Managing Users.

Linux is a multi-user operating system, which means that several users can interact the system at the same time. As a system administrator, you are in charge of managing the system's users and groups, which includes adding and deleting users and assigning them to various groups.

Managing Users.
Image credit: Unknown. Please contact us if you are the owner.

Just like most things when it comes to Linux there's more than one way that we can do just about everything and adding users is no exception. Especially when it comes to servers, commonly, Linux servers won't have a desktop environment – Another reason to learn the command line.
Let us jump!

useradd Command

Remember, only root or users with sudo privileges can use the useradd command to create new user accounts.
When run, useradd command it performs the following major steps:

  • It edits /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files for the newly created user accounts.
  • Creates and populates a home directory for the new user.
  • Sets permissions and ownerships to the home directory.

Create a New User

To create a new user account, run the useradd command followed by the name of the user.

$ sudo useradd darthvader

ps: when run without any option, useradd creates a new user account using the default settings specified in that /etc/default/useradd file.

The command also adds an entry to the /etc/passwd, /etc/shadow,/etc/group and /etc/gshadow files.

When we add a new user in Linux with the useradd command it gets created in a locked state and to unlock that user account, we need to set a password for that account with the passwd command.

$ sudo passwd darthvader

You will be prompted to enter and confirm the password. Make sure you use a strong password.

OUPUT

sudo passwd darthvader
New password: 
Retype new password: 
passwd: password updated successfully

Once a new user is created, its entry is automatically added to the /etc/passwd file. This file is used to store the user’s information and the entry looks like this.

$ cat /etc/passwd | grep darthvader

OUTPUT

Darthvader:x:1004:1004::/home/darthvader:/bin/zsh


The above OUTPUT contains a set of seven colon-separated fields, each field has its own meaning.

  • Username: User login name used to login into the system. It should be between 1 to 32 characters long.
  • Password: User's hash password (or x character) stored in /etc/shadow file in an encrypted format.
  • User ID (UID): Every user must have a User ID (UID) User Identification Number. By default, UID 0 is reserved for the root user and UIDs ranging from 1-99 are reserved for other predefined accounts. Further UIDs ranging from 100-999 are reserved for system accounts and groups.
  • Group ID (GID): The primary Group ID (GID) Group Identification Number stored in the /etc/group file.
  • User Info: This field is optional and allows you to define extra information about the user. For example, the user's full name. This field is filled by the finger command.
  • Home Directory: The absolute location of the user’s home directory.
  • Shell: The absolute location of a user’s shell i.e. /bin/zsh

Add a New User and Create a Home Directory

On most Linux distributions, when creating a new user account with useradd, the user’s home directory is not created.

Use the -m (--create-home) option to create the user home directory as /home/username:

$ sudo useradd -m darthvader

$ sudo passwd darthvader

The command above creates the new user’s home directory and copies files from /etc/skel directory to the user’s home directory.

$ ls -la /home/darthvader

total 84
drwxr-xr-x 4 darthvader darthvader  4096 Oct  2 13:15 .
drwxr-xr-x 6 root       root        4096 Sep 30 18:24 ..
-rw-r--r-- 1 darthvader darthvader   220 Feb 25  2020 .bash_logout
-rw-r--r-- 1 darthvader darthvader  3771 Feb 25  2020 .bashrc
drwxr-xr-x 4 darthvader darthvader  4096 Oct  2 12:58 .cache
drwxr-xr-x 3 darthvader darthvader  4096 Oct  2 12:58 .local
-rw-r--r-- 1 darthvader darthvader   807 Feb 25  2020 .profile
-rw-rw-r-- 1 darthvader darthvader 49032 Oct  2 12:59 .zcompdump
-rw------- 1 darthvader darthvader    99 Oct  2 13:15 .zsh_history
-rw-r--r-- 1 darthvader darthvader  1295 Oct  2 12:59 .zshrc

Create a User with a Different Home Directory

According with man useradd, -d /var/www/mercury mercury option will not create the directory /var/www/mercury, if this is missing.
Thus, we first have to create it manually.
To do this, run the following commands in Terminal:

$ sudo -i                            #to get root privileges
$ mkdir /var/www/mercury             
$ cp -rT /etc/skel /var/www/mercury

Only then, we can run:

$ sudo useradd -d /var/www/mercury mercury
$ sudo chown -R mercury:mercury /var/www/mercury
$ sudo passwd mercury

or
we can run the combining -m and -d options as below.

$ sudo useradd -m -d /var/www/mercury

PS: the order here is very important -m & -d and not the other way around.

We can see the user's home directory and other user-related information like user ID, group ID, shell, and comments.

$ cat /etc/passwd | grep mercury

OUTPUT

mercury:x:1005:1005::/var/www/mercury:/bin/zsh

Add a New User with a Specific User ID

In Linux and Unix-like operating systems, users are identified by a unique UID and username. User identifier (UID) is a unique positive integer assigned by the Linux system to each user. The UID and other access control policies are used to determine the types of actions a user can perform on system resources.
By default, when a new user is created, the system assigns the next available UID from the range of user IDs specified in the login.defs file.

Run useradd with the -u (--uid) option to create a user with a specific UID such as:

$ sudo useradd -u 1808 neptune
$ sudo passwd neptune

or

$ sudo useradd -mu 1808 neptune
$ sudo passwd neptune

You can verify the user’s UID, using the id command:

$ id -u mercury

OUTPUT

1808


Add a User with a Specific Login Shell

By default, the new user's login shell is set to the one provided in the /etc/default/useradd file. In some distributions, the default shell may be set to either /bin/sh or /bin/bash.
But sometimes, we need to add users who have nothing to do with the login shell.
/sbin/nologin or/usr/sbin/nologin is used as a shell in Linux to politely refuse a login attempt. It is a per-account way to disable login on Linux. Setting the shell to /usr/sbin/nologin makes it impossible for that user to SSH into a server. It is typically used by many system services that need an account but do not want to create security issues by granting them login access.

Here in this example, will add a user 'io' without a login shell.

Use the -s (--shell) option to specify the new user’s login shell:

$ sudo useradd -s /usr/sbin/nologin io


Let's check the user entry in the /etc/passwd file to verify the user’s login shell.

$ sudo grep io /etc/passwd

OUTPUT

io:x:1011:1011::/home/io:/usr/sbin/nologin

Add a User with Custom Comments

The -c ( --comment) option allows you to add a short description for a given user, such as the user’s full name, phone number, ... to /etc/passwd file.

Now, let's create a new user named europa with text string Test User Account as a comment.

$ sudo useradd -c "Test User Account" europa

Let's check.

$ sudo grep europa /etc/passwd

OUTPUT

europa:x:1112:1112:Test User Account:/home/europa:/bin/zsh

Also, the comment field/ record is known as; GECOS on UNIX; just that you don't die stupid! 🤩😅

Add a User with Specific: Home Directory, Shell, user ID#
along with a Comment

The following command is a combination of the above-seen commands.

$ sudo useradd -m -d /var/www/jupiter -s /bin/bash -c "#1234567" -u 1111 callisto

Let's check our user entry in the /etc/passwd file to verify all that.

$ sudo grep callisto /etc/passwd

OUTPUT

callisto:x:1111:1111:#1234567:/var/www/jupiter:/bin/bash


Create a User with an Expiry Date

This comes in handy when creating temporary accounts.
Use the -e (—expiredate) option to set an expiration date for new user accounts.
The date format must be as YYYY-MM-DD.

Let's create a new user account named voyager1 with an expiry time set to January 01, 2025.

$ sudo useradd -e 2025-01-01 voyager1

Run the chage command to verify the user account expiry date.

$ sudo chage -l voyager1

OUTPUT

Last password change					: Oct 05, 2021
Password expires					: never
Password inactive					: never
Account expires						: Jan 01, 2025
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7


userdel Command


Remember, only root or users with sudo privileges can use the userdel command to create new user accounts.

Delete a User

Let's delete a user account named io using the userdel command.

$ sudo userdel io

The command removes the user entries from the /etc/passwd as well as /etc/shadow, files.
In most Linux distributions, when removing a user account using userdel, the user's home and mail spool directories are not removed.

Now, let's run the -r (--remove) option to force userdel to remove the user’s home directory and mail spool:

$ sudo userdel -r io


Also, the userdel command does not allow to remove any user if he/she is still logged in. It is recommended to log out the user and kill all user’s running processes using the killall command:

$ sudo killall -u io


Once done, you can remove the user.

Another alternative is to use the -f (--force) option that tells userdel to forcefully remove the user account, whether or not the user is still logged in or if there are running processes attached to the user.

$ sudo userdel -f io


Well, we have shown you how to create/delete new user accounts using the useradd / userdel command.

Hope we've made your day better and...
... remember; keep on learning!

Keep Us Caffeinated  ⦿ ⦿