Managing Users And Groups In Linux – A Complete Guide For Beginners
In this article, we are going to learn how to manage Users and Groups in Linux. This article is a complete reference for beginners to get to understand the concept of users and groups. Any kind of operating system whether its Linux or Microsoft Windows or any others can be accessible or usable by login through username and password. In Linux, if you have a user but not yet set a password for that user then it’s not possible to login. It’s mandatory to have both username and password in Linux to log in.
Certain configuration files are there in Linux to store databases, Information, and features of users and groups. The main configuration files are listed below :
I will explain all the above files and also will show you how we can use these files to manage users and groups.
Follow the below commands to manage Users and Groups in Linux:
Create a New User using useradd command set Password for that user using passwd command.
[[email protected] ~]# useradd itsmarttricks # Create a new User [[email protected] ~]# passwd itsmarttricks # Set Password for new User Changing password for user itsmarttricks. New password: Retype new password: passwd: all authentication tokens updated successfully.
We can confirm the user-created or not by using id command.
[[email protected] ~]# id itsmarttricks uid=501(itsmarttricks) gid=501(itsmarttricks) groups=501(itsmarttricks)
After creating a user system writes information in two files i.e. “/etc/passwd” and “/etc/shadow” and takes information from /etc/login.defs.
Explaining /etc/passwd :
/etc/passwd is also called a password file. It stores Users useful information like password, UID (User ID), GID (Group ID), Users home directory, Login Shell script of each and every user that is created in Linux. after creating a new user system creates an entry for that user in /etc/passwd file. Here I create a username called itsmarttricks and the entry which is created in /etc/passwd file for user itsmarttricks is shown below.
[[email protected] ~]# cat /etc/passwd | grep itsmarttricks itsmarttricks:x:501:501::/home/itsmarttricks:/bin/bash
- itsmarttricks– Name of the User
- x – Excrypted Password of the User
- 501 – User ID OR UID
- 501 – Group ID OR GID
- User Related Comment/Information – This Field is optional. Here you can store Users Information Like Address, Phone Number, etc.
- /home/itsmarttricks– Home Directory of the User
- /bin/bash – Login shell script of the User
As you can see above each entry of user in /etc/passwd file is divided into 7 fields and each and every fields are separated by a colon (:). /etc/passwd is a world-readable file.
Let me add a comment for user itsmarttricks to make your concept more clear.
[[email protected] ~]# usermod -c "comment" itsmarttricks [[email protected] ~]# cat /etc/passwd | grep itsmarttricks itsmarttricks:x:501:501:comment:/home/itsmarttricks:/bin/bash
c – To set a comment for a User
As you can see above your 5th field i.e. comment section of the user is showing the comment that we set now.
Explaining /etc/shadow :
/etc/shadow file contains more advanced features of users shown below. It contains 9 fields and each field is separated by a colon (:) and password of the user are stored in /etc/shadow file in a completely encrypted format. It’s not a world-readable file.
[[email protected] ~]# cat /etc/shadow | grep itsmarttricks itsmarttricks:$1$yruOLQDY$gRoeGKRDv46fnnd0Hxg1W1:17264:0:99999:7:1::
- itsmarttricks– Username
- $1$yruOLQDY$gRoeGKRDv46fnnd0Hxg1W1 – Encrypted Password
- 17264 – Password was Last changed Since 1st Jan 1970 (It’s epoch also called as Unix Time)
- 0 – These Minimum Number of day’s left for the user to change the password.
- 99999 – These maximum number of day’s till the user allowed to use the Password OR The password is valid till these number of days and user after these days user must change the password
- 7 – These number of days before the user will receive a warning message about password expiry OR within these days user should change the password.
- 1 – The account will disable once the Password expiry after this number of days. Means after password expired the system will wait for these number of days (Here it’s 1 day) and then the account will be disabled.
- This is Blank – The days since (1st Jan 1970) the account is in Disabled state.
- This field is Blank – Reserved for Future use.
/etc/login.defs is contained advanced predefined features for users and groups. For example Password length, when the password will expire, when the user should change the password, Mail directory path of the user, Maximum/Minimum UID/GID Numbers, ask permission for the user, etc. Follow the below mentioned some important configurations of /etc/login.defs for your reference.
#QMAIL_DIR Maildir MAIL_DIR /var/spool/mail #MAIL_FILE .mail # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 # Min/max values for automatic uid selection in useradd # UID_MIN 500 UID_MAX 60000 # # Min/max values for automatic gid selection in groupadd # GID_MIN 500 GID_MAX 60000 # The permission mask is initialized to this value. If not specified, # the permission mask will be initialized to 022. UMASK 077
Create a new Group using groupadd command.
[[email protected] ~]# groupadd admins # Create a new Group
To confirm the group created or not refer to the below command.
[[email protected] ~]# cat /etc/group | grep admins admins:x:500:
Set Password for the Group.
[[email protected] ~]# gpasswd employees # Set Password for the Group Changing the password for group employees New Password: Re-enter new password:
Explaining /etc/group :
After creating a new group system creates an entry for that group in /etc/group file. This entry is divided into 4 Fields. Each field is separated by a colon (:). all fields are explained below.
[[email protected] ~]# cat /etc/group | grep employees employees:x:501:michelle,u1
- employees – Name of the Group
- x – Encrypted Password for the Group
- 501 – Group ID OR GID
- Michelle,u1 – Members of the Group
You can rename an existing group using groupmod command. Here I am renaming the admins to employees Refer to the output below.
Syntax : groupmod -n [new name] [old name]
[[email protected] ~]# groupmod -n employees admins # Rename a Group
n – To rename a Group
Delete a Group. Here I am deleting the group employees.
[[email protected] ~]# groupdel employees # Delete a Group
Create a new User and add to Primary Group OR Create a New user and set specified group as a Primary group of that user.
[[email protected] ~]# useradd -g admins justin # Add user to Primary Group [[email protected] ~]# cat /etc/passwd | grep justin justin:x:502:500::/home/justin:/bin/bash [[email protected] ~]# cat /etc/group | grep admins # Confirming the GUID of admins admins:x:500: # GUID of admins is 500
g – To specify the primary group for a user
Change the Primary Group of an existing User.
[[email protected] ~]# usermod -g workers justin # Change the Primary Group of a Existing User [[email protected] ~]# cat /etc/passwd | grep justin justin:x:502:503::/home/justin:/bin/bash
Add a user in the secondary group.
[[email protected] ~]# usermod -G employees don # Add a user in secondary group [[email protected] ~]# id don uid=507(don) gid=509(don) groups=509(don),501(employees)
G – To specify a secondary group for a user
Add an existing user to multiple groups.
Note: Keep in mind that when you are adding an existing user to multiple groups then don’t forget to use the option -a with option -G. Let me explain to you what is the reason behind that by taking an example.
Assume that you have a user i.e. u1 which is currently a member of groups g1 and g2. Now you want to add the user u1to one more group i.e. g3. In that case, you have to use option -a with -G. If you only use the option -G then the user will remove from previous groups i.e. from g1 and g2 and will be the only member of g3.
[[email protected] ~]# usermod -a -G admins,employees,workers,marketers linda [[email protected] ~]# id linda uid=508(linda) gid=510(linda) groups=510(linda),500(admins),501(employees),502(marketers),503(workers)
Create a New user, add the new user to a Primary Group and add to multiple groups in a Single command.
[[email protected] ~]# useradd -g admins -G employees,marketers,workers michelle [[email protected] ~]# id michelle uid=509(michelle) gid=500(admins) groups=500(admins),501(employees),502(marketers),503(workers)
g – To add a user to Primary Group
G – To add User to Multiple Groups
Create a New user with a different Home directory or specified home directory. Here I am creating a New user i.e. john and the home directory of the user would be /users/john.
[[email protected] ~]# useradd -d /users/john john # Create a new user in different home directory [[email protected] ~]# cat /etc/passwd | grep john john:x:505:505::/users/john:/bin/bash [[email protected] ~]# id john
d – To specify a Home Directory for New User.
Change the Home directory of an existing user. Here I have a user named mangesh whose current home directory is /home/mangesh.
[[email protected] home]# cat /etc/passwd | grep mangesh mangesh:x:501:501::/home/mangesh:/bin/bash
Now let’s change the home directory of the user. Refer to the command below.
[[email protected] home]# usermod -d /users/mangesh/ mangesh # Changing the home directory of a existing User [[email protected] home]# cat /etc/passwd | grep mangesh mangesh:x:501:501::/users/mangesh/:/bin/bash
d – To Specify a new Home directory for the User.
This article contains all basic needed command with information of Users and Groups. I will write a dedicated article for advance usage of useradd and groupadd command very soon.
For more reference, you can use below commands in your Linux system to get more info about this topic.
[[email protected] ~]# man useradd [[email protected] ~]# man usermod [[email protected] ~]# man groupadd [[email protected] ~]# man groupmod [[email protected] ~]# man groupdel [[email protected] ~]# useradd --help [[email protected] ~]# usermod --help
That’s all, In this article, we have explained Managing Users And Groups In Linux – A Complete Guide For Beginners. I hope you enjoy this article. If you like this article, then just share it. If you have any questions about this article, please comment.