in the home(home/user) automatically.
Useradd
The useradd command just creates the user in current working system. Useradd is a low-level utility for adding users. It does not create a home directory for the new user by default. It does not ask for the password nor any additional information.
In the above snap, useradd gives us absolutely no output which actually means the user creation was successful. If we want to set password afterwards, then we need to run passwd
command.
Following are the commonly options used along with useradd
command while creating users.
-c "comment"
: Provide a short description(full username) of the new user account.
-d "home_dir"
: Sets the home directory for the specified user. By default, the useradd command sets it to the username (/home/name), but you can replace it with the directory of your choice.
-D
: Rather than create a new account, save the supplied information as the new default settings for any new accounts that are created. Every linux flavour have a file called/etc/default/useradd
which contains some default user operations. Besides using cat command to display this file, we can use user -D.
-e "expire_date"
: Assign the expiration date for the user account in YYYY-MM-DD format.
g
: allows to set the specific group id of a user.
-G "grouplist"
: Add the new user to the supplied comma-separated list of multiple groups.
-m
: Automatically create the user's home directory and copy the files in the skeleton directory (/etc/skel) to it.
-p "password"
: set an unencrypted password for the user.
In the above snap, a new user "sagar"
is created with an unencrypted password "setpassword"
.
-s "shell"
: create a user with changed login shell.
-u "userid"
: Specify the user ID number for the account. Without the-u
option, by default assigned the next available number automatically. User IDs for regular users begin at 1000, so you should use IDs for regular users that are above that number in a way that doesn't collide with the automatic assignments.
Usermod
Usermod is a command used to modify the existing properties of user in Linux.
-c "username"
: Change the user related comments associated with the user account in/etc/passwd
file.
-d "home_dir"
: When you create a user in Linux, the system automatically creates a home folder for them in/home/username
. To change the location of the user’s home folder, use theusermod
with-d
option.
-e "expire_date"
: Assign a new expiration date for the account in YYYY-MM-DD format. Replace expire_date with a date you want to use.
-g "group"
: Change the primary group (as listed in the /etc/group file) the user will be in. Replace group with the group name.
-G "grouplist"
: Set the user's secondary groups to the supplied comma-separated list of groups.
If the -a
is not used, existing supplementary groups("ubuntu", "jenkins"
) for "pasha"
are erased and the new list of groups("linux"
) includes the only supplementary groups assigned to that user.
-u "user_id
": Change the user ID number for the account. Replace user_id with the ID number.
-s "shell"
: Specify a different command shell to use for this account. Replace shell with the command shell.
Userdel
Just as usermod is used to modify user settings and useradd is used to create users, userdel is used to remove users. This command basically modifies the system account files, deleting all the entries which refer to the username login. It is a low-level utility for removing the users.
In most Linux distributions, while removing a user account with userdel, the user home directories are not removed.
In the above snapshot we run command userdel ankita
, but still the home directory for ankita
is not deleted.
-r "remove"
: using-r
along withuserdel
command removes the user's home directory along user's mail spool as well.
-f "force"
: using-f
along withuserdel
command forcefully remove the user account, even if the user is still logged in or if there are running processes that belong to the user.
Understand /etc/shadow
On Linux, the /etc/shadow
file keep encrypted passwords safe from prying eyes and password cracking programs. The shadow file is directly accessible only to root user. It also includes some additional account information that wasn’t provided for in the original /etc/passwd
file.
The shadow file is not a superset of the passwd file, and the passwd file is not generated from it.
It has nine fields and each field is separated by colons :
.
username:password:last changed password:min:max:warn:inactive:expired:unused
Parameter | Specifications |
Username | A valid user account on the system. |
Password | Encrypted password in hash format. |
Last changed password | Display the date when last time user changed password. |
Minimum | The minimum number of days left before the user is allowed to change their password again. If the minimum is not set, the value here will be 0. |
Maximum | The number of days the password is valid.i.e. how long user can go without changing password. By default, the value set at a 99,999 days. |
Warning | This field determines the number of days before a password is to expire, during which the user is warned, will receive reminders to change their password. |
Inactive | This is the number of days after password expires that account is disabled. |
Expire | This date is expiration of the account, when the system will automatically disable the user's account. Once disabled, the user will be unable to login until an administrator enables it again. |
Unused | This field currently always empty and is reserved for future use. |
- How to change my(root) account password?
$ passwd
- How to change password for other user?
$ passwd <username>
Group Management
Basically there are two types of groups in Linux, PRIMARY GROUP
and SECONDARY GROUP
. when you create an user, the group same name as the user called primary group also gets created which belongs to user.
There can be only one primary group for each user. And the secondary groups are the one, if needed then we can create it and add the individual user to that secondary group.
Understand /etc/group
The /etc/group file contains the names of UNIX groups and a list of each group’s members.
It has four field and each field is separated by a colon :
.
Character | Definition |
Groupname | name of the group. |
Password | x in this field indicates that passwords are used. |
GID | keep the group's GID number. |
Group members | List of users that are members of the group. |
Groupadd
The groupadd command is used to add a group in the current working system. while creation we can get to know everything about the group as its name, password, GID and the users present in that group.
-g
: You can create a new group with a specific group ID using -g
option.
gpasswd
gpasswd command is used to set the password of the group.
In the above snap After executing the command we have to enter the new password which we want to assign to the group. The password has to be given twice for confirmation purposes.
groupmod
groupmod command is used to modify the properties of existing group account.
$ groupmod -n <newgroup> <oldgroup>
groupdel
This command is used to remove groups even if there are members in the group.
You cannot remove the primary group of any existing user. In order to remove the user's primary group, remove user before the group.
Conclusion
Though we came to end of this article, I hope this article has helped you to understand about all aspects of User and Group Management on Linux.
Hope you like the article. So Stay Tuned for the next article .
Thank you. Happy learning!📍
And also don't forget to like and share this article.😎