User management in any operating system is one of the basic routine tasks of a system administrator.

For a Linux-based OS, it usually involves creating user accounts, modifying existing accounts like changing their home directory, default shell, locking/unlocking one or more accounts, and removing user accounts.

Before we investigate the commands and processes to carry out these tasks, let’s delve briefly into how user accounts can be classified in Linux. Also, note that unless explicitly specified, given commands will work in most of the common Linux distributions.

User Types

Root User

The root user is the administrator of OS with all permissions to perform operations. Usually, only root can install/uninstall or update basic system programs and libraries. It is the only user account with system-wide privileges.

So, the root user is the most powerful user of the system.

Special User

These are the users without logins. They don’t have all the privileges of the root user. Depending on the account, they assume different specialized roles.

These are created automatically at the time of any application installation. bin, sync, lp, mail, operator, squid are some of the examples of special users.

Common Users

Common users have full privileges only in their working directory, usually their home directory. They don’t have privileges to manage the system or install the software. They can’t perform these tasks without having special privileges via sudo.

Adding User

Debian/Ubuntu

On a Debian or Ubuntu-based system, there are a couple of options to add users from CLI. The first command is adduser, which is a Perl script and uses useradd command in the backend whose usage we’ll see later.

Since adding a user is a privileged task, you would need to use sudo as prefix and username as argument. Other details can be specified as prompted. Except for username and password, the rest of the details are optional. We can verify that the user has been created by using id command.

$ sudo adduser johndoe
Adding user `johndoe' ...
Adding new group `johndoe' (1003) ...
Adding new user `johndoe' (1003) with group `johndoe' ...
Creating home directory `/home/johndoe' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for johndoe
Enter the new value, or press ENTER for the default
        Full Name []: John Doe
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y
$
$ id johndoe
uid=1003(johndoe) gid=1003(johndoe) groups=1003(johndoe)
$

CentOS/RHEL/Fedora (Including Debian/Ubuntu)

The next command, useradd will work across RHEL based OS distributions as well as works equally well on Ubuntu/Debian hosts. The simplest syntax (without any extra options) to create a new user is:

$ sudo useradd <username>

Example:

$ sudo useradd janedoe

The useradd command supports multiple options that can be specified while creating the user, most common being user ID (UID), group ID (GID), default shell and home directory, etc. One such example is given below:

$ sudo useradd -s /bin/sh -d /data/newhome -c "Jane Doe" -u 1005 janedoe

You can verify the newly created user using id command:

$ id janedoe
uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe)
$

Modifying User

One often needs to modify some property of existing users based on organization requirements, user requests, or system migrations. Most of these properties are easy to modify though we need to ensure how it’ll affect the user environment and access to files owned or accessed by the user.

Default Shell

The default shell is the CLI shell created when a user launches a new CLI session either locally or via SSH. Most modern systems have a default user Bash though it can vary based on Linux distribution or the user’s environment. To modify the default shell of a user, use:

$ sudo usermod -s <shell> <username>

Example:

$ getent passwd janedoe
janedoe:x:1005:1005::/data/newhome:/bin/sh
$ sudo usermod -s /bin/bash janedoe
$ getent passwd janedoe
janedoe:x:1005:1005::/data/newhome:/bin/bash
$

As you can see in the above output, the shell has been changed from /bin/sh to /bin/bash for user janedoe.

Home Directory

Like default shell, a user’s home directory can be modified to a different location using:

$ sudo usermod -d <new_directory_path> <username>

In the example below, the user home directory of the user janedoe has been changed to /data/janedoe:

$ getent passwd janedoe
janedoe:x:1005:1005::/data/newhome:/bin/bash
$ sudo usermod -d /data/janedoe janedoe
$ getent passwd janedoe
janedoe:x:1005:1005::/data/janedoe:/bin/bash
$

Before making the switch, ensure that the new directory has the right ownership and permissions. Otherwise, the user may face issues during login or working in the new home directory.

