Managing Users And Groups In Linux – A Complete Guide For Beginners

In this article, we are going to learn how to manage Users and Groups in Linux. This article is a complete reference for beginners to get to understand the concept of users and groups.  Any kind of operating system whether its Linux or Microsoft Windows or any others can be accessible or usable by login through username and password. In Linux, if you have a user but not yet set a password for that user then it’s not possible to login. It’s mandatory to have both username and password in Linux to log in.

Managing Users And Groups In Linux – A Complete Guide For Beginners
Managing Users And Groups In Linux – A Complete Guide For Beginners

Certain configuration files are there in Linux to store databases, Information, and features of users and groups. The main configuration files are listed below :

  • /etc/passwd
  • /etc/shadow
  • /etc/group
  • /etc/login.defs

I will explain all the above files and also will show you how we can use these files to manage users and groups.

Follow the below commands to manage Users and Groups in Linux:

Create a New User using useradd command set Password for that user using passwd command.

[root@localhost ~]# useradd itsmarttricks   # Create a new User
[root@localhost ~]# passwd itsmarttricks   # Set Password for new User
Changing password for user itsmarttricks.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.

We can confirm the user-created or not by using id command.

[root@localhost ~]# id itsmarttricks
uid=501(itsmarttricks) gid=501(itsmarttricks) groups=501(itsmarttricks)

After creating a user system writes information in two files i.e. “/etc/passwd” and “/etc/shadow” and takes information from /etc/login.defs.

Explaining /etc/passwd :

/etc/passwd is also called a password file. It stores Users useful information like password, UID (User ID), GID (Group ID), Users home directory, Login Shell script of each and every user that is created in Linux. after creating a new user system creates an entry for that user in /etc/passwd file. Here I create a username called itsmarttricks and the entry which is created in /etc/passwd file for user itsmarttricks is shown below.

[root@localhost ~]# cat /etc/passwd | grep itsmarttricks
itsmarttricks:x:501:501::/home/itsmarttricks:/bin/bash

Where :

  • itsmarttricks– Name of the User
  • x – Excrypted Password of the User
  • 501 – User ID OR UID
  • 501 – Group ID OR GID
  • User Related Comment/Information – This Field is optional. Here you can store Users Information Like Address, Phone Number, etc.
  • /home/itsmarttricks– Home Directory of the User
  • /bin/bash – Login shell script of the User

As you can see above each entry of user in /etc/passwd file is divided into 7 fields and each and every fields are separated by a colon (:). /etc/passwd is a world-readable file.

Let me add a comment for user itsmarttricks to make your concept more clear.

[root@localhost ~]# usermod -c "comment" itsmarttricks
[root@localhost ~]# cat /etc/passwd | grep itsmarttricks
itsmarttricks:x:501:501:comment:/home/itsmarttricks:/bin/bash

Where :

c – To set a comment for a User

As you can see above your 5th field i.e. comment section of the user is showing the comment that we set now.

Also Read – Complete Unix Commands And Basic Linux Commands With Examples For Beginners

Explaining /etc/shadow :

/etc/shadow file contains more advanced features of users shown below. It contains 9 fields and each field is separated by a colon (:)  and password of the user are stored in /etc/shadow file in a completely encrypted format. It’s not a world-readable file.

[root@localhost ~]# cat /etc/shadow | grep itsmarttricks
itsmarttricks:$1$yruOLQDY$gRoeGKRDv46fnnd0Hxg1W1:17264:0:99999:7:1::

Where :

  • itsmarttricks– Username
  • $1$yruOLQDY$gRoeGKRDv46fnnd0Hxg1W1 – Encrypted Password
  • 17264 – Password was Last changed Since 1st Jan 1970 (It’s epoch also called as Unix Time)
  • 0 – These Minimum Number of day’s left for the user to change the password.
  • 99999 – These maximum number of day’s till the user allowed to use the Password OR The password is valid till these number of days and user after these days user must change the password
  • 7 – These number of days before the user will receive a warning message about password expiry OR within these days user should change the password.
  • 1 – The account will disable once the Password expiry after this number of days. Means after password expired the system will wait for these number of days (Here it’s 1 day) and then the account will be disabled.
  • This is Blank – The days since (1st Jan 1970) the account is in Disabled state.
  • This field is Blank – Reserved for Future use.

Explaining /etc/login.defs

/etc/login.defs is contained advanced predefined features for users and groups. For example Password length, when the password will expire, when the user should change the password, Mail directory path of the user, Maximum/Minimum  UID/GID Numbers, ask permission for the user, etc. Follow the below mentioned some important configurations of /etc/login.defs for your reference.

#QMAIL_DIR Maildir
MAIL_DIR        /var/spool/mail
#MAIL_FILE      .mail

# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7

# Min/max values for automatic uid selection in useradd
#
UID_MIN                   500
UID_MAX                 60000

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN                   500
GID_MAX                 60000

# The permission mask is initialized to this value. If not specified, 
# the permission mask will be initialized to 022.
UMASK           077

Create a new Group using groupadd command.

