Posted in: Linux, Unix

All you need to know about User Management in Linux

A group is a set of users to whom a name is assigned. For example, group of ‘students’, ’employees’, ‘actors’, ‘developers’.
A user can be part of one or multiple groups. In unix, all users are part of at least one group, called the user’s primary group.
– /etc/passwd file :-
In unix you will fine the list of the users,their respective IDs,shell etc in /etc/passwd file
# less /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin


– /etc/group file :-
Similar to passwd, the /etc/group file shows the list of existing groups, ids , etc.
# cat /etc/group 
root:x:0:
daemon:x:1:
bin:x:2:

– useradd :-
useradd is used to add a new user. Below are few parameters which can be specified :
-u, --uid UID                user ID of the new account
-m, --create-home            create the user's home directory
-d, --home-dir HOME_DIR      home directory of the new account
-g, --gid GROUP              name or ID of the primary group of the new account
-s, --shell SHELL            login shell of the new account
-G, --groups GROUPS          new list of supplementary GROUPS
Example :
# useradd jim

# less /etc/passwd | grep-i jim
jim:1001:1001::/home/Jay:/bin/sh

– passwd :-
Once the account is created, you need to set a password for the account using passwd command. Actually any new account created in Unix is in locked state. The passwd command unlocks it and sets the password. You would be able to see the information in the /etc/shadow file, which stores the user password in encrypted form.
# passwd jim
New password:
Retype new password:
passwd: password updated successfully


# less /etc/shadow | grep -i jim
jim:$y$j9T$OeIku5O2gsw/dvsQxk1nU/$5.ovknC7X7T2frTerCCnECQpNtx/gaMNjOKcpAryJm2:19172:0:99999:7:::
Using the passwd command, you can also lock a user’s account. To unlock it back, you need to set the password again :
# passwd -l jim
passwd: password expiry information changed.

– groupadd :-
With group add you can create a new group.
# groupadd students
# less /etc/group | grep -i students
students:x:1002:

– usermod :-
You can manipulate the user’s information using usermod. Here I have added the user to newly created group ‘students’
To check the current details of the user, id command can be used :
# id jim
uid=1001(jim) gid=0(root) groups=0(root)
Modified the group details –
# usermod -g root -G students jim


# less /etc/passwd | grep -i jim
jim:x:1001:0::/home/jim:/bin/sh


# id jim
uid=1001(jim) gid=0(root) groups=0(root),1002(students)
Note : Here '1002' is the group id for the group name 'students'
Similarly, you can assign a new id, directory or shell to existing user with usermod :
Changed the shell to /bin/bash for user jim –
# usermod -s /bin/bash jim
# less /etc/passwd | grep -i jim
jim:x:1001:0::/home/jim:/bin/bash
Changed the home directory from /home/jim to /jim for user jim –
# usermod -d /jim jim
# less /etc/passwd | grep -i jim
jim:x:1001:0::/jim:/bin/bash
Changed the user if from 1001 to 1003 for user jim –
# usermod -u 1003 jim
# less /etc/passwd | grep -i jim
jim:x:1003:0::/jim:/bin/bash
Change the password expiry date for a user jit –
# usermod -e 2022-07-29 jit
You can also lock a user’s account using userrmod –
# usermod -L jit

– chage :-
We can check age/expiry for user account using chage command.
# chage -l jit
Last password change : Jun 29, 2022
Password expires : never
Password inactive : never
Account expires : Jul 29, 2022
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

– userdel :-
It is used to delete an existing user account.
# userdel jim
# less /etc/passwd | grep -i jim
#

– groupdel :-
You can delete an existing group if it’s no longer needed.
# less /etc/group | grep -i students
students:x:1002:

# groupdel students

# less /etc/group | grep -i students
#
Back to Top