User ID

You can change the user ID of an existing user using:

$ sudo usermod -u <new_uid> <username>

Example:

$ getent passwd janedoe
janedoe:x:1005:1005::/data/janedoe:/bin/bash
$ sudo usermod -u 1010 janedoe
$ getent passwd janedoe
janedoe:x:1010:1005::/data/janedoe:/bin/bash
$

Again, changing UID changes how Linux filesystem maps ownership and permission to a file or directory. Ensure that the user’s home directory and its contents and all other files anywhere in the system, originally owned by the user (with old UID), is changed to UID mapped. Not doing so can cause problems in the CLI session and file access by the user.

Default Group

The default group is usually the user’s default group ID, which gets created during user creation unless another GID is specified. Linux allows you to modify the default group of a user using usermod command as well. Here’s the syntax to use:

$ sudo usermod -g <new_gid or group_name> <username>

Here’s one example:

$ getent passwd janedoe
janedoe:x:1010:1005::/data/janedoe:/bin/bash
$ sudo usermod -g 1001 janedoe
$ getent passwd janedoe
janedoe:x:1010:1001::/data/janedoe:/bin/bash
$

Again, make sure the new group ID is set on the user’s home directory, contents, and all other files or directories applicable to properly migrate their ownership permissions.

Adding/Removing Groups

Besides the default group, a user in Linux can be part of secondary groups. We can always add or remove additional groups a user belongs to using usermod command.

$ sudo usermod -a -G <group_id or group_name> <username>

Example:

$ id janedoe
uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe)
$ sudo usermod -a -G docker janedoe
$ id janedoe
uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe),1001(docker)
$

Similarly, to remove a user from one of the secondary groups, use gpasswd command as shown below:

$ sudo gpasswd -d <username> <groupname>

Example:

$ id janedoe
uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe),1001(docker)
$ sudo gpasswd -d janedoe docker
Removing user janedoe from group docker
$ id janedoe
uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe)
$

GECOS Comment

GECOS field in /etc/passwd contains user information or comment. We can modify this information for an existing user as:

$ sudo usermod -c <comment> <username>

Example:

$ getent passwd janedoe
janedoe:x:1005:1005::/data/janedoe:/bin/bash
$ sudo usermod -c "Jane Doe - System Admin" janedoe
$ getent passwd janedoe
janedoe:x:1005:1005:Jane Doe - System Admin:/data/janedoe:/bin/bash
$

Please note that if your comment or user details contain spaces, enclose that field in quotes as done in the above example.

Login Name

The user’s login name can also be changed using usermod command by using -l flag:

$ sudo usermod -l <new_username> <old_username>

Example:

$ id janedoe
uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe)
$ sudo usermod -l jane_doe janedoe
$ id jane_doe
uid=1005(jane_doe) gid=1005(janedoe) groups=1005(janedoe)
$

Remember to update user references as per new name wherever used. Even in commands like id, the new username should be specified.

Removing User

A user can be removed from Linux using userdel command.

$ sudo userdel <username>

Example:

$ id janedoe
uid=1005(janedoe) gid=1005(janedoe) groups=1005(janedoe)
$ sudo userdel janedoe
$ id janedoe
id: ‘janedoe’: no such user
$

To remove a user along with its home directory and mail spool, add -r flag as well.

$ sudo userdel -r <username>

Specifically for Ubuntu-based systems, you can also user deluser command to remove a user:

$ sudo deluser <username>

Similarly, to remove the home directory and mail spool as well, use:

$ sudo deluser --remove-home <username>

For detailed information and other supported options, refer to the main page of various commands using:

$ man adduser
$ man useradd
$ man usermod
$ man deluser
$ man userdel

Conclusion

This article showed various aspects of user management in a Linux system. This includes an explanation of various categories of users and how to add and remove them. It also covers various options that help to modify the parameters of an existing user. Though it doesn’t cover all possibilities supported by various commands, it covers a lot of common administration tasks that a system administrator will encounter in day-to-day work.

You may also be interested in reading: How to remove files and directories in Linux?