Managing Users.
Linux is a multi-user operating system, which means that several users can interact the system at the same time. As a system administrator, you are in charge of managing the system's users and groups, which includes adding and deleting users and assigning them to various groups.
Just like most things when it comes to Linux there's more than one way that we can do just about everything and adding users is no exception. Especially when it comes to servers, commonly, Linux servers won't have a desktop environment – Another reason to learn the command line.
Let us jump!
useradd
Command
Remember, only root or users with sudo
privileges can use the useradd
command to create new user accounts.
When run, useradd
command it performs the following major steps:
- It edits /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files for the newly created user accounts.
- Creates and populates a home directory for the new user.
- Sets permissions and ownerships to the home directory.
Create a New User
To create a new user account, run the useradd
command followed by the name of the user.
$ sudo useradd darthvader
ps: when run without any option, useradd
creates a new user account using the default settings specified in that /etc/default/useradd
file.
The command also adds an entry to the /etc/passwd
, /etc/shadow,/etc/group
and /etc/gshadow
files.
When we add a new user in Linux with the useradd
command it gets created in a locked state and to unlock that user account, we need to set a password for that account with the passwd
command.
$ sudo passwd darthvader
You will be prompted to enter and confirm the password. Make sure you use a strong password.
OUPUT
sudo passwd darthvader
New password:
Retype new password:
passwd: password updated successfully
Once a new user is created, its entry is automatically added to the /etc/passwd
file. This file is used to store the user’s information and the entry looks like this.
$ cat /etc/passwd | grep darthvader
OUTPUT
Darthvader:x:1004:1004::/home/darthvader:/bin/zsh
The above OUTPUT contains a set of seven colon-separated fields, each field has its own meaning.
- Username: User login name used to login into the system. It should be between 1 to 32 characters long.
- Password: User's hash password (or x character) stored in
/etc/shadow
file in an encrypted format. - User ID (UID): Every user must have a User ID (UID) User Identification Number. By default, UID 0 is reserved for the root user and UIDs ranging from 1-99 are reserved for other predefined accounts. Further UIDs ranging from 100-999 are reserved for system accounts and groups.
- Group ID (GID): The primary Group ID (GID) Group Identification Number stored in the
/etc/group
file. - User Info: This field is optional and allows you to define extra information about the user. For example, the user's full name. This field is filled by the
finger
command. - Home Directory: The absolute location of the user’s home directory.
- Shell: The absolute location of a user’s shell i.e. /bin/zsh
Add a New User and Create a Home Directory
On most Linux distributions, when creating a new user account with useradd
, the user’s home directory is not created.
Use the -m
(--create-home
) option to create the user home directory as /home/username
:
$ sudo useradd -m darthvader
$ sudo passwd darthvader
The command above creates the new user’s home directory and copies files from /etc/skel
directory to the user’s home directory.
$ ls -la /home/darthvader
total 84
drwxr-xr-x 4 darthvader darthvader 4096 Oct 2 13:15 .
drwxr-xr-x 6 root root 4096 Sep 30 18:24 ..
-rw-r--r-- 1 darthvader darthvader 220 Feb 25 2020 .bash_logout
-rw-r--r-- 1 darthvader darthvader 3771 Feb 25 2020 .bashrc
drwxr-xr-x 4 darthvader darthvader 4096 Oct 2 12:58 .cache
drwxr-xr-x 3 darthvader darthvader 4096 Oct 2 12:58 .local
-rw-r--r-- 1 darthvader darthvader 807 Feb 25 2020 .profile
-rw-rw-r-- 1 darthvader darthvader 49032 Oct 2 12:59 .zcompdump
-rw------- 1 darthvader darthvader 99 Oct 2 13:15 .zsh_history
-rw-r--r-- 1 darthvader darthvader 1295 Oct 2 12:59 .zshrc
Create a User with a Different Home Directory
According with man useradd
, -d /var/www/mercury mercury
option will not create the directory /var/www/mercury
, if this is missing.
Thus, we first have to create it manually.
To do this, run the following commands in Terminal:
$ sudo -i #to get root privileges
$ mkdir /var/www/mercury
$ cp -rT /etc/skel /var/www/mercury
Only then, we can run:
$ sudo useradd -d /var/www/mercury mercury
$ sudo chown -R mercury:mercury /var/www/mercury
$ sudo passwd mercury
or
we can run the combining -m
and -d
options as below.
$ sudo useradd -m -d /var/www/mercury
PS: the order here is very important -m
& -d
and not the other way around.
