User Management in Linux is made easy by using a few simple commands. This tutorial will go over some of the basic commands and also explain a few concepts of the user system.
Want the cheatsheet version? Cheatsheet Linux Commands: adduser, addgroup, usermod, passwd, id
We’ll be using the Debian Linux system, but for many Linux systems the user management commands are similar if not identicle.
Let’s start by creating our new user:
This command is used to create new accounts on your server. When you first create your server, you’ll be given the default root account (unless you setup something else). The default root account will have full-access to your system, which leaving unchanged can sometimes be a security issue. A good idea is to create new accounts that have limited functionality and privileges so that if one of them gets compromised, the whole system isn’t jeopardised.
Replace username with the username of the account you wish to create. Once done, hitting enter will begin the add user process, first asking you to enter a password for the new account. You’ll also then be prompted to enter some optional information.
Once you’ve create the user, you’ll be able to login to the shell with the username and password using ssh command:
Each user you create is given a home directory, by default this is normally created as:
You can specify many arguments to the adduser command to change these default values. For example, to set the user’s home directory to /home/www/public_html :
adduser --home /home/www/public_html <username>
Check out the various options using the help manual:
You can view all users on the system in the following file:
Each line in this file is a record of a user on your system in the following format:
The best way to modify a user, is to use the usermod command rather than editing this file directly.
This command allows you to modify an existing user on the server.
usermod [options] <username>
We can use this command to do many things, including change the group a user belongs to (more on this later), changing their shell, changing their home directory and more.
To change a user’s home directory:
usermod --home </new/home/directory> <username>
To change a user’s password, it’s best to use the passwd command because the usermod version with the -p option will display the password in plaintext to the terminal.
You may have noticed that when you created a new user, it also created a new group. Groups allow you to put multiple users into categories on your system. You can then assign groups certain privileges on the system so that all users under that group can have access.
To add a new group:
When creating a new user, we can specify which group it should belong to by using the -g argument:
adduser -g <groupname> <username>
Without this argument, the user is added to a new group created specifically for this user, named identically to the username.
A user has something called a primary group and secondary group. A primary group is the group assigned to the user when you first create the user. This is the group used to assign permissions to files you create.
For example, if your user had the primary group “evil”, and they created the file 666.txt the group permission for that file would be “evil”. Anyone with group permissions for “evil” would be able to access that file.
Secondary groups are groups the user also belongs to and can access files that are assigned those groups. For example, if your user is part of the groups evil, good and neutral, all files with these group permissions that user can access.
Modifying the user’s group
We can also use usermod to add a user to a new group. To change a user’s primary group, we can use:
usermod -g <groupname> <username>
This command does not remove the user from their primary group, but rather adds them to a secondary group:
usermod -a -G <groupname> <username>
A user can belong to multiple groups. To see which groups a user belongs to, we can use the id command:
Or more specifically:
id -G -n <username>
Deleting Users and Groups
It’s as simple as adding a user to delete one:
To delete their home directory too:
userdel -r <username>
To delete a usergroup
Finding Users and Groups
You can see a list of users in your system by looking at the following file:
To see a list of groups:
Don’t forget, if you ever need to want to learn more about these commands, because there are a lot of options, you can use the -h argument to view the help manual of the command. It’ll then list all the options you need.