LinuxUsersGroupsSystem Administration
Linux Users and Groups: Complete Administration Guide
Master Linux user and group management including useradd, usermod, userdel, passwd, sudoers configuration, and understanding /etc/passwd and /etc/shadow files.
10 min read
Linux Users and Groups: Complete Administration Guide
User and group management is fundamental to Linux system administration. Proper management ensures security, prevents unauthorized access, and enables effective collaboration among team members.
Understanding Users and Groups
User Types
- Root User (UID 0): System administrator with unlimited privileges
- System Users (UID 1-999): Used by system processes and services
- Regular Users (UID 1000+): Regular human users
# View user information
id
# uid=1000(john) gid=1000(john) groups=1000(john),27(sudo)
# View current user
whoami
# john
# View logged-in users
who
# john pts/0 Jan 23 10:00
# sarah pts/1 Jan 23 10:15
# View currently executing users
w
# 10:45:33 up 5 days, 3:12, 2 users, load average: 0.1, 0.2, 0.3
# USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
# john pts/0 :0 10:00 2m 0.3s 0.1s bash
# sarah pts/1 :0 10:15 1m 0.5s 0.2s bash
# View login history
last
# john pts/0 Wed Jan 23 10:00 still logged in
# sarah pts/1 Wed Jan 23 10:15 still logged in
# reboot system boot Wed Jan 18 14:30User Management
useradd - Add New User
# Basic user creation
sudo useradd john
# Creates user with system defaults
# User with custom home directory
sudo useradd -d /home/john -m john
# -d: specify home directory
# -m: create home directory if it doesn't exist
# User with specific UID
sudo useradd -u 1500 john
# User with specific shell
sudo useradd -s /bin/bash john
sudo useradd -s /usr/sbin/nologin serviceuser
# nologin prevents shell login
# User with specific group
sudo useradd -g developers john
sudo useradd -G developers,docker,sudo john
# -g: primary group
# -G: supplementary groups
# Create system user (for services)
sudo useradd --system --no-create-home mongodb
# --system: creates system user with UID < 1000
# User with password expiration
sudo useradd -e 2026-12-31 tempuser
# Account expires on specified date
# User with no home directory
sudo useradd -M serviceuser
# Full example: Create developer with complete setup
sudo useradd -m -s /bin/bash -G developers,docker -d /home/sarah sarahSetting User Password
# User sets own password
passwd
# Current password: ...
# New password: ...
# Retype new password: ...
# Administrator changes user password
sudo passwd john
# New password: ...
# Retype new password: ...
# Lock user account (no password login)
sudo passwd -l john
sudo passwd --lock john
# Unlock user account
sudo passwd -u john
sudo passwd --unlock john
# Check password status
sudo passwd -S john
# john L 01/23/2026 0 99999 7 -1
# L = locked, P = password exists, N = no password
# Force password change on next login
sudo passwd -e john
# User must change password when logging in next
# View password expiration info
chage -l john
# Last password change: Jan 23, 2026
# Password expires: neverusermod - Modify User
# Add user to group
sudo usermod -aG docker john
# -a: append (keeps existing groups)
# -G: specify groups
# Change user's shell
sudo usermod -s /bin/zsh john
# Change home directory
sudo usermod -d /home/newlocation -m john
# -m: move old home directory contents
# Change user's primary group
sudo usermod -g developers john
# Change user's UID
sudo usermod -u 2000 john
# Lock/unlock account
sudo usermod -L john # Lock
sudo usermod -U john # Unlock
# Set account expiration
sudo usermod -e 2026-12-31 tempuser
# Set password aging
sudo usermod -f 7 john # Account inactive 7 days after password expires
# Rename user (change login name)
sudo usermod -l newname oldname
sudo usermod -d /home/newname -m newnameuserdel - Remove User
# Remove user (home directory remains)
sudo userdel john
# Remove user and home directory
sudo userdel -r john
# -r: remove home directory and mail spool
# Check for files owned by deleted user before removal
find / -user john 2>/dev/null
# Remove user with backup
sudo tar -czf /backup/john_home.tar.gz /home/john
sudo userdel -r john
# Verify user removal
id john
# uid=1000(john) is not a valid user idGroup Management
groupadd - Create Group
# Basic group creation
sudo groupadd developers
# Create group with specific GID
sudo groupadd -g 1500 developers
# System group (GID < 1000)
sudo groupadd --system docker
# Verify group creation
grep developers /etc/group
# developers:x:1001:groupmod - Modify Group
# Change group name
sudo groupmod -n newname oldname
# Change group GID
sudo groupmod -g 2000 developers
# Add group member (must use usermod instead)
sudo usermod -aG developers john
# Verify changes
grep developers /etc/group
# developers:x:2000:john,sarahgroupdel - Remove Group
# Remove group
sudo groupdel developers
# Error if group is primary group of any user
# Check members first
grep developers /etc/group
# Cannot delete if it's user's primary group
# Need to change primary group first
sudo usermod -g users john
sudo groupdel developersUser and Group Configuration Files
/etc/passwd
Contains user account information.
