This is a guide written to help administering Users and Groups properly in Linux.
useradd is a low level utility for adding a new user or update default new user information
When we run ‘useradd‘ command in Linux terminal, it performs following major things:
1. Basic add a new user
We need to set a password to unlock the user account. As per the command below, ! in /etc/shadow means the account is locked, we use ‘passwd’ to change the user password.
To check if the account is locked. P means unlocked, L means Locked
Once, the password is set, we can confirm the creation of the user in /etc/passwd (users file)
Analyzing /etc/passwd 7 fields
2. Create an user with different home directory
-d = The directory HOME_DIR does not have to exist but will not be created if it is missing.
3. Create a user with a defined UID
-u = The default is to use the smallest ID value greater than or equal to UID_MIN and greater than every other user.
4. Create a user and add it to an existing group
-g = The group name or number of the user's initial login group. The group name must exist.
5. Add a user to multiple groups
-G = A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. (name or GID)
6. Add a user without home directory
-M = Do not create the user's home directory, even if the system wide setting from /etc/login.defs (CREATE_HOME) is set to yes.
7. Create a temporary account
-e = The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.
-f = The number of days after a password expires until the account is permanently disabled.
8. Create the account and leave a comment
-c = Any text string. It is generally a short description of the login
9. Choose the login shell
-s = The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell specified by the SHELL variable in /etc/default/useradd
/usr/sbin/nologin = add the account without user shell
delete a user account and related files
1. Delete the user account and the user home directory
-r, --remove = Files in the user's home directory will be removed along with the home directory itself and the user's mail spool.
2. Force the removal
-f, --force = This option forces the removal of the user account, even if the user is still logged in.
After creating user accounts, in some scenarios where we need to change the attributes of an existing user such as, change user’s home directory, login name, login shell, password expiry date, etc, where in such case ‘usermod’ command is used.
When we execute ‘usermod‘ command in terminal, the following files are used and affected.
1. Add a comment
-c, --comment = The new value of the user's password file comment field.
2. Change user home directory
-d, --home = The user's new login directory.
3. Set account expiration
-e, --expiredate = The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.
4. Change user primary group
-g, --gid = The group name or number of the user's new initial login group. The group must exist.
5. Adding an existing user to other groups
-G, --groups = A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace.
6. Change login name, or username
-l, --login = The name of the user will be changed from LOGIN to NEW_LOGIN. Nothing else is changed. In particular, the user's home directory or mail spool should probably be renamed manually to reflect the new login name.
7. Lock user account
-L, --lock = Lock a user's password. This puts a '!' in front of the encrypted password, effectively disabling the password.
8. Unlock a user
-U, --unlock = Unlock a user's password. This removes the '!' in front of the encrypted password.
9. Move home directory to a new location
-m, --move-home = Move the content of the user's home directory to the new location.
10. Change user shell
-s, --shell = The name of the user's new login shell.
11. Change user UID
-u, --uid = The new numerical value of the user's ID.
12. Change user GID
-g, --gid = The group name or number of the user's new initial login group.
The /etc/group file holds all of the group information, as well as the users belonging to each group. The structure is very similar to that of /etc/password.
1. Create a new group
2. Specify the GID
-g, --gid = The numerical value of the group's ID. This value must be unique, unless the -o option is used.
3. Create a system group
-r, --system = Create a system group.
delete a group
1. Delete an existing group
modify a group definition on the system
1. Change group name
-n, --new-name = The name of the group will be changed from GROUP to NEW_GROUP name.
2. Change GID
-g, --gid = The group ID of the given GROUP will be changed to GID.