Manage user groups in linux

How to Manage Users and Groups on Ubuntu 22.04

Linux is a multi-user and multi-tasking operating system. User and group management are the two most important tasks to be performed by Linux administrators.

In Linux, each user has their own login name and a home directory. Every user belongs to a primary group, and users can be added to multiple secondary groups. All users in the group will have the same group permission on files and folders. This makes it easier to provide permission for multiple users.

This tutorial will demonstrate how to manage users and groups in the Linux system.

A Quick Overview

The command-line tools to manage the users and groups in Linux are:

adduser / useradd : To add a user

addgroup / groupadd : To add a group

usermod : To modify a user account

deluser / userdel : To delete a user

delgroup / groupdel : To delete a group

passwd : To change the user’s password

We will cover the practical examples of all commands in this article. To follow the tutorial, you will need to switch to the root user or any user with sudo privileges.

1. Create a new user

You can add a new user to the system using the adduser command. The following command creates a new user henry in the system.

It will prompt you to enter the password for the new user and other user details.

To verify the user, you can try to log in as a new user.

2. Understanding the /etc/passwd file

The /etc/passwd is a plain text file that stores the user account information in Linux. You can use the cat command to view the content of /etc/passwd .

Each user has one entry per line. The fields are separated by a colon : symbol and contains the following information.

username:password:UID:GID:GECOS:home_directory:shell

The new entries are saved at the end of a file. To find a user henry , you can see the last entries. Alternatively, you can use the grep command.

3. Change the login name of a user

You can use the usermod command to change a user’s login name in Linux. This command renames the user henry to james .

$ sudo usermod -l james henry

As you can see, the username is changed to james .

4. Change the user ID of a user

By default, the system automatically sets the next available UID when creating a user. The usermod command with -u flag can be used to change the UID of a user.

The following command changes the user ID of james to 4567 .

$ sudo usermod -u 4567 james

5. Change the group of a user

The -g option with usermod command changes the primary group of a user. For example, to change the primary group of a user james to linuxwizardry , you can run this command.

$ sudo usermod -g linuxwizardry james

The specified group must already exist in the system.

In Linux, a user can have only one primary group. But you can assign a user to multiple secondary groups. The -G flag allows you to specify the secondary group for a user.

The following command adds a user james to the group ubuntu .

$ sudo usermod -G ubuntu james

6. Add a user to the sudoers group

You can add a user to the sudoers group and provide sudo privileges to that user. This command adds a user james to the sudo group.

$ sudo usermod -aG sudo james

The -a option adds a user to the group without removing the current group.

Next, log in as a user james and run the sudo command to confirm.

7. Change the password of a user

The passwd command is used to change the user’s password in Linux. The following command changes the password of a user james .

8. Delete a user

When the user account is not needed, you might want to delete it from the system. The userdel command helps to remove a user in Linux.

The below command deletes a user james from the system.

9. Delete a home directory of a user

The usedel command without any flags only removes a user. It does not delete the home directory of a user in the /home directory.

To delete a user along with its home directory, you can use:

10. Add a new group

You can add a new group to the system using the groupadd or addgroup command. The following example creates a new group computer on the system.

11. Understanding /etc/group file

The /etc/group file stores the group details in a list. Each entry contains the following group information for each group.

group_name:group_pwd:group_id:group_list

You can display the entries in /etc/group file with the cat command.

12. Create a system group

If you need to add a new system group, you can use the -r flag with the groupadd command. This command creates a new system group sysmin .

Output:

13. Add a new group with specific GID

When creating a new group, the system assigns the next available group ID by default. You can change this behavior and specify a GID for a new group with the -g flag.

The following command creates a new group bank with a custom group ID 644 .

Output:

14. Remove a user from the group

Sometimes you might need to remove a user from the secondary groups. You can do it by specifying the username and group to the deluser command.

The below command removes a user rohan from the group ubuntu .

$ sudo deluser rohan ubuntu

Output:

15. Delete a group

You can remove a group from the system using the delgroup or groupdel command.

To delete a group ubuntu , run the following command.

Output:

If the specified group is the primary group of any user, it cannot be deleted. You must first change the primary group of a user.

Conclusion

Managing users and groups is one of the essential skills for every Linux administrator. You have learned the different examples of user and group management commands in Linux. Now you know how to perform the tasks like creating new users and groups, adding users to groups, changing the username and password, deleting users and groups, and much more.

We hope you found this article helpful. Please let us know if you have any confusion about any examples in the comment section below.

Источник

How to manage users and groups in Linux

«What skills must Linux administrators have?» is way too broad a question for any single article. But there are plenty of general must-have sysadmin skills—and user and group administration are chief among them. Proper user account management enables Linux to enforce access controls (permissions) and audit who does what on the system.

