User management is a fundamental aspect for any Linux system administrator. Whether overseeing a single machine or a network of servers, maintaining order among user accounts is vital for system control and security. Proper management ensures that access is provided solely to those who genuinely require it and only for as long as necessary. Unrestricted privileges can lead to potential breaches of sensitive data or critical resources. In this article, we delve into essential command-line tools that empower administrators to create, modify, and remove user accounts straight from the terminal.
Essential Files for Managing Users on Linux
Linux stores critical user and group information in specific system files. These files encapsulate account details, password data, and group permissions, serving as a foundation for user management and access control.
| File / Directory | Description |
|---|---|
| /etc/passwd | Contains UID, GID, home directory, and default shell. Readable by all, editable by root/sudo only. |
| /etc/group | Lists group names, GIDs, and members, essential for managing group memberships and permissions. |
| /etc/sudoers | Details which users/groups may execute commands as root. Requires careful editing. |
| /etc/shadow | Houses password hashes and expiration information. Access is restricted to root only. |
| /etc/gshadow | Contains group password details and expiration information, accessible only by root. |
| /etc/skel | Files like “.bashrc”and “.profile”are automatically copied to new user home directories. |
| /etc/login.defs | Configures settings for password aging, expiration, and various security policies. |
How to View Existing Users
A straightforward approach to check existing users on a Linux system is by inspecting the “/etc/passwd”file, which holds essential information about user accounts. To view this file, execute:
sudo cat /etc/passwd
Each line in the file corresponds to a unique user account.
The id command provides the UID, GID, and all groups to which the user belongs:
id usernamegroups usernamegetent passwd username
Alternatively, the groups command shows only the groups associated with a user. The getent command retrieves account details from system databases, including “/etc/passwd, ”LDAP, or other configured sources.
Using the useradd Command to Create Users
The useradd command is a fundamental utility available across most distributions but is generally considered less user-friendly compared to adduser. Despite their differences, both commands perform similar functions.
To learn more about the useradd command, use the man command or append --help for a brief guide:
man useradd--help
To create a new user along with a home directory, you can use the following command:
sudo useradd --create-home
If you omit the --create-home option, the user account will not have a personal directory. After creating the user, verify its existence by running the grep command:
grep /etc/passwd
Creating Users with the adduser Command
Unlike useradd, the adduser command is a Perl script that provides an interactive user creation experience, prompting for password and home directory details, among others. In many distributions like Red Hat and CentOS, adduser serves as a symbolic link to useradd. However, on other systems like Arch Linux, a separate package may include adduser.
When invoked, this command usually generates a group with the same name as the user. Default settings for users created through useradd may be adjusted in the “/etc/default/useradd”file, where attributes such as default shell and home directory can be predefined.
To create a new user, execute the following command:
sudo adduser testuser
You will be prompted to set and confirm a password, provide additional user information, and finalize the account creation.
Updating User Passwords
Once a user account has been established, you can modify the user’s password using the passwd command like this:
sudo passwd
Executing this command will prompt you to enter and confirm a new password. Regular users can only change their password if they run the command without sudo.
Password complexity requirements are enforced by PAM (Pluggable Authentication Modules) and can typically be configured in “/etc/pam.d/common-password”on Ubuntu systems. For further guidance, consult the pam-auth-update manual.
Utilizing the usermod Command for User Management
The usermod command provides a mechanism to change attributes of existing user accounts. This includes updating user IDs, login names, home directories, or group memberships. For instance, to alter a user’s UID, use:
sudo usermod -u
Change in UID or GID may affect file ownership and permissions across the system.
To change a user’s home directory, utilize the following:
sudo usermod -d
Additionally, you can lock or unlock user accounts with the following commands:
sudo usermod -L sudo usermod -U
Finally, you can set an account expiration date with the --expiredate option:
sudo usermod --expiredate
These adjustments enable you to manage user access and attributes effectively without necessitating account deletion.
Integrating Users into Groups
Groups facilitate shared permissions among multiple users, which is particularly beneficial for managing files, running services, or executing administrative tasks collectively.
To integrate a user into a specific group, use the following usermod command with the -a and -G options:
sudo usermod -a -G
The -a flag is crucial as it appends the user to existing groups; omitting it may lead to overwriting the current group memberships.
Alternatively, the gpasswd command can also manage group memberships:
sudo gpasswd -a username groupname
To remove a user from a group, execute:
sudo gpasswd -d username groupname
Deleting User Accounts
When a user account is no longer required, it can be removed using the userdel command:
sudo userdel username
This command deletes the user account but preserves the user’s home directory. For complete removal, including the home directory, use:
sudo userdel -r username
Keep in mind that userdel will not execute if active processes are running under the user account.
Tracking User Login Activities
Monitoring login activities is essential for system administrators to identify unauthorized access attempts and resolve authentication issues. For Ubuntu and Debian systems, login attempts are logged in “/var/log/auth.log.”To check the latest entries, use:
sudo tail /var/log/auth.log
For Red Hat or CentOS systems, you can find login records in “/var/log/secure”.Furthermore, systems that utilize systemd may offer another method to view authentication logs with:
sudo journalctl | grep ssh
This proactive user account management approach keeps your system organized and safeguards against unauthorized access.
Related Articles:
Linux 7.1 Kernel Introduces Intel FRED, Enhances AMD GPU Defaults, and Phases Out Intel 486 CPU Support
13:54
Why I Switched from Claude Code to Codex and Regret Not Doing It Sooner
9:17
Understanding NVIDIA DLSS: An Explanation of Upscaling and Alternative Solutions
9:16
Leave a Reply