Linux user management (useradd, userdel, usermod)

Leave a reply

Learn how to create, delete, and modify a user in Linux (useradd, userdel, usermod). Basic user management which is must know for every Linux/Unix administrator.

Anyone accessing system locally or remotely has to has a user session on the server hence can be termed as a user. In this post, we will be seeing user management which is almost similar for all Linux, Unix systems. There are three commands useradd, userdel and usermod which are used to manage users on Linux systems.

Interesting related articles –

Command: useradd

Command to add a new user to the system. This command can be as short as just one argument of userid. When running with just userid as an argument then it takes all default values for creating that user as defined in /etc/default/useradd file. Or else a number of options can be specified which defines parameters of this new user while creation.

# cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

The command supports the below options :

  • -b <base_dir> If the home directory is not specified this one is mandatory.
  • -c <comment> Any text like a description of the account
  • -d <home_dir> Home directory
  • -e <expire_date> Account expiry date in YYYY-MM-DD
  • -f <inactive> No of days after which acc will be disabled after password expiry
  • -g <gid> group id
  • -u <uid> User id
  • -G <groups> Secondary groups
  • -k <skel_dir> Files within skel_dir will be copied to home_dir of the user after creation
  • -K <key=value> To override default parameters in /etc/login.defs
  • -m Create the home directory if it doesn’t exist.
  • -o Allow non-unique UID
  • -p Encrypted password (not normal text one). It can be obtained from the crypt command.
  • -r Create a system account. This won’t have password aging and UID from system UID range
  • -s shell
# useradd -c "Test user" -d /home/test -m -e 2016-12-05 -f 7 -g 100 -u 956 -o -s /bin/bash testuser1
# cat /etc/passwd |grep testuser1
testuser1:x:956:100:Test user:/home/test:/bin/bash
# useradd testuser2
# cat /etc/passwd |grep testuser2
testuser2:x:54326:54329::/home/testuser2:/bin/bash

See the above example with and without using options. Also, check the below list, it shows where you can verify the account-related particular parameter which you specified in useradd command.

  • home_dir Check using ls -lrt
  • uid, gid In /etc/passwd and /etc/group
  • comment, shell In /etc/passwd file
  • groups In /etc/group file
  • skel_dir files Check-in home_dir
  • expire_date, inactive Check-in chage -l username output.
  • Encrypted password In /etc/shadow file

Command: userdel

As the name suggests its a command to delete users. It has only two options –

  • -r Remove user’s home_dir & mail spool
  • -f Removes user even if he/she logged in. Removes home_dir, mail spool & group of the same name even these are being shared by another user. Dangerous!

If none of the options used and command just ran with userid argument. It will only remove the user from the system keeping its home_dir, mail spool and a group of the same name (if any) intact on the server.

#  ll /home |grep testuser
drwx------   4 testuser   testuser  4096 Nov 23 10:43 testuser
# userdel testuser
#  ll /home |grep testuser
drwx------   4      54326    54329  4096 Nov 23 10:43 testuser

# userdel -r testuser
#  ll /home |grep testuser
#

See above example which shows without using -r option keeps home directory intact.

Command: usermod

This command used to modify user parameters which we saw in useradd command. All parameter options with useradd command compatible with this command. Apart from those options, it supports below ones –

  • -l <new_login> Change login name to different. You have to manually rename home_dir
  • -L Lock account. Basically it puts ! in front of encrypted password in passwd or shadow file.
  • -U Unlock account. It removes!
  • -m <new_home> Moves home_dir to new_dir. -d is mandatory to use with it.
# useradd usr1# cat /etc/passwd |grep usr1
usr1:x:54326:54330::/home/usr1:/bin/bash
# usermod -l usr2 usr1
# cat /etc/passwd |grep usr2
usr2:x:54326:54330::/home/usr1:/bin/bash

# cat /etc/shadow |grep usr2
usr2:$6$nEjQiroT$Fjda8KiOIbnELAffHmluJFRC8jjIRWuxEWBePK1gun/ELZRi3glZdKVtPaaZ4tcQLIK2KPZTxdpB3tJvDj3/J1:17128:1:90:7:::
# usermod -L usr2
# cat /etc/shadow |grep usr2
usr2:!$6$nEjQiroT$Fjda8KiOIbnELAffHmluJFRC8jjIRWuxEWBePK1gun/ELZRi3glZdKVtPaaZ4tcQLIK2KPZTxdpB3tJvDj3/J1:17128:1:90:7:::
# usermod -U usr2
# cat /etc/shadow |grep usr2
usr2:$6$nEjQiroT$Fjda8KiOIbnELAffHmluJFRC8jjIRWuxEWBePK1gun/ELZRi3glZdKVtPaaZ4tcQLIK2KPZTxdpB3tJvDj3/J1:17128:1:90:7:::

See the above examples of usermod command showing locking, unlocking user and changing user names.

These three commands take almost most of the user management tasks in Linux Unix systems. Password management