To manage user accounts on Linux systems, you'll need to be familiar with some important files and commands. If you’re administering a Linux server, chances are you have a lot of user accounts to manage and, along with these, a lot of files and settings to control. Here are some commands and issues that are important in setting up and managing user accounts and access rights. Dealing with IDs First, in managing user accounts, you need to be aware of both user IDs (UID) and group IDs (GID). Most accounts are set up with each user being the sole member of a group that has the same name as the user’s account. In fact, both are set up when an account is created using the useradd command. When you list a user’s home directory, you should see something like this: $ ls -ld /home/dbell drwxr-xr-x. 8 dbell dbell 4096 Mar 23 2021 /home/dbell ^ ^ | | user group Note that the username and groupname are both “dbell”. To see the numerical equivalent of these values, use a command like this one instead: $ ls -ldn dbell drwxr-xr-x. 8 1003 1003 4096 Mar 23 2021 dbell ^ ^ | | UID GID The numeric value is 1003 for both the username and groupname. The information displayed is derived from the /etc/passwd and /etc/group files, which connect the names to their numeric values. $ grep dbell /etc/passwd /etc/group /etc/passwd:dbell:x:1003:1003:Dana Bell:/home/dbell:/bin/bash /etc/group:dbell:x:1003: Working with important files Some of the most important files that you need to deal with when managing user accounts are the /etc/passwd, /etc/shadow and /etc/group files. As shown above, the /etc/passwd and /etc/group files hold the UIDs and GIDs along with the users’ home directories. Any groups that the user is a member of – including their personal group – are stored in the /etc/group file. The /etc/shadow file contains the password hash and aging parameters that ensure password security and can force users to change their passwords periodically. These entries are set up when you use the useradd command which adds lines to the /etc/passwd file, the /etc/group file and the /etc/shadow file. $ sudo useradd newuser $ sudo grep newuser /etc/passwd /etc/group /etc/shadow /etc/passwd:newuser:x:1019:1019::/home/newuser:/bin/bash /etc/group:newuser:x:1019: /etc/shadow:newuser:!!:19372:0:99999:7::: Note that sudo is required for creating accounts and for looking at the /etc/shadow file. The UID for a new account will automatically be assigned the next available number for user accounts. On most Linux systems, the first user account will have the value 1000, and each additional user will be one higher than the previous one. UIDs with smaller values are system accounts. As shown in the bottom line in the above output, there is no password hash when an account is initially set up. That field will show up as !! until a password is assigned. When a password is set up, a long string representing the password hash will take the place of the two exclamation points. Sysadmins will often set up a temporary password for a new user and then use a command like the second sudo command shown below to expire that password which then requires the user to set a new password on first login. In this way, only the user knows the password to the account. $ sudo passwd newuser New password: Retype new password: $ sudo passwd -e newuser The fifth (colon-separated) field in the /etc/passwd file is for the user’s full name and/or description—often referred to as the comment field. This can be added when an account is created or you can add it later with the usermod -c command. On the other hand, with superuser privilege, you can simply edit the /etc/password file to add the full name. $ sudo usermod -c “Dana Bell” dbell $ grep dbell /etc/passwd dbell:x:1003:1003:Dana Bell:/home/dbell:/bin/bash ^ | username or description To include the full name when an account is initially set up, use a command like this: $ sudo useradd -c “Dana Bell” dbell Removing user accounts While the useradd command is used to create accounts and the usermod command lets you make changes to accounts, the userdel command can be used to remove accounts. It’s important to understand, however, that the userdel command does not remove a user’s home directory unless you include the -r option like this: $ sudo userdel newuser -r Viewing user settings While it’s easy to pull information from the /etc/passwd and /etc/group files using grep, another very useful command for extracting information about user accounts is the id command which displays UIDs, GIDs and group memberships is a very convenient format. $ id newuser uid=1019(newuser) gid=1019(newuser) groups=1019(newuser) $ id shs uid=1000(shs) gid=1000(shs) groups=1000(shs),10(wheel),900(techs) Adding a user to a secondary group The usermod command also provides a way to add a user to a secondary group. To do this, use a command like the one shown below which adds the user to the techs group. The id command can then be used to verify the change. $ sudo usermod -a -G techs newuser $ id newuser uid=1019(newuser) gid=1019(newuser) groups=1019(newuser),20(techs) Wrap-Up Linux makes setting up, changing and removing accounts quite easy, but you do need to know a handful of important commands to properly manage user accounts and user privileges. Related content how-to How to find files on Linux There are many options you can use to find files on Linux, including searching by file name (or partial name), age, owner, group, size, type and inode number. By Sandra Henry Stocker Jun 24, 2024 8 mins Linux opinion Linux in your car: Red Hat’s milestone collaboration with exida With contributions from Red Hat and critical collaborators, the safety and security of automotive vehicles has reached a new level of reliability. By Sandra Henry Stocker Jun 17, 2024 5 mins Linux how-to How to print from the Linux command line: double-sided, landscape and more There's a lot more to printing from the Linux command line than the lp command. Check out some of the many available options. By Sandra Henry Stocker Jun 11, 2024 6 mins Linux how-to Converting between uppercase and lowercase on the Linux command line Converting text between uppercase and lowercase can be very tedious, especially when you want to avoid inadvertent misspellings. Fortunately, Linux provides a handful of commands that can make the job very easy. By Sandra Henry Stocker Jun 07, 2024 5 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe