SnapShooter Learning Center

How to Create and Manage User on Linux

Setup users for added security and better separation

Simon Bennett]
Simon Bennett
Last Updated: May 25, 2021
Table of Contents

Linux is a multi-user operating system, multiple users are login and working on the same Linux system at the same time. For security purposes, it is a very bad idea to share the credentials of the same user. It is recommended to create a separate user and group for each task and assign necessary permission to a particular user. You can achieve this by understanding the User and Group management.

In this post, we will show you how to create and manage users and groups on Linux.


# Requirements

  • A server running Linux operating system.
  • A root password is set up on your server.

# Create a New User

You can create a new user account using the useradd or adduser command followed by the username.

For example, to create a new user named testuser, run the following command:

useradd testuser

The above command will do the following things:

  • A new group with a username is created.
  • Adds an entry to the /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files.

After creating a user account, you can set the password using the following command:

passwd testuser

You will be asked to enter and confirm the password.


# Create a New User with Home Directory

By default, the useradd command does not create a home directory. You will need to specify -m option to create a home directory for a user.

Run the following command to create a new user with home directory:

useradd -m testuser

This will create a home directory with username at /home/ and copy the .bash_logout, .bash_profile and .bashrc files from /etc/skel directory to the user's home directory.


# Create a New User with Specific Home Directory

By default, the useradd command will create a home directory inside /home directory. If you want to create a home directory to another location then you will need to use -d option.

For example, create a new user with a home directory at /mnt, run the following command:

useradd -m -d /mnt/testuser testuser

If you want to change the home directory path of the existing user, run the following command:

usermod -d /opt testuser

# Create a User with Specific Login Shell

When you create a new user the default shell is set to /bin/sh. You can check the user's login shell with the following command:

cat /etc/passwd | grep testuser

You should see the following output:

testuser:x:1000:1000::/opt/:/bin/sh

Now, run the following command to create a new user with /bin/bash shell:

useradd -s /bin/bash -m user1

If you want to change the login shell of the existing user, run the following command:

usermod -s /bin/bash testuser

# Create a User with Comment

When you create a new user it does not add any comment to the /etc/passwd file. The comment is very useful to define the user's full name or contact information.

Let's create a new user with the comment "I am system admin":

useradd -c "I am system admin" -m -s /bin/bash user2

You can check the user's comment with the following command:

cat /etc/passwd | grep user2

Output:

user2:x:1002:1002:I am system admin:/home/user2:/bin/bash

# Create a User and Assign a Group

In Linux operating system, each user has two groups primary and secondary. You can use -g option to specify a primary group and -G option to specify a secondary group.

For example, create a new user named user3 with primary group users and secondary group sudo:

useradd -g users -G sudo user3

You can now check the user's group with the following command:

id user3

You should get the following output:

uid=1004(user3) gid=100(users) groups=100(users),27(sudo)

If you want to add any existing user to a specific group, run the following command:

usermod -G users testuser

# Create a User with Expiry Date

When you create a new user account it is set to never which means your user account will never expire.

You can verify the user account expiry date using the following command:

chage -l testuser

You should see the following output:

Last password change                    : May 25, 2021

Password expires                    : never
Password inactive                   : never
Account expires                     : never
Minimum number of days between password change      : 0
Maximum number of days between password change      : 99999
Number of days of warning before password expires   : 7

To create a new user account with expiry date 2022-03-20, run the following command:

useradd -e 2022-03-20 user4

You can now check the user's expiry date with the following command:

chage -l user4

Output:

Last password change                    : May 25, 2021
Password expires                    : never
Password inactive                   : never
Account expires                     : Mar 20, 2022
Minimum number of days between password change      : 0
Maximum number of days between password change      : 99999
Number of days of warning before password expires   : 7

# Change the Default useradd Values

When you create a new user with the useradd command it will assign the default shell, home directory, group to the user.

To check the default value of the useradd command, run the following command:

useradd -D

You should see the following output:

GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no

Now, change the default login shell value from /bin/sh to /bin/bash, run the following command:

useradd -D -s /bin/bash

Next, verify the changed value using the following command:

useradd -D | grep -i shell

You should get the following output:

SHELL=/bin/bash

# Lock and Unlock User Account

There are several reasons you may need to disable the user account for login.

To disable or lock the user account, run the following command:

usermod -L testuser

To check the lock status of any user account, run the following command:

passwd --status testuser

You should see the following output:

testuser L 05/25/2021 0 99999 7 -1

To unlock or enable the user account again with the following command:

usermod --unlock testuser

# Delete a User Account

To delete a user account, run the following command:

userdel testuser

To delete a user account with a home directory, run the following command:

userdel -r testuser

# Conclusion

In the above guide, you learned how to create and manage user account in Linux. I hope you can now easily manage the user account in a multi-user environment.


Did you find this article helpful?