56tvmao: How-to instructions you can trust. Linux How to Manage Users from the Command Line in Linux

How to Manage Users from the Command Line in Linux

One of the central responsibilities of Linux administration is the management of users. Through the use of the command line, user creation can be completed remotely or programmatically. Once you’ve created a user, you can then add them to groups or give them escalated privileges. In addition, you are able to keep an audit trail on what has been done on your server and any potential issues.

If you’ve developed software or programmed for the Web, you might be familiar with the policy of never trusting users. This same premise applies in other areas of computer usage in regards to user involvement. Only give access to those who need it and when they need it. Generous delegation of privileges could allow unspecified and unauthorized access to others’ information and core data.

Viewing existing users

One of the quickest ways to view users is to use the cat (concatenate) or more (pager) commands to view the list of users on the system. The file you will need to view is the “/etc/passwd” file. This file stores all user accounts and user login information.

sudo cat /etc/passwd

Utilizing the useradd command

useradd is a low-level binary available on most distros. This command is typically less used due to it being less user-friendly and intuitive compared to the adduser command. However, there are very few differences and either can be used.

To find out more about useradd, run the man command or add --help to get a quick overview.

man useradd
useradd --help

To add a user using useradd, type useradd and the name of the login you want to create.

sudo useradd --create-home testuser

In the case above, the user “testuser” will be created. By default, this command will only create the user and nothing else. If you need a home directory for this user, append the --create-home flag to create the home directory for the user.

Utilizing the adduser command

The adduser command is a perl script that will create the user similar to the useradd command. What makes it different is that it is an interactive command and will prompt you to set the password, the home directory path, etc. Take note that on some distros, such as Red Hat and CentOS, adduser is a symbolic link to useradd, and on other distro like Arch Linux, adduser comes as a package that is not installed by default.

Using this command will create a group for the user using the user’s login by default. Other defaults can typically be found in the useradd file at “/etc/default”.

In this file you can change default settings for users created with useradd such as the shell and the home directory.

Run the adduser command similar to the following:

sudo adduser testuser

This will then prompt you regarding the defaults you want set and ask you for the password.

Also read: How to Manage Your User Password from the Terminal in Linux

Passwords and security

Adding a password for a user will require running the passwd command.

sudo passwd testuser

Without superuser privileges, running passwd will only change the password of the logged-in user. This command will test the password for complexity. On Ubuntu password requirements are set in the common-password file located in “/ec/pam.d.” More information regarding updating the complexity can be found in the man page for pam-auth-update.

Updating user information

Once a user is on the system, you can review the “/etc/passwd” file to see the user’s information and encrypted password. If you need to make changes to a user, you will need to utilize the usermod command.

As an example, to change the user id for the testuser4 account created above, you would run the command:

sudo usermod -u 2022 testuser2

You can then review the changes in the “/etc/passwd” file.

Be careful of changing critical information such as the login name, or as in this case, the user id. Review the man page for usermod to see what you will need to do if those items are changed.

Adding users to group

There are times when you need to add users to a group so they have the necessary permission to run certain tasks.

To add a user to a group:

sudo usermod -a -G groupname username

Note that the -a flag is necessary to “append” the group for the user. If not, you will risk removing the user from the “sudo” group if the user is supposed to have superuser permission.

Alternatively, you can use the gpasswd command to add/remove user to/from group.

sudo gpasswd -a username groupname

To remove user from a group:

sudo gpasswd -d username groupname

Removing users

Similar to the other user commands, deleting a user is prefixed with “user” and the action. In this case you will need to use the userdel command.

Take note that userdel will not remove a user if there are processes using that user’s account.

sudo userdel testuser4

Viewing user logs

Depending on your distro, you will either check the auth log or the secure log located in “/var/log” to review user logins. This log file will give you logins on your system as soon as they happen. This is a critical element to monitoring events in the case of a breach and just to ensure things are working as desired.

sudo tail /var/log/auth.log

User management is a crucial part of managing Linux servers if there is more than one person who will use your system. Using the command line will allow you to quickly administer users, as well as have a history of account creation and changes. Perhaps one of the best uses would be to automate creation with a shell script if multiple accounts are needed at once.

Either way, be sure to go through your accounts on a regular basis and remove accounts that are no longer needed. Ensure access is granted only to those who currently need access and monitor your logs frequently.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time. Subscribe

Related Post