Linux User and Group Management
Master the fundamentals of Linux user and group administration with practical examples and hands-on tutorials.
Understanding Root vs Regular Users
Root user has complete system access and can perform any operation, while regular users have limited permissions for security.
bash
# Check current user
whoami
# Switch to root (if you have sudo access)
sudo su -
# Check if you're root
idSystem Files Overview
/etc/passwd - User Database
Contains user account information in a specific format:
bash
# View passwd file
cat /etc/passwd
# Format: username:password:x:uid:gid:gecos:home:shell
# Example: malik:x:1001:1001:malik abdullah,,,:/home/malik:/bin/bashField breakdown:
malik- usernamex- password (stored in /etc/shadow)1001- user ID (UID)1001- group ID (GID)malik abdullah,,,- full name and comments/home/malik- home directory/bin/bash- login shell
/etc/group - Group Database
Stores group information:
bash
# View group file
cat /etc/group
# Format: groupname:password:x:gid:members
# Example: developers:x:1002:malik,john,sarahField breakdown:
developers- group namex- group password (rarely used)1002- group ID (GID)malik,john,sarah- group members
/etc/shadow - Password Database
Contains encrypted passwords and account information:
bash
# View shadow file (requires root)
sudo cat /etc/shadow
# Format: username:encrypted_password:last_change:min:max:warn:inactive:expire:reservedUser Management
Adding Users
bash
# Basic user creation
sudo useradd john
# Create user with specific options
sudo useradd -m -s /bin/bash -c "John Doe" -g users john
# Set password
sudo passwd johnCommon useradd options:
-m- create home directory-s- specify shell-c- add comment/description-g- primary group-G- secondary groups
Home Directory & /etc/skel
bash
# /etc/skel contains template files for new users
ls -la /etc/skel/
# Copy custom template
sudo cp /etc/skel/.bashrc /etc/skel/.bashrc.backup
sudo echo "alias ll='ls -la'" >> /etc/skel/.bashrcRemoving Users
bash
# Remove user but keep home directory
sudo userdel john
# Remove user and home directory
sudo userdel -r john
# Force removal (even if user is logged in)
sudo userdel -f johnModifying Users
bash
# Change user's full name
sudo usermod -c "John Smith" john
# Change user's shell
sudo usermod -s /bin/zsh john
# Add user to additional groups
sudo usermod -aG sudo,developers john
# Lock/unlock account
sudo usermod -L john # lock
sudo usermod -U john # unlockPassword Management
bash
# Change password
sudo passwd john
# Lock account (prevent login)
sudo passwd -l john
# Unlock account
sudo passwd -u john
# Force password change on next login
sudo passwd -e johnGroup Management
Adding Groups
bash
# Create basic group
sudo groupadd developers
# Create group with specific GID
sudo groupadd -g 1500 managersModifying Groups
bash
# Change group name
sudo groupmod -n newname oldname
# Change group ID
sudo groupmod -g 2000 developersRemoving Groups
bash
# Remove group (must be empty)
sudo groupdel developers
# Check if group has members first
getent group developersAdministrative Tasks
Root User Operations
bash
# Switch to root
sudo su -
# Execute single command as root
sudo command
# Edit files as root
sudo nano /etc/hostsSudoers Configuration
bash
# Edit sudoers file safely
sudo visudo
# Grant user full sudo access
john ALL=(ALL:ALL) ALL
# Grant specific command access
john ALL=(ALL) /usr/bin/apt, /usr/bin/systemctl
# Grant passwordless sudo
john ALL=(ALL) NOPASSWD:ALLAccount Security
bash
# Lock account
sudo usermod -L username
# Check account status
sudo passwd -S username
# Set account expiration
sudo usermod -e 2024-12-31 username
# Check last login
last usernamePractical Tutorials
Tutorial 1: Create a Developer User
bash
# 1. Create group for developers
sudo groupadd developers
# 2. Create user with home directory
sudo useradd -m -s /bin/bash -c "Developer User" -g developers devuser
# 3. Set password
sudo passwd devuser
# 4. Add to sudo group
sudo usermod -aG sudo devuser
# 5. Verify creation
id devuser
groups devuserTutorial 2: Manage Group Memberships
bash
# 1. Create multiple groups
sudo groupadd frontend
sudo groupadd backend
# 2. Add user to multiple groups
sudo usermod -aG frontend,backend devuser
# 3. Check group memberships
groups devuser
# 4. List all users in a group
getent group frontendTutorial 3: Account Security Setup
bash
# 1. Create user with expiration
sudo useradd -m -e 2024-12-31 tempuser
# 2. Set password policy
sudo passwd -x 90 tempuser # password expires in 90 days
# 3. Lock account for maintenance
sudo usermod -L tempuser
# 4. Check account status
sudo passwd -S tempuserTutorial 4: System Administration
bash
# 1. Check all users
cut -d: -f1 /etc/passwd
# 2. Find users with shell access
grep -v '/nologin\|/false' /etc/passwd | cut -d: -f1
# 3. Check user login history
last -n 10
# 4. Monitor failed login attempts
sudo grep "Failed password" /var/log/auth.logQuick Reference Commands
| Task | Command |
|---|---|
| List users | cut -d: -f1 /etc/passwd |
| List groups | cut -d: -f1 /etc/group |
| User info | id username |
| Group members | getent group groupname |
| Login history | last username |
| Current user | whoami |
| Switch user | su - username |
| Sudo access | sudo -l |
Security Best Practices
- Use strong passwords - enforce password complexity
- Limit sudo access - only grant necessary permissions
- Regular audits - review user accounts and permissions
- Account expiration - set expiration dates for temporary accounts
- Monitor access - check login logs regularly
- Lock unused accounts - disable accounts not in use
Remember: Always use visudo to edit sudoers file safely, and test user accounts after creation to ensure proper access.