User and group management in Linux


Nitin Venkatesh's Gravatar

Nitin Venkatesh
published Aug. 4, 2014, 6 a.m.


Let's look at a few commands for adding, modifying and deleting users and groups alike. The commands are similar - useradd,usermod,userdel and groupadd,groupmod,groupdel.

Note: Although a lot can be achieved using these tools, only a few operations have been demonstrated in the post for the sake of brevity. Please refer to the man pages to know about them.

User Management

Adding a user - useradd

Creating a user is as simple as typing the username after the useradd command. By default, it will also create a group with the same name and the user will be added to it. For example, to create a user called test, I'd use the command sudo useradd test. This creates a new user and a group for the new user, but as you can see there is no directory created in /home for the user.

nitin@jane-saucy:~$ sudo useradd test
nitin@jane-saucy:~$ id test
uid=1001(test) gid=1001(test) groups=1001(test)
nitin@jane-saucy:~$ ls -la /home
total 12
drwxr-xr-x  3 root  root  4096 Jul 31 01:29 .
drwxr-xr-x 24 root  root  4096 Jul  5 07:57 ..
drwxr-xr-x 66 nitin nitin 4096 Jul 31 00:35 nitin

This is useful when you want to create a user who just needs to login and use the system in it's current state without having to store any personal files, etc.. for themselves. For example, an administrator needs access to do his/her duties while a regular user might want their own home directory to store their files etc..

To create a home directory for the user, we use the -m switch. This creates the home directory for the user and then copies the default configuration files from the /etc/skel directory.

You can change the contents of this directory to add/edit configuration files as you see fit for new users. You could also specify a different path to copy the configuration files from, instead of /etc/skel with the -k or --skel switch.

nitin@jane-saucy:~$ sudo useradd -m test -p password
nitin@jane-saucy:~$ ls /home
nitin  test
nitin@jane-saucy:~$ ls -la /home/test
total 32
drwxr-xr-x 2 test test 4096 Jul 31 01:26 .
drwxr-xr-x 4 root root 4096 Jul 31 01:26 ..
-rw-r--r-- 1 test test  220 Mar 30  2013 .bash_logout
-rw-r--r-- 1 test test 3637 Mar 30  2013 .bashrc
-rw-r--r-- 1 test test 8980 Oct  4  2013 examples.desktop
-rw-r--r-- 1 test test  675 Mar 30  2013 .profile
nitin@jane-saucy:~$ id test
uid=1001(test) gid=1001(test) groups=1001(test)

When you try to add an existing user, it spits out an error message very nicely.

nitin@jane-saucy:~$ sudo useradd nitin
useradd: user 'nitin' already exists

Adding users, debian style! - adduser

Debian and distros like Ubuntu, based on Debian, have a cool li'l tool called adduser that does a neat job of creating a user. The usage of this tool without any extra switches provides an interactive way of creating a user.

nitin@jane-saucy:~$ sudo adduser test
[sudo] password for nitin: 
Adding user `test' ...
Adding new group `test' (1001) ...
Adding new user `test' (1001) with group `test' ...
Creating home directory `/home/test' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for test
Enter the new value, or press ENTER for the default
    Full Name []: Test User
    Room Number []: 000
    Work Phone []:  
    Home Phone []: 
    Other []: 
Is the information correct? [Y/n] y
nitin@jane-saucy:~$ id test
uid=1001(test) gid=1001(test) groups=1001(test)

Modifying User Attributes - usermod

You can modify almost everything that you can specify when creating a user. We're just going to be looking at modifying the groups the user belongs to.

To change the group that the user belongs to, use the -g switch. This removes the user from the current group he/she belongs to and puts them in the group specified.

nitin@jane-saucy:~$ sudo usermod -g nitin test
nitin@jane-saucy:~$ id test
uid=1001(test) gid=1000(nitin) groups=1000(nitin)

You can specify multiple groups with the -G switch

nitin@jane-saucy:~$ sudo usermod -G nitin,test test
nitin@jane-saucy:~$ id test
uid=1001(test) gid=1000(nitin) groups=1000(nitin),1001(test)

To append to a user's existing list of groups, use the -a switch

nitin@jane-saucy:~$ sudo usermod -aG nitin test
nitin@jane-saucy:~$ id test
uid=1001(test) gid=1001(test) groups=1001(test),1000(nitin)

Deleting a user - userdel

To delete a user, use the userdel command followed by the username. Although this deletes the user, the home directory contents and the mail spool of the user are retained.

nitin@jane-saucy:~$ sudo userdel test
nitin@jane-saucy:~$ id test
id: test: no such user
nitin@jane-saucy:~$ ls /home
nitin  test

To delete a user and remove their home directory and mail spool, use the -r switch.

nitin@jane-saucy:~$ sudo userdel -r test
userdel: test mail spool (/var/mail/test) not found
nitin@jane-saucy:~$ ls /home
nitin
nitin@jane-saucy:~$ id test
id: test: no such user

Group Management

The group management commands are synonymous to the user management commands.

Adding a group - groupadd

To add a group, use groupadd

nitin@jane-saucy:~$ sudo groupadd testgrp
nitin@jane-saucy:~$ grep testgrp /etc/group
testgrp:x:1001:

Similar to useradd, it won't allow you to create another group of the same name that already exists on the system.

nitin@jane-saucy:~$ sudo groupadd nitin
groupadd: group 'nitin' already exists

Modifying group attributes - groupmod

groupmod allows you to change the attributes of a group like its name, GID, password and so on.

To change the name of a group, use the -n switch like so,

nitin@jane-saucy:~$ sudo groupmod -n grptestrocks testgrp 
nitin@jane-saucy:~$ grep test /etc/group
grptestrocks:x:1001:

Deleting a group - groupdel

groupdel deletes the group specified as its argument.

nitin@jane-saucy:~$ sudo groupdel grptestrocks 
nitin@jane-saucy:~$ grep test /etc/group
nitin@jane-saucy:~$

There are many, many, many more things that you can configure and tweak about with the above said tools. You can learn about them from their man pages.