We can see the user's home directory and other user-related information like user ID, group ID, shell, and comments.
$ cat /etc/passwd | grep mercury
OUTPUT
mercury:x:1005:1005::/var/www/mercury:/bin/zsh
Add a New User with a Specific User ID
In Linux and Unix-like operating systems, users are identified by a unique UID and username. User identifier (UID) is a unique positive integer assigned by the Linux system to each user. The UID and other access control policies are used to determine the types of actions a user can perform on system resources.
By default, when a new user is created, the system assigns the next available UID from the range of user IDs specified in the login.defs
file.
Run useradd
with the -u
(--uid
) option to create a user with a specific UID such as:
$ sudo useradd -u 1808 neptune
$ sudo passwd neptune
or
$ sudo useradd -mu 1808 neptune
$ sudo passwd neptune
You can verify the user’s UID, using the id
command:
$ id -u mercury
OUTPUT
1808
Add a User with a Specific Login Shell
By default, the new user's login shell is set to the one provided in the /etc/default/useradd file. In some distributions, the default shell may be set to either /bin/sh
or /bin/bash
.
But sometimes, we need to add users who have nothing to do with the login shell.
/sbin/nologin or/usr/sbin/nologin is used as a shell in Linux to politely refuse a login attempt. It is a per-account way to disable login on Linux. Setting the shell to /usr/sbin/nologin makes it impossible for that user to SSH into a server. It is typically used by many system services that need an account but do not want to create security issues by granting them login access.
Here in this example, will add a user 'io' without a login shell.
Use the -s
(--shell
) option to specify the new user’s login shell:
$ sudo useradd -s /usr/sbin/nologin io
Let's check the user entry in the /etc/passwd
file to verify the user’s login shell.
$ sudo grep io /etc/passwd
OUTPUT
io:x:1011:1011::/home/io:/usr/sbin/nologin
Add a User with Custom Comments
The -c
( --comment) option allows you to add a short description for a given user, such as the user’s full name, phone number, ... to /etc/passwd file.
Now, let's create a new user named europa
with text string Test User Account
as a comment.
$ sudo useradd -c "Test User Account" europa
Let's check.
$ sudo grep europa /etc/passwd
OUTPUT
europa:x:1112:1112:Test User Account:/home/europa:/bin/zsh
Also, the comment field/ record is known as; GECOS
on UNIX; just that you don't die stupid! 🤩😅
Add a User with Specific: Home Directory, Shell, user ID#
along with a Comment
The following command is a combination of the above-seen commands.
$ sudo useradd -m -d /var/www/jupiter -s /bin/bash -c "#1234567" -u 1111 callisto
Let's check our user entry in the /etc/passwd
file to verify all that.
$ sudo grep callisto /etc/passwd
OUTPUT
callisto:x:1111:1111:#1234567:/var/www/jupiter:/bin/bash
Create a User with an Expiry Date
This comes in handy when creating temporary accounts.
Use the -e (—expiredate) option to set an expiration date for new user accounts.
The date format must be as YYYY-MM-DD
.
Let's create a new user account named voyager1
with an expiry time set to January 01, 2025.
$ sudo useradd -e 2025-01-01 voyager1
Run the chage
command to verify the user account expiry date.
$ sudo chage -l voyager1
OUTPUT
Last password change : Oct 05, 2021
Password expires : never
Password inactive : never
Account expires : Jan 01, 2025
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
userdel
Command
Remember, only root or users with sudo
privileges can use the userdel
command to create new user accounts.
Delete a User
Let's delete a user account named io
using the userdel
command.
$ sudo userdel io
The command removes the user entries from the /etc/passwd
as well as /etc/shadow,
files.
In most Linux distributions, when removing a user account using userdel
, the user's home and mail spool directories are not removed.
Now, let's run the -r
(--remove
) option to force userdel
to remove the user’s home directory and mail spool:
$ sudo userdel -r io
Also, the userdel
command does not allow to remove any user if he/she is still logged in. It is recommended to log out the user and kill all user’s running processes using the killall
command:
$ sudo killall -u io
Once done, you can remove the user.
Another alternative is to use the -f
(--force
) option that tells userdel
to forcefully remove the user account, whether or not the user is still logged in or if there are running processes attached to the user.
$ sudo userdel -f io
Well, we have shown you how to create/delete new user accounts using the useradd
/ userdel
command.
Hope we've made your day better and...
... remember; keep on learning!