MANAGING USERS AND GROUPS IN LINUX – A COMPLETE GUIDE FOR BEGINNERS

Introduction

In this article we are going to learn how to manage Users and Groups in Linux. This article is complete reference for beginners to get understand the concept of users and groups.

Any kind of operating system whether its Linux or Microsoft windows or any others can be accessible or usable by login through username and password. In Linux if you have a user but not yet set a password for that user then it’s not possible to login. It’s mandatory to have both username and password in Linux to log in.

Certain configuration files are there in Linux to store database, Information and features of users and groups. The main configuration files are listed below :

• /etc/passwd
• /etc/shadow
• /etc/group
• /etc/login.defs

I will explain all above files and also will show you how we can use these files to manage users and groups.

Follow the below commands to manage Users and Groups in Linux

Create a New User using useradd command set Password for that user using passwd command.

[root@localhost ~]# useradd elinuxbook   # Create a new User
[root@localhost ~]# passwd elinuxbook   # Set Password for new User
Changing password for user elinuxbook.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.

We can confirm the user created or not by using id command.

[root@localhost ~]# id elinuxbook
uid=501(elinuxbook) gid=501(elinuxbook) groups=501(elinuxbook)

After creating a user system writes information in two files i.e. “/etc/passwd” and “/etc/shadow” and takes information from /etc/login.defs.

Explaining /etc/passwd :

/etc/passwd is also called as password file. It stores Users useful informations like password, UID (User ID), GID (Group ID), Users home directory, Login Shell script of each and every user that is created in Linux. after creating a new user system creates a entry for that user in /etc/passwd file. Here I create a username called elinuxbook and the entry which is created in /etc/passwd file for user elinuxbook is shown below.

[root@localhost ~]# cat /etc/passwd | grep elinuxbook
elinuxbook:x:501:501::/home/elinuxbook:/bin/bash

Where :

• elinuxbook – Name of the User
• x – Excrypted Password of the User
• 501 – User ID OR UID
• 501 – Group ID OR GID
• User Related Comment/Information – This Field is optional. Here you can store Users Information Like Address, Phone Number..etc..
• /home/elinuxbook – Home Directory of the User
• /bin/bash – Login shell script of of the User

As you can see above each entry of user in /etc/passwd file is devided in 7 fields and each and every fields are separated by a colon (:). /etc/passwd is a world readable file.

Let me add a comment for user elinuxbook to make your concept more clear.

[root@localhost ~]# usermod -c "comment" elinuxbook
[root@localhost ~]# cat /etc/passwd | grep elinuxbook
elinuxbook:x:501:501:comment:/home/elinuxbook:/bin/bash

Where :

c – To set comment for a User

As you can see above your 5th field i.e. comment section of the user is showing the comment that we set now.

Also Read :

• EXPLAINING SPECIAL LINUX PERMISSIONS ( SUID | SGID | STICKY BIT )
• HOW TO CREATE SYMLINK (SYMBOLIC LINK) AND HARDLINK IN LINUX
• COMPLETE UNIX COMMANDS AND BASIC LINUX COMMANDS WITH EXAMPLES FOR BEGINNERS 

Explaining /etc/shadow :

/etc/shadow file contains more advance features of users which shown below. It contains 9 fields and each field is separated by a colon (:)  and password of the user is stores in /etc/shadow file in completely encrypted format. It’s not an world readable file.

[root@localhost ~]# cat /etc/shadow | grep elinuxbook
elinuxbook:$1$yruOLQDY$gRoeGKRDv46fnnd0Hxg1W1:17264:0:99999:7:1::

Where :

• elinuxbook – Username
• $1$yruOLQDY$gRoeGKRDv46fnnd0Hxg1W1 – Encrypted Password
• 17264 – Password was Last changed Since 1st Jan 1970 (It’s epoch also called as Unix Time)
• 0 – These Minimum Number of day’s left for the user to change the password.
• 99999 – These maximum number of day’s till the user allowed to use the Password OR The password is valid till these number of days and user after these days user must change the passsword
• 7 – These number of days before user will receive a warning message about password expiry OR within these days user should change the password.
• 1 – The acount will disable once the Password expiry after these number of days. Means after password expired the system will wait for these number of days (Here it’s 1 day) and then the account will disabled.
• This is Blank – The days since (1st Jan 1970) the account is in Disabled state.
• This field is Blank – Reserved for Future use.

Explaining /etc/login.defs

/etc/login.defs is contains advance pre defined features for users and groups. For example Password length, when the password will expire, when user should change the password, Mail directory path of the user, Maximum/Minimun  UID/GID Numbers, umask permission for user..etc…Follow the below mentioned some important configurations of /etc/login.defs for your reference.

#QMAIL_DIR Maildir
MAIL_DIR        /var/spool/mail
#MAIL_FILE      .mail

# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7

# Min/max values for automatic uid selection in useradd
#
UID_MIN                   500
UID_MAX                 60000

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN                   500
GID_MAX                 60000

# The permission mask is initialized to this value. If not specified, 
# the permission mask will be initialized to 022.
UMASK           077

Create a new Group using groupadd command.

