How to Create and Manage User on Linux

Linux is a multi-user operating system. Multiple users are logging in and working on the same Linux system simultaneously. For security purposes, it is a horrible idea to share the credentials of the same user. Therefore, creating a separate user and group for each task is recommended and assigning necessary permission to a particular user. You can achieve this by understanding User and Group management.

This post will show you how to create and manage users and groups on Linux.

Table Of Contents

• Requirements
• Create a New User
• Create a New User with Home Directory
• Create a New User with a Specific Home Directory
• Create a User with Specific Login Shell
• Create a User with a Comment
• Create a User and Assign a Group
• Create a User with Expiry Date
• Change the Default useradd Values
• Lock and Unlock User Account
• Delete a User Account
• Conclusion

Requirements

• A server running Linux operating system.

• A root password is set up on your server.

Create a New User

You can create a new user account using the useradd or adduser command followed by the username.

For example, to create a new user named testuser, run the following command:

useradd testuser

The above command will do the following things:

• A new group with a username is created.

• Adds an entry to the /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files.

After creating a user account, you can set the password using the following command:

passwd testuser

You will be asked to enter and confirm the password.

Create a New User with Home Directory

By default, the useradd command does not create a home directory. Instead, you will need to specify the -m option to create a home directory for a user.

Run the following command to create a new user with a home directory:

useradd -m testuser

This will create a home directory with username at /home/ and copy the .bash_logout, .bash_profile and .bashrc files from /etc/skel directory to the user's home directory.

Create a New User with a Specific Home Directory

The useradd command will default create a home directory inside /home directory. For example, if you want to create a home directory for another location, you must use the -d option.

For example, create a new user with a home directory at /mnt, and run the following command:

useradd -m -d /mnt/testuser testuser

If you want to change the home directory path of the existing user, run the following command:

usermod -d /opt testuser

Create a User with Specific Login Shell

When you create a new user, the default shell is set to /bin/sh. You can check the user's login shell with the following command:

cat /etc/passwd | grep testuser

You should see the following output:

testuser:x:1000:1000::/opt/:/bin/sh

Now, run the following command to create a new user with the /bin/bash shell:

useradd -s /bin/bash -m user1

If you want to change the login shell of the existing user, run the following command:

usermod -s /bin/bash testuser

Create a User with a Comment

When you create a new user, it does not add any comment to the /etc/passwd file. Instead, the comment is beneficial for defining the user's full name or contact information.

Let's create a new user with the comment "I am system admin":

useradd -c "I am system admin" -m -s /bin/bash user2

You can check the user's comment with the following command:

cat /etc/passwd | grep user2

Output:

user2:x:1002:1002:I am system admin:/home/user2:/bin/bash

Create a User and Assign a Group

In Linux operating system, each user has two groups, primary and secondary. You can use the -g option to specify a primary group and the -G option to set a secondary group.

For example, create a new user named user3 with primary group users and secondary group sudo:

useradd -g users -G sudo user3

You can now check the user's group with the following command:

id user3

It would be best if you get the following output:

uid=1004(user3) gid=100(users) groups=100(users),27(sudo)

If you want to add any existing user to a specific group, run the following command:

usermod -G users testuser

Create a User with Expiry Date

When you create a new user account, it is set to never, which means your user account will never expire.

You can verify the user account expiry date using the following command:

chage -l testuser

You should see the following output:

Last password change : May 25, 2021 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7

To create a new user account with an expiry date of 2022-03-20, run the following command:

useradd -e 2022-03-20 user4

You can now check the user's expiry date with the following command:

chage -l user4

Output:

Last password change : May 25, 2021 Password expires : never Password inactive : never Account expires : Mar 20, 2022 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7

Change the Default useradd Values

Creating a new user with the useradd command will assign the user's default shell, home directory, and group.

To check the default value of the useradd command, run the following command:

useradd -D

You should see the following output:

GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=no

Now, change the default login shell value from /bin/sh to /bin/bash, and run the following command:

useradd -D -s /bin/bash

Next, verify the changed value using the following command:

useradd -D | grep -i shell

It would be best if you get the following output:

SHELL=/bin/bash

Lock and Unlock User Account

There are several reasons you may need to disable the user account for login.

To disable or lock the user account, run the following command:

usermod -L testuser

To check the lock status of any user account, run the following command:

passwd --status testuser

You should see the following output:

testuser L 05/25/2021 0 99999 7 -1

To unlock or enable the user account again with the following command:

usermod --unlock testuser

Delete a User Account

To delete a user account, run the following command:

userdel testuser

To delete a user account with a home directory, run the following command:

userdel -r testuser

Conclusion

In the above guide, you learned how to create and manage a user account in Linux. I hope you can now easily manage the user account in a multi-user environment.