User account management is one of the many challenges of Linux system administrators. Some of the responsibilities of a system administrator are enabling/disabling user accounts, preserving the home directory, setting user permissions, assigning groups/shells to users, and managing passwords.
Effective control of user accounts is only possible after familiarity with the basics of Linux account management. Hence, this article is a stepping stone towards securing user accounts. It demonstrates how to create, delete and modify user accounts and manage predefined settings or files to build the most suitable and secure environment for Linux users.
How to Add User Accounts in Linux
As a word of precaution, any user who utilizes your Linux machine must have a separate user account. A user account allows you to separate your files in a safe space with the ability to tailor your home directories, path, environment variables, etc.
Before beginning with the creation of a new user, list the available user accounts with the help of the cut command as follows:
cut -d: -f1 /etc/passwd
The simplest way of creating a new user account in Linux is with the help of useradd. This utility offers various parameters to specify additional information while adding a new user. Some of the options are:
- -c: Adds description/comment to a user account.
useradd -c "John Wise" john
- -d: Sets the home directory for the specified user. By default, the useradd command sets it to the username (/home/john), but you can replace it with the directory of your choice as follows:
useradd -d /mnt/home/john
- -g: Allows you to set the primary group of a user. The user will be added to a group by default if you don't add one during the creation process.
- -G: Adds the user to multiple groups.
useradd -G juice,apple,linux,tech john
- -o: Creates a new user account using the UID of an existing user.
- -p: Used to add an encrypted password to the account. You can also add your password later using the passwd command.
For instance, here's how you can use the useradd command and some of the above parameters to add a new user:
useradd -g tech -G apple,linux -s /bin/zsh -c "James Adem" adem
In the user creation process, the aforementioned command performs several actions:
- Sets tech as the primary group of the user
- Sets Zsh as the default shell for the user
- Adds adem to the apple and linux groups. This operation also creates new entries inside the /etc/group file.
- Sets /home/adem as the default home directory
- Creates new entries inside the /etc/passwd and /etc/shadow files. The command adds the following line to the /etc/passwd file:
Modify Default User Settings
The useradd command reads the default values from /etc/login.defs, /etc/useradd, and /etc/default/useradd. You can open the files in your favorite text editor in Linux, make and save the appropriate changes before using the command.
You can view some of the settings available inside login.defs using the following command:
cat /etc/login.defs | grep 'PASS\|UID\|GID'
The uncommented lines are keywords with values. For instance, the PASS_MAX_DAYS keyword sets a maximum of 9999 days for password expiration. Similarly, the PASS_MIN_LEN keyword requires the password length to be at least five characters. Lastly, the UID and GID keywords allow customization of the user and group ID ranges for any new user account.
You can also view/modify the default settings present inside the files by using the useradd command with the -D flag.
Note that you don't use the -D flag to create a new account. Instead, it only allows you to change the default settings. Also, it supports changes for only a few parameters that the useradd command uses to create an account.
-b Modifies the default home directory (/home) for new user accounts. -g Modifies the default new user primary group (username) with another default group. -s Replaces the default /bin/bash shell with another default shell. -e Modifies the default expiration date to disable a user account in YYYY-MM-DD format. -f Allows to set inactive days before the account is disabled and after password expiration
For instance, the following command changes the default shell to /bin/sh and the home directory to /home/new:
useradd -D -b /home/new -s /bin/sh
Modify User Groups on Linux
usermod is another simple yet straightforward Linux utility to modify user account details. It supports similar parameters or flags as the useradd command and that's why its usage is quite simple.
For instance, you can change the default shell of the user adem from /bin/sh to /bin/bash as follows:
usermod -s /bin/bash adem
Now to include adem in the sales group, you'll need to use the -aG flag as a simple -G flag will remove the user from the previously added supplementary groups: apple and linux.
usermod -aG sales ademcat /etc/group | grep adem
How to Delete User Accounts on Linux
Linux offers another command-line utility userdel to delete any user account. Here's the basic syntax:
However, it will only remove the account details from the /etc/passwd file. To remove the user's home directory as well, use the -r flag, as follows:
userdel -r username
As a precaution, we recommend finding all the files owned by the user and reassigning them to any other existing user account. Use the find command to list all the files either owned by the user or assigned to a user ID you have removed or not associated with any user.
find / -user username -lsfind / -uid 504 -lsfind / -nouser -ls
Linux User Account Management in a Nutshell
This article demonstrates Linux user account creation, deletion, and modification examples with tips and tricks for any beginner Linux user who wants to pursue system administration and learn user account management.
It also shows how to edit the configuration files to define UID and GID ranges and change the default settings for user account creation in Linux.