Linux User and Group Management - ryzendew/Linux-Tips-and-Tricks GitHub Wiki
Linux User and Group Management
Welcome, explorer! If you're new to Linux, managing users and groups might seem like a secret ritual, but it's actually one of the most important skills to keep your system organized and secure.
Think of your Linux computer like a shared apartment. You wouldn't give everyone the same front-door key, right? You would want to know who comes and goes, and maybe give your roommate access to the Netflix account but not your personal safe.
Users are the people (or programs) living in the apartment. Groups are the shared subscriptions (like Netflix or the Wi-Fi password) that you can grant access to without giving out your personal keys.
Let's learn how to be the landlord!
Table of Contents
- The Super User: root
- User Management (The Tenants)
- Group Management (The Shared Subscriptions)
- The Important Files (Where the Magic is Stored)
- Quick Command Cheat Sheet
The Super User: root
Before we start, you need to know about root. This is the apartment manager. They have keys to every room, can evict anyone, and change any setting. In the terminal, we often use a command called sudo (superuser do) to act like the manager for a single command.
Almost all the commands in this guide will need to be run with sudo. If a command fails with "Permission denied," try adding sudo in front of it.
# Example: You try to look at a secret file
cat /etc/shadow
# Output: cat: /etc/shadow: Permission denied
# Example: You try again as the apartment manager
sudo cat /etc/shadow
# (Now it works because you used sudo)
User Management (The Tenants)
Adding a User
Let's move a new person into the apartment. We will call her alice.
The command is useradd. Let's give her a home directory (her own room) using the -m flag.
sudo useradd -m alice
Alice now exists. The -m flag created a folder for her at /home/alice. We can check it out:
ls /home
# Output: alice
Setting or Changing a Password
A room is useless without a key. Let's give Alice a password.
sudo passwd alice
# You will be prompted to type the new password (twice).
# You won't see the letters as you type - that's normal!
Switching Users
Now that Alice has a password, we can pretend to be her and check out her room using the su (switch user) command.
# From your terminal, switch to alice
su - alice
# It will ask for Alice's password.
# Now you are Alice! Let's see where we are:
pwd
# Output: /home/alice
# Who am I?
whoami
# Output: alice
# Go back to being the original admin user
exit
Viewing User Info
How do we know Alice is really on the system? We can look at the end of the user database file (/etc/passwd).
# This shows the last few lines of the user list
tail -n 3 /etc/passwd
You will see something like this:
alice:x:1001:1001:,,,:/home/alice:/bin/bash
Don't worry about all the details right now. Just know that Alice is officially registered!
Modifying a User
Let's say Alice got married and changed her name to alice_wonderland. We can change her username with usermod.
# First, make sure Alice isn't logged in.
# Then, change the name.
sudo usermod -l alice_wonderland alice
# The `-l` flag means "new login name".
# IMPORTANT: This changes the name, but her home folder is still /home/alice.
To rename her home folder to match her new name:
sudo usermod -d /home/alice_wonderland -m alice_wonderland
The -d changes the home directory, and -m moves the contents of the old one to the new one.
Deleting a User
Sometimes a tenant moves out. To remove Alice from the system, we use userdel.
# This removes the user but leaves her files (her room) alone.
sudo userdel alice_wonderland
# If you want to be a clean landlord and delete her and all her files:
sudo userdel -r alice_wonderland
# The `-r` flag removes her home directory and mail spool.
Be careful with userdel -r! There is no undo button.
Group Management (The Shared Subscriptions)
Groups let you manage permissions for multiple users at once. For example, you might have a developers group that needs access to a project folder, or a sudo group that is allowed to run admin commands.
Creating a Group
Let's create a group called developers.
sudo groupadd developers
Adding a User to a Group
Let's create two new users, bob and carol, and add them to the developers group.
# Create the users with home directories
sudo useradd -m bob
sudo useradd -m carol
# Add bob to the developers group
sudo usermod -a -G developers bob
# `-a` means "append" (add to the list, don't remove from others)
# `-G` means "groups" (the secondary groups to add the user to)
# Add carol to the developers group
sudo usermod -a -G developers carol
Now both Bob and Carol are part of the developers subscription.
Removing a User from a Group
If Bob gets a new job and leaves the project, we need to remove him from the developers group. To do this, we have to list all the groups Bob should be in, excluding developers.
First, let's see Bob's current groups:
groups bob
# Output: bob : bob developers
Bob is in his own personal group (bob) and developers.
To remove him from developers, we use gpasswd:
sudo gpasswd -d bob developers
# Output: Removing user bob from group developers
Check again:
groups bob
# Output: bob : bob
Bob is gone!
Viewing a User's Groups
As we saw above, to see what groups a user belongs to, use the groups command.
groups carol
# Output: carol : carol developers
Deleting a Group
If the developers project is finished, you can delete the group entirely.
sudo groupdel developers
Now the group is gone. The users (bob and carol) still exist, but they are no longer part of that shared subscription.
The Important Files (Where the Magic is Stored)
Linux stores all this information in simple text files. You can look at them (but be very careful editing them directly!).
/etc/passwd: The list of all users. It contains usernames, user IDs, home directories, etc.- Example line:
bob:x:1002:1002::/home/bob:/bin/bash
- Example line:
/etc/shadow: The secure, encrypted passwords. (You needsudoto view this).- Example line:
bob:$y$j9T$...encryptedstuff...:19246:0:99999:7:::
- Example line:
/etc/group: The list of all groups and who is in them.- Example line:
developers:x:1005:bob,carol
- Example line:
You can view them with cat or less:
# See the groups file
less /etc/group
# Look for the sudo group (users here can run admin commands)
sudo less /etc/group | grep sudo
Quick Command Cheat Sheet
| Action | Command (with sudo) |
Example |
|---|---|---|
| Add a user | useradd -m username |
sudo useradd -m chris |
| Set a password | passwd username |
sudo passwd chris |
| Delete a user | userdel -r username |
sudo userdel -r chris |
| Add a group | groupadd groupname |
sudo groupadd designers |
| Add user to group | usermod -a -G groupname username |
sudo usermod -a -G designers chris |
| Remove user from group | gpasswd -d username groupname |
sudo gpasswd -d chris designers |
| Delete a group | groupdel groupname |
sudo groupdel designers |
| View user's groups | groups username |
groups chris |
| Switch user | su - username |
su - chris |
Happy managing! Remember, with great power (like sudo) comes great responsibility. Always double-check your commands before you hit enter.