Linux is a multi-user operating system, multiple users are login and working on the same Linux system at the same time. For security purposes, it is a very bad idea to share the credentials of the same user. It is recommended to create a separate user and group for each task and assign necessary permission to a particular user. You can achieve this by understanding the User and Group management.
In this post, we will show you how to create and manage users and groups on Linux.
# Requirements
- A server running Linux operating system.
- A root password is set up on your server.
# Create a New User
You can create a new user account using the useradd or adduser command followed by the username.
For example, to create a new user named testuser, run the following command:
useradd testuser
The above command will do the following things:
- A new group with a username is created.
- Adds an entry to the /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files.
After creating a user account, you can set the password using the following command:
passwd testuser
You will be asked to enter and confirm the password.
# Create a New User with Home Directory
By default, the useradd command does not create a home directory. You will need to specify -m option to create a home directory for a user.
Run the following command to create a new user with home directory:
useradd -m testuser
This will create a home directory with username at /home/ and copy the .bash_logout, .bash_profile and .bashrc files from /etc/skel directory to the user's home directory.
# Create a New User with Specific Home Directory
By default, the useradd command will create a home directory inside /home directory. If you want to create a home directory to another location then you will need to use -d option.
For example, create a new user with a home directory at /mnt, run the following command:
useradd -m -d /mnt/testuser testuser
If you want to change the home directory path of the existing user, run the following command:
usermod -d /opt testuser
# Create a User with Specific Login Shell
When you create a new user the default shell is set to /bin/sh. You can check the user's login shell with the following command:
cat /etc/passwd | grep testuser
You should see the following output:
testuser:x:1000:1000::/opt/:/bin/sh
Now, run the following command to create a new user with /bin/bash shell:
useradd -s /bin/bash -m user1
If you want to change the login shell of the existing user, run the following command:
usermod -s /bin/bash testuser
# Create a User with Comment
When you create a new user it does not add any comment to the /etc/passwd file. The comment is very useful to define the user's full name or contact information.
Let's create a new user with the comment "I am system admin":
useradd -c "I am system admin" -m -s /bin/bash user2
You can check the user's comment with the following command:
cat /etc/passwd | grep user2
Output:
user2:x:1002:1002:I am system admin:/home/user2:/bin/bash
# Create a User and Assign a Group
In Linux operating system, each user has two groups primary and secondary. You can use -g option to specify a primary group and -G option to specify a secondary group.
For example, create a new user named user3 with primary group users and secondary group sudo:
useradd -g users -G sudo user3
You can now check the user's group with the following command:
id user3
You should get the following output:
uid=1004(user3) gid=100(users) groups=100(users),27(sudo)
If you want to add any existing user to a specific group, run the following command:
usermod -G users testuser
# Create a User with Expiry Date
When you create a new user account it is set to never which means your user account will never expire.
You can verify the user account expiry date using the following command:
chage -l testuser
You should see the following output:
Last password change : May 25, 2021
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
To create a new user account with expiry date 2022-03-20, run the following command:
useradd -e 2022-03-20 user4
You can now check the user's expiry date with the following command:
chage -l user4
Output:
Last password change : May 25, 2021
Password expires : never
Password inactive : never
Account expires : Mar 20, 2022
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
# Change the Default useradd Values
When you create a new user with the useradd command it will assign the default shell, home directory, group to the user.
To check the default value of the useradd command, run the following command:
useradd -D
You should see the following output:
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no
Now, change the default login shell value from /bin/sh to /bin/bash, run the following command:
useradd -D -s /bin/bash
Next, verify the changed value using the following command:
useradd -D | grep -i shell
You should get the following output:
SHELL=/bin/bash
# Lock and Unlock User Account
There are several reasons you may need to disable the user account for login.
To disable or lock the user account, run the following command:
usermod -L testuser
To check the lock status of any user account, run the following command:
passwd --status testuser
You should see the following output:
testuser L 05/25/2021 0 99999 7 -1
To unlock or enable the user account again with the following command:
usermod --unlock testuser
# Delete a User Account
To delete a user account, run the following command:
userdel testuser
To delete a user account with a home directory, run the following command:
userdel -r testuser
# Conclusion
In the above guide, you learned how to create and manage user account in Linux. I hope you can now easily manage the user account in a multi-user environment.