# View /etc/passwd
cat /etc/passwd | head -5
# root:x:0:0:root:/root:/bin/bash
# daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
# bin:x:2:2:bin:/bin:/usr/sbin/nologin
# sys:x:3:3:sys:/sys:/usr/sbin/nologin
# sync:x:4:65534:sync:/bin:/bin/sync
# Format: username:password:UID:GID:GECOS:home:shell
# Fields:
# 1. username: login name
# 2. password: x (actual password in /etc/shadow)
# 3. UID: user ID
# 4. GID: primary group ID
# 5. GECOS: user info (name, phone, etc)
# 6. home: home directory path
# 7. shell: login shell/etc/shadow
Contains encrypted passwords (root readable only).
# View /etc/shadow (requires sudo)
sudo cat /etc/shadow | head -5
# root:$6$rounds=656000$...:19350:0:99999:7:::
# daemon:*:19350:0:99999:7:::
# Format: username:password:lastchange:min:max:warn:inactive:expire:reserved
# Fields:
# 1. username: login name
# 2. password: encrypted password (! or * = account locked)
# 3. lastchange: days since password last changed
# 4. min: minimum days before password can change
# 5. max: maximum days password is valid
# 6. warn: days before expiration to warn user
# 7. inactive: days after expiration before account is disabled
# 8. expire: date account expires
# 9. reserved: reserved field
# Password format:
# $id$salt$hashed_password
# $6$ = SHA-512, $5$ = SHA-256, $1$ = MD5/etc/group
Contains group information.
# View /etc/group
cat /etc/group | head -10
# root:x:0:
# daemon:x:1:
# bin:x:2:
# sys:x:3:
# adm:x:4:syslog,john
# tty:x:5:
# disk:x:6:
# lp:x:7:
# mail:x:8:
# news:x:9:
# Format: groupname:password:GID:members
# Fields:
# 1. groupname: group name
# 2. password: group password (usually x or empty)
# 3. GID: group ID
# 4. members: comma-separated list of usernames
# Check group membership
grep developers /etc/group
# developers:x:1001:john,sarah,mike/etc/gshadow
Contains group shadow file (encrypted group passwords).
# View /etc/gshadow (requires sudo)
sudo cat /etc/gshadow | head -5
# root:*::
# daemon:*::
# bin:*::
# Format: groupname:password:admins:members
# Usually empty as group passwords are rarely usedsudo - Superuser Privileges
Running Commands with sudo
# Run single command with sudo
sudo apt-get update
sudo systemctl restart apache2
# Run interactive shell as root
sudo -i
# You are now root
# Run as specific user
sudo -u john command
sudo -u mongodb mongod
# Run command with preserved environment
sudo -E command
# Check sudo privileges
sudo -l
# User john may run the following commands on this host:
# (ALL) NOPASSWD: /usr/bin/apt-get
# Run command without password prompt
sudo NOPASSWD: /usr/bin/systemctlEditing sudoers File
# Always edit sudoers with visudo (checks syntax)
sudo visudo
# Opens /etc/sudoers in default editor
# Never edit /etc/sudoers directly!
# Bad syntax can lock you out
# sudoers file format:
# user ALL=(ALL) NOPASSWD: /usr/bin/systemctl
# Grant specific user sudo access
sudo usermod -aG sudo john
# Grant group sudo access
# In sudoers:
# %developers ALL=(ALL) ALL
# Allow specific command without password
# In sudoers:
# john ALL=(ALL) NOPASSWD: /usr/bin/systemctl
# Allow groups without password
# In sudoers:
# %docker ALL=(ALL) NOPASSWD: /usr/bin/dockersudoers Configuration Examples
# Edit sudoers
sudo visudo
# Grant user full sudo access (with password)
john ALL=(ALL) ALL
# Grant user full sudo access (without password)
john ALL=(ALL) NOPASSWD: ALL
# Grant user specific commands (with password)
john ALL=(ALL) /usr/bin/systemctl, /usr/bin/service
# Grant user specific commands (without password)
john ALL=(ALL) NOPASSWD: /usr/bin/docker, /usr/bin/systemctl
# Grant group access
%developers ALL=(ALL) NOPASSWD: /usr/bin/docker
# Grant access from specific host
john myhost=(ALL) ALL
# Allow user to run as specific user
john ALL=(mongodb) NOPASSWD: mongod
# Create alias for commonly used commands
Cmnd_Alias SERVICES = /usr/sbin/service, /usr/sbin/systemctl
john ALL=(ALL) NOPASSWD: SERVICES
# Exclude specific commands
john ALL=(ALL) ALL, !/usr/bin/rmPractical User Administration Tasks
Create Multiple Users
# Create users for a team
for user in john sarah mike; do
sudo useradd -m -s /bin/bash -G developers $user
echo "$user:temppassword" | sudo chpasswd
done
# Verify creation
cut -d: -f1 /etc/passwd | grep -E "john|sarah|mike"Manage User Permissions
# Add user to multiple groups
sudo usermod -aG docker,sudo,developers,docker-compose john
# Verify groups
groups john
# john : john docker sudo developers docker-compose
# Make user a sudoer without password
echo "john ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/john
sudo chmod 440 /etc/sudoers.d/johnDisable User Access
# Temporary: Lock account
sudo passwd -l john
sudo usermod -L john # Alternative
# Temporary: Change shell to nologin
sudo usermod -s /usr/sbin/nologin john
# Restore access
sudo passwd -u john
sudo usermod -s /bin/bash john
# Set expiration date
sudo usermod -e 2026-02-28 contractuser
# Check expiration
sudo chage -l john
# Account expires: Feb 28, 2026Monitor User Activity
# View currently logged-in users
who
who -a # More detailed
# View login history
last
last john # For specific user
last -f /var/log/wtmp # From specific file
# View failed login attempts
sudo grep "Failed password" /var/log/auth.log
# View user sudo usage
sudo grep sudo /var/log/auth.log | grep john
# View process by user
ps -u john
ps -u john -o pid,user,cmd
# View all processes by user
ps aux | grep johnSecurity Best Practices
- Use Strong Passwords - Enforce password complexity
- Regular Audits - Review user permissions periodically
- Principle of Least Privilege - Grant minimum necessary permissions
- Limit Sudo Access - Only trusted users should have sudo privileges
- Monitor Access - Check logs for suspicious activity
- Remove Inactive Users - Delete accounts no longer needed
- Use System Users for Services - Don't run services with regular user accounts
- Disable Root Login - Use sudo instead of direct root login
- SSH Key Authentication - Use keys instead of passwords
- Regular Backups - Backup user data before major changes
Summary
User and group management is critical for Linux security:
- Users authenticate to the system and have resource permissions
- Groups organize users and simplify permission management
- /etc/passwd, /etc/shadow, /etc/group store user and group data
- useradd, usermod, userdel manage user accounts
- groupadd, groupmod, groupdel manage groups
- sudo grants administrative privileges to trusted users
- Proper configuration ensures security and operational efficiency
Master these tools for effective system administration.