Linux User and Group Management
Users must authenticate to a Linux system before they can use resources or access files on it. The authentication process relies on a user account to represent the person, and this account is protected with a password. Linux grants or denies access to directories and files based on this identity.
To make things easier on administrators, users with similar access requirements are placed into groups. Rather than having to grant ten individual users access to a folder, an administrator can place them all in a group and grant access to the group.
This article provides commands you can use on a Linux system to manage users and groups.
This article on services fits into a larger series of Linux articles covering various sysadmin topics, including hardware identification and managing system processes. You can build a lab environment by following the information in the Linux: Companion Lab for Linux Skill Blocks Repository article. If you need to review Linux command syntax, read Understand the Linux Command Line.
In this series, we also covered how to pick a distribution, how the Linux kernel interacts with hardware and how Linux manages system services.
Two companion articles follow this one in the weeks to come. The first of those covers managing directories and files. The second demonstrates standard Linux permissions. You can control access to directories and files using permissions applied to the users and groups created in this tutorial.
Manage Users
Managing Linux users from the command line is straightforward. You must know three related commands to create, modify, or delete users, and one command to reset passwords.
| Command | Description |
| useradd | Create a new user account |
| usermod | Modify an existing user account |
| userdel | Delete an existing user account |
| passwd | Set (or reset) a user account password |
I’ll provide examples of each of these commands. I suggest you work with the same accounts I do so that the next section (Linux groups) makes sense.
Create a User Account
Creating a new user account is as simple as typing the useraddcommand and a unique username. As with other commands, plenty of options exist to modify the results. Check the useradd man page for examples.
Create a user named
fsmith (a likely account name for user Fred Smith):
|
1 |
$ sudo useradd fsmith |
Note: It is a poor security practice to log on to a Linux system as the root (administrator) user. Most systems force you to log on as a regular user and then use the sudo (super user do) command to elevate your privileges. You may be prompted for your password when using sudo.
You will probably not receive any response from your system, which indicates the command succeeded. Type the following command to confirm the account exists:
|
1 |
$ sudo tail /etc/passwd |
Linux stores user accounts in a file named
passwd in a directory named
/etc. The tail command displays the last ten lines of that file — and new user accounts always appear at the end of the file.
On most Linux systems, the
useradd command automatically creates a home folder for the user. Use the following
ls command to check:
|
1 |
$ ls /home |
You should see a home directory named
fsmith.
Create another user account, this time adding the comment field using the
-c option. You’ll place the user’s full name in the comment field.
|
1 |
$ sudo useradd -c "Sean Lee" slee |
Use the same tail command as above to display the new account. Do you see a section with the user’s full name?
You enclosed the user’s full name ( Sean Lee) in double quotes due to the space between the first and last name. Normally, Linux would treat those as two values—one called Sean and the other called Lee. By enclosing them in quotes, you tell Linux to treat the two words as a single value—” Sean Lee “.
Create a third account for user Maria Garcia using the same command and option as you did for Sean Lee. Don’t forget to check the /etc/passwd file to confirm the account exists.
Modify a User Account
Notice that you did not enter a comment field for Fred Smith’s account containing his full name. Use the
usermod command to update the account with the user’s full name:
|
1 |
$ sudo usermod -c "Fred Smith" fsmith |
The
-c "Fred Smith" option remains the same but this time you used the
usermod command to modify an existing account rather than the
useradd command to create a new one.
Check the usermod man page to see what other modifications you can make.
Delete a User Account
Now that you can create and modify accounts, it’s time to demonstrate removing accounts from the system. Create an account to delete named
sgomez (for Saul Gomez) and confirm it exists in the
/etc/passwd file.
|
1 |
$ sudo useradd -c "Saul Gomez" sgomez |
Delete user accounts using the
userdelcommand. If you add the
-r option the system will delete the user’s home directory, too. There are a few other options in the userdel man page.
|
1 |
$ sudo userdel -r sgomez |
Set a Password for a User Account
Most Linux distributions don’t prompt you to set a user password during the account creation process. A user cannot log on with an account until it has a password configured. Use the passwd command to set a password:
|
1 |
$ sudo passwd fsmith |
You’ll be prompted to enter the password twice. For now, set a simple password like
Pa$$w0rd. Note that there is no indication on the screen that you’re typing a password.
Set a password for the slee and mgarcia accounts, too. Use the same process to reset a forgotten password.
Manage Users (summary)
Practice using the three Linux commands for adding, modifying, and deleting user accounts and explore the related options using the man pages. Don’t forget to set passwords for each account using the passwd command.
Manage Groups
Groups are collections of user accounts with similar security requirements. These requirements usually center on directory and file access (permissions).
The commands to manage Linux groups are similar to user management commands.
| Command | Description |
| groupadd | Create a new group |
| groupmod | Modify an existing group |
| groupdel | Delete an existing group |
In the earlier section, you created several user accounts, perhaps for a mock company. Next, you’ll organize those users into groups based on company departments.
Use the groupadd command to create a group named
InfoTech :
|
1 |
$ sudo groupadd InfoTech |
Linux stores groups in the /etc/group file. Use the tail command to display the last few lines of this file. You should see the new InfoTech group.
Create two more groups — one named HR and the other named PR to represent the Human Resources and Public Relations departments. Verify they exist in the /etc/group file.
The primary modification you might make to a group is renaming it. Use the groupmod command to rename the
InfoTech group to
IT :
|
1 |
$ sudo groupmod -n IT InfoTech |
Observe the order of arguments for the groupmod -n command. Specify the new group name followed by the current group name.
The groupdel command deletes groups. Note that deleting a group does not delete any user accounts contained in the group.
Create a group named
Sales using the
groupadd command. Confirm it exists in the
/etc/group file. Next, delete the
Sales group using the
groupdel command:
|
1 |
$ sudo groupdel Sales |
Verify the group is gone.
Place Users into Groups
You have now created, modified, and removed users. You’ve done the same for groups. However, you have not yet added a user to a group, which is essential. The following table shows how the users need to be organized.
| User | Department | Group |
| fsmith | Information Technology | IT |
| slee | Human Resources | HR |
| mgarcia | Public Relations | PR |
Adding a user to a group modifies the user, so the appropriate command is
usermod . You’ll need the
-a and
-G options, too. The syntax to add user
fsmith to the
IT group looks like this:
|
1 |
$ sudo usermod -aG IT fsmith |
Use the
tail command to display the
/etc/group file. You should see the
fsmith account associated with the
IT group.
Add the slee account to the HR group and the mgarcia account to the PR group. Confirm the memberships by checking the /etc/group file.
Manage Groups (summary)
Practice using these commands by creating several groups and adding users to them. Review the /etc/group file to confirm the groups and determine who is a member of each.
Wrap up
Spend some time in your lab environment creating, modifying, and deleting user accounts. Get in the habit of setting passwords for each account you create, too. Create some groups and practice adding users to them. These are daily tasks for Linux administrators and common objectives for Linux certification exams like CompTIA Linux+. Creating users is the first step toward controlling access to Linux files using permissions. The system must know the user’s identity to determine whether the user should be able to access a file.
You might find it useful to create a small demo company that contains four/five departments and up to ten employees. Create accounts and groups for this demo organization. Work with these commands until they become second nature!