Great Linux resources

The commands below are written for Red Hat Enterprise Linux (RHEL) and RHEL-like distributions, but the concepts apply to any distribution of Linux. Knowing the skills and commands outlined in this article (and its two follow-up pieces, which dive deeper into user admin and group admin) helps ensure you’re ready for the day-to-day user and group administration tasks a sysadmin is called on to do.

Managing users

Users must authenticate to any system they need to use. This authentication provides access to resources and a customized, user-specific environment. The user’s identity is based on their user account. What skills do sysadmins need to manage user accounts?

1. Understand the /etc/passwd file

User account information is stored in the /etc/passwd file. This information includes the account name, home directory location, and default shell, among other values. Linux sysadmins should be able to recognize these fields.

Each field is separated by a : character, and not all fields must be populated, but you must delineate them.

Here’s an example of the /etc/passwd fields:

username:password:UID:GID:comment:home:shell

In this example, the comment field is empty:

dgarn:x:1001:1001::/home/dgarn:/bin/bash

Observe how the two colons still exist to delineate the comment field.

Here is an example with the comment field populated:

dgarn:x:1001:1001:Damon Garn:/home/dgarn:/bin/bash

I’ll discuss passwords more below, but expect to see an x in the password field of this file.

2. Understand the /etc/shadow file

Long ago, password hashes were stored in the /etc/passwd file. This file was world-readable, allowing inquisitive users to pull password hashes for other accounts from the file and run them through password-cracking utilities. Eventually, the password hashes were moved to a file readable only by root: /etc/shadow . Today, the password field in the /etc/passwd file is marked with an x .

Administrators should recognize each field in /etc/shadow . Several of the fields pertain to password requirements.

Here’s an example of /etc/shadow fields:

username:password:last password change:min:max:warning:inactive:expired

The first two fields identify the user and a hashed version of the password, while the remaining six fields represent password change information. The password information is manipulated with the chage command.

Look at these articles for additional details:

3. Create, modify, and delete user accounts

The process for managing user accounts is very straightforward. Sysadmins either add, modify, or delete users, and the related commands are quite intuitive.

The commands to manage user accounts on RHEL and RHEL-like distributions are:

Ken Hess documents these commands in Linux sysadmin basics: User account management. There are many options available to customize the user accounts and their related resources.

My companion article provides specifics about the useradd , usermod , and userdel commands.

[ You might also be interested in downloading the Bash shell scripting cheat sheet. ]

4. Manage password requirements

Many organizations rely on password policies to define appropriate password requirements. Sysadmins can enforce those requirements by using various mechanisms on Linux.

Two common ways of managing password settings are using the /etc/login.defs file or Pluggable Authentication Module (PAM) settings. Be sure to understand the options, fields, and settings for this important security configuration.

For more detail on password security settings, read:

Managing groups

It’s more efficient to group user accounts with similar access requirements than to manage permissions on a user-by-user basis. Therefore, sysadmins need to be comfortable with the process of creating, modifying, and deleting groups.

[ Practice your Linux skills in the free online course RHEL technical overview. ]

1. Understand the /etc/group file

Similar to the /etc/passwd file above, the /etc/group file contains group account information. This information can be essential for troubleshooting, security audits, and ensuring users can access the resources they need.

Understand each field of the file to make life easier as a sysadmin.

The fields in the /etc/group file are:

groupname:password:GID:group members

Here is an example of the editors group with two members:

Tyler Carrigan’s article Managing local group accounts in Linux presents this information nicely.

Linux groups are significantly different from local groups in Windows, so be sure to understand the differences.

2. Create, modify, and delete groups

Like the user account commands described above, the group management commands are very intuitive and provide a lot of flexibility. There is an easy-to-remember command for each function you might need to carry out for a group:

The following articles provide a good overview of working with groups:

3. Manage group membership

Linux security

Adding users to a group simplifies permissions management. Many people find the process a little unintuitive: Adding a user to a group modifies the user, not the group. Therefore, the necessary command is the usermod command.

Here are some commands to display group information:

• usermod : Update group membership
• id : Display a list of groups the user is a member of
• cat /etc/group : Show a list of existing groups, with membership displayed in the last field

One resource for these commands is their related man pages.

The process for adding users to a group requires the -a and/or -G options. Tyler Carrigan’s article Managing local group accounts in Linux covers using these options to manipulate group membership.

Wrap up

If these commands and files seem familiar, you can probably manage most basic sysadmin user and group management tasks in RHEL. Otherwise, you now have some great resources right at your fingertips for learning more.

Источник