[root@localhost ~]# groupadd admins   # Create a new Group

To confirm the group created or not refer the below command.

[root@localhost ~]# cat /etc/group | grep admins
admins:x:500:

Set Password for the Group.

[root@localhost ~]# gpasswd employees   # Set Password for the Group
Changing the password for group employees
New Password: 
Re-enter new password: 

Explaining /etc/group :

After creating  a new group system creates an entry for that group in /etc/group file. This entry is divided in 4 Fields. Each field is separated by colon (:). all fields are explained below.

[root@localhost ~]# cat /etc/group | grep employees
employees:x:501:michelle,u1

Where :

• employees – Name of the Group
• x – Encrypted Password for the Group
• 501 – Group ID OR GID
• michelle,u1 – Members of the Group

You can rename a existing group using groupmod command. Here I am renaming the admins to employees Refer the output below.

Syntax : groupmod -n [new name] [old name]

[root@localhost ~]# groupmod -n employees admins   # Rename a Group

Where :

n – To rename a Group

Delete a Group. Here I am deleting the group employees.

[root@localhost ~]# groupdel employees   # Delete a Group

Create a new User and add to Primary Group OR Create a New user and set spcified group as a Primary group of that user.

[root@localhost ~]# useradd -g admins justin   # Add user to Primary Group
[root@localhost ~]# cat /etc/passwd | grep justin
justin:x:502:500::/home/justin:/bin/bash
[root@localhost ~]# cat /etc/group | grep admins   # Confirming the GUID of admins
admins:x:500:   # GUID of admins is 500

g – To specify the primary group for a user

Change the Primary Group of a existing User.

[root@localhost ~]# usermod -g workers justin   # Change the Primary Group of a Existing User
[root@localhost ~]# cat /etc/passwd | grep justin
justin:x:502:503::/home/justin:/bin/bash

Add a user in secondary group.

[root@localhost ~]# usermod -G employees don   # Add a user in secondary group

[root@localhost ~]# id don
uid=507(don) gid=509(don) groups=509(don),501(employees)

Where :

G – To specify a  secondary group for a user

Add existing user to multiple groups.

Note : Keep in mind that when you are adding a existing user to multiple groups then don’t forgot to use the option -a with option -G. Let me explain you what is the reason behind that ny taking an example.

Assume that you have a user i.e. u1 which is currently member of groups g1 and g2. Now you want to add the user u1 to one more group i.e. g3. In that case you have to use option -a with -G. If you only use the option -G then the user will remove from previous groups i.e. from g1 and g2 and will be only member of g3.

[root@localhost ~]# usermod -a -G admins,employees,workers,marketers linda

[root@localhost ~]# id linda
uid=508(linda) gid=510(linda) groups=510(linda),500(admins),501(employees),502(marketers),503(workers)

Create a New user, add the new user to a Primary Group and add to multiple groups in a Single command.

[root@localhost ~]# useradd -g admins -G employees,marketers,workers michelle

[root@localhost ~]# id michelle
uid=509(michelle) gid=500(admins) groups=500(admins),501(employees),502(marketers),503(workers)

Where :

g – To add user to Primary Group
G – To add User to Multiple Groups

Create a New user with different Home directory or specified home directory. Here I am creating a New user i.e. john and the home directory of the user would be /users/john.

[root@localhost ~]# useradd -d /users/john john   # Create a new user in different home directory
[root@localhost ~]# cat /etc/passwd | grep john
john:x:505:505::/users/john:/bin/bash
[root@localhost ~]# id john

Where :

d – To specify a Home Directory for New User.

Change Home directory of a existing user. Here I have a user named Lowrence whose current home directory is /home/lowrence.

[root@localhost home]# cat /etc/passwd | grep lowrence
lowrence:x:501:501::/home/lowrence:/bin/bash

Now let’s change the home directory of the user. Refer the command below.

[root@localhost home]# usermod -d /users/lowrence/ lowrence   # Changing the home directory of a existing User
[root@localhost home]# cat /etc/passwd | grep lowrence
lowrence:x:501:501::/users/lowrence/:/bin/bash

Where :

d – To Specify a new Home directory for the User.

This article contains all basic needed command with information of Users and Groups. I will write a dedicated article for advance usage of useradd and groupadd command very soon.

For more reference you can use below commands in your Linux system to get more info about this topic.

[root@localhost ~]# man useradd
[root@localhost ~]# man usermod
[root@localhost ~]# man groupadd
[root@localhost ~]# man groupmod
[root@localhost ~]# man groupdel
[root@localhost ~]# useradd --help
[root@localhost ~]# usermod --help

If you found this article useful then Like Us, Subscribe Us or If you have something to say then feel free to comment on the comment box below.