[root@localhost ~]# groupadd admins   # Create a new Group

To confirm the group created or not refer to the below command.

[root@localhost ~]# cat /etc/group | grep admins
admins:x:500:

Set Password for the Group.

[root@localhost ~]# gpasswd employees   # Set Password for the Group
Changing the password for group employees
New Password: 
Re-enter new password: 

Explaining /etc/group :

After creating a new group system creates an entry for that group in /etc/group file. This entry is divided into 4 Fields. Each field is separated by a colon (:). all fields are explained below.

[root@localhost ~]# cat /etc/group | grep employees
employees:x:501:michelle,u1

Where :

  • employees – Name of the Group
  • x – Encrypted Password for the Group
  • 501 – Group ID OR GID
  • Michelle,u1 – Members of the Group

You can rename an existing group using groupmod command. Here I am renaming the admins to employees Refer to the output below.

Syntax : groupmod -n [new name] [old name]

[root@localhost ~]# groupmod -n employees admins   # Rename a Group

Where :

n – To rename a Group

Delete a Group. Here I am deleting the group employees.

[root@localhost ~]# groupdel employees   # Delete a Group

Create a new User and add to Primary Group OR Create a New user and set specified group as a Primary group of that user.

[root@localhost ~]# useradd -g admins justin   # Add user to Primary Group
[root@localhost ~]# cat /etc/passwd | grep justin
justin:x:502:500::/home/justin:/bin/bash
[root@localhost ~]# cat /etc/group | grep admins   # Confirming the GUID of admins
admins:x:500:   # GUID of admins is 500

g – To specify the primary group for a user

Change the Primary Group of an existing User.

[root@localhost ~]# usermod -g workers justin   # Change the Primary Group of a Existing User
[root@localhost ~]# cat /etc/passwd | grep justin
justin:x:502:503::/home/justin:/bin/bash

Add a user in the secondary group.

[root@localhost ~]# usermod -G employees don   # Add a user in secondary group

[root@localhost ~]# id don
uid=507(don) gid=509(don) groups=509(don),501(employees)

Where :

G – To specify a  secondary group for a user

Add an existing user to multiple groups.

Note: Keep in mind that when you are adding an existing user to multiple groups then don’t forget to use the option -a with option -G. Let me explain to you what is the reason behind that by taking an example.

Assume that you have a user i.e. u1 which is currently a member of groups g1 and g2. Now you want to add the user u1to one more group i.e. g3. In that case, you have to use option -a with -G. If you only use the option -G then the user will remove from previous groups i.e. from g1 and g2 and will be the only member of g3.

[root@localhost ~]# usermod -a -G admins,employees,workers,marketers linda

[root@localhost ~]# id linda
uid=508(linda) gid=510(linda) groups=510(linda),500(admins),501(employees),502(marketers),503(workers)

Create a New user, add the new user to a Primary Group and add to multiple groups in a Single command.

[root@localhost ~]# useradd -g admins -G employees,marketers,workers michelle

[root@localhost ~]# id michelle
uid=509(michelle) gid=500(admins) groups=500(admins),501(employees),502(marketers),503(workers)

Where :

g – To add a user to Primary Group
G – To add User to Multiple Groups

Create a New user with a different Home directory or specified home directory. Here I am creating a New user i.e. john and the home directory of the user would be /users/john.

[root@localhost ~]# useradd -d /users/john john   # Create a new user in different home directory
[root@localhost ~]# cat /etc/passwd | grep john
john:x:505:505::/users/john:/bin/bash
[root@localhost ~]# id john

Where :

d – To specify a Home Directory for New User.

Change the Home directory of an existing user. Here I have a user named mangesh whose current home directory is /home/mangesh.

[root@localhost home]# cat /etc/passwd | grep mangesh 
mangesh:x:501:501::/home/mangesh:/bin/bash

Now let’s change the home directory of the user. Refer to the command below.

[root@localhost home]# usermod -d /users/mangesh/ mangesh   # Changing the home directory of a existing User
[root@localhost home]# cat /etc/passwd | grep mangesh
mangesh:x:501:501::/users/mangesh/:/bin/bash

Where :

d – To Specify a new Home directory for the User.

This article contains all basic needed command with information of Users and Groups. I will write a dedicated article for advance usage of useradd and groupadd command very soon.

For more reference, you can use below commands in your Linux system to get more info about this topic.

[root@localhost ~]# man useradd
[root@localhost ~]# man usermod
[root@localhost ~]# man groupadd
[root@localhost ~]# man groupmod
[root@localhost ~]# man groupdel
[root@localhost ~]# useradd --help
[root@localhost ~]# usermod --help

That’s all, In this article, we have explained Managing Users And Groups In Linux – A Complete Guide For Beginners. I hope you enjoy this article. If you like this article, then just share it. If you have any questions about this article, please comment.

Share this:
WhatsApp Channel Join Now
Telegram Channel Join Now
Instagram Channel Join Now

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.