User management in any operating system is one of the basic routine tasks of a system administrator.
For a Linux-based OS, it usually involves creating user accounts, modifying existing accounts like changing their home directory, default shell, locking/unlocking one or more accounts, and removing user accounts.
Before we investigate the commands and processes to carry out these tasks, let’s delve briefly into how user accounts can be classified in Linux. Also, note that unless explicitly specified, given commands will work in most of the common Linux distributions.
root user is the administrator of OS with all permissions to perform operations. Usually, only
root can install/uninstall or update basic system programs and libraries. It is the only user account with system-wide privileges.
So, the root user is the most powerful user of the system.
These are the users without logins. They don’t have all the privileges of the
root user. Depending on the account, they assume different specialized roles.
These are created automatically at the time of any application installation.
squid are some of the examples of special users.
Common users have full privileges only in their working directory, usually their home directory. They don’t have privileges to manage the system or install the software. They can’t perform these tasks without having special privileges via
On a Debian or Ubuntu-based system, there are a couple of options to add users from CLI. The first command is
adduser, which is a Perl script and uses
useradd command in the backend whose usage we’ll see later.
Since adding a user is a privileged task, you would need to use
sudo as prefix and
username as argument. Other details can be specified as prompted. Except for username and password, the rest of the details are optional. We can verify that the user has been created by using
$ sudo adduser johndoe Adding user `johndoe' ... Adding new group `johndoe' (1003) ... Adding new user `johndoe' (1003) with group `johndoe' ... Creating home directory `/home/johndoe' ... Copying files from `/etc/skel' ... New password: Retype new password: passwd: password updated successfully Changing the user information for johndoe Enter the new value, or press ENTER for the default Full Name : John Doe Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] Y $ $ id johndoe uid=1003(johndoe) gid=1003(johndoe) groups=1003(johndoe) $
CentOS/RHEL/Fedora (Including Debian/Ubuntu)
The next command,
useradd will work across RHEL based OS distributions as well as works equally well on Ubuntu/Debian hosts. The simplest syntax (without any extra options) to create a new user is:
$ sudo useradd <username>
$ sudo useradd janedoe
useradd command supports multiple options that can be specified while creating the user, most common being user ID (UID), group ID (GID), default shell and home directory, etc. One such example is given below:
$ sudo useradd -s /bin/sh -d /data/newhome -c "Jane Doe" -u 1005 janedoe
You can verify the newly created user using
$ id janedoe uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe) $
One often needs to modify some property of existing users based on organization requirements, user requests, or system migrations. Most of these properties are easy to modify though we need to ensure how it’ll affect the user environment and access to files owned or accessed by the user.
The default shell is the CLI shell created when a user launches a new CLI session either locally or via SSH. Most modern systems have a default user
Bash though it can vary based on Linux distribution or the user’s environment. To modify the default shell of a user, use:
$ sudo usermod -s <shell> <username>
$ getent passwd janedoe janedoe:x:1005:1005::/data/newhome:/bin/sh $ sudo usermod -s /bin/bash janedoe $ getent passwd janedoe janedoe:x:1005:1005::/data/newhome:/bin/bash $
As you can see in the above output, the shell has been changed from
/bin/bash for user
Like default shell, a user’s home directory can be modified to a different location using:
$ sudo usermod -d <new_directory_path> <username>
In the example below, the user home directory of the user
janedoe has been changed to
$ getent passwd janedoe janedoe:x:1005:1005::/data/newhome:/bin/bash $ sudo usermod -d /data/janedoe janedoe $ getent passwd janedoe janedoe:x:1005:1005::/data/janedoe:/bin/bash $
Before making the switch, ensure that the new directory has the right ownership and permissions. Otherwise, the user may face issues during login or working in the new home directory.
You can change the user ID of an existing user using:
$ sudo usermod -u <new_uid> <username>
$ getent passwd janedoe janedoe:x:1005:1005::/data/janedoe:/bin/bash $ sudo usermod -u 1010 janedoe $ getent passwd janedoe janedoe:x:1010:1005::/data/janedoe:/bin/bash $
Again, changing UID changes how Linux filesystem maps ownership and permission to a file or directory. Ensure that the user’s home directory and its contents and all other files anywhere in the system, originally owned by the user (with old UID), is changed to UID mapped. Not doing so can cause problems in the CLI session and file access by the user.
The default group is usually the user’s default group ID, which gets created during user creation unless another GID is specified. Linux allows you to modify the default group of a user using
usermod command as well. Here’s the syntax to use:
$ sudo usermod -g <new_gid or group_name> <username>
Here’s one example:
$ getent passwd janedoe janedoe:x:1010:1005::/data/janedoe:/bin/bash $ sudo usermod -g 1001 janedoe $ getent passwd janedoe janedoe:x:1010:1001::/data/janedoe:/bin/bash $
Again, make sure the new group ID is set on the user’s home directory, contents, and all other files or directories applicable to properly migrate their ownership permissions.
Besides the default group, a user in Linux can be part of secondary groups. We can always add or remove additional groups a user belongs to using
$ sudo usermod -a -G <group_id or group_name> <username>
$ id janedoe uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe) $ sudo usermod -a -G docker janedoe $ id janedoe uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe),1001(docker) $
Similarly, to remove a user from one of the secondary groups, use
gpasswd command as shown below:
$ sudo gpasswd -d <username> <groupname>
$ id janedoe uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe),1001(docker) $ sudo gpasswd -d janedoe docker Removing user janedoe from group docker $ id janedoe uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe) $
GECOS field in
/etc/passwd contains user information or comment. We can modify this information for an existing user as:
$ sudo usermod -c <comment> <username>
$ getent passwd janedoe janedoe:x:1005:1005::/data/janedoe:/bin/bash $ sudo usermod -c "Jane Doe - System Admin" janedoe $ getent passwd janedoe janedoe:x:1005:1005:Jane Doe - System Admin:/data/janedoe:/bin/bash $
Please note that if your comment or user details contain spaces, enclose that field in quotes as done in the above example.
The user’s login name can also be changed using
usermod command by using
$ sudo usermod -l <new_username> <old_username>
$ id janedoe uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe) $ sudo usermod -l jane_doe janedoe $ id jane_doe uid=1005(jane_doe) gid=1005(janedoe) groups=1005(janedoe) $
Remember to update user references as per new name wherever used. Even in commands like
id, the new username should be specified.
A user can be removed from Linux using
$ sudo userdel <username>
$ id janedoe uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe) $ sudo userdel janedoe $ id janedoe id: ‘janedoe’: no such user $
To remove a user along with its home directory and mail spool, add
-r flag as well.
$ sudo userdel -r <username>
Specifically for Ubuntu-based systems, you can also user
deluser command to remove a user:
$ sudo deluser <username>
Similarly, to remove the home directory and mail spool as well, use:
$ sudo deluser --remove-home <username>
For detailed information and other supported options, refer to the main page of various commands using:
$ man adduser $ man useradd $ man usermod $ man deluser $ man userdel
This article showed various aspects of user management in a Linux system. This includes an explanation of various categories of users and how to add and remove them. It also covers various options that help to modify the parameters of an existing user. Though it doesn’t cover all possibilities supported by various commands, it covers a lot of common administration tasks that a system administrator will encounter in day-to-day work.
You may also be interested in reading: How to remove files and directories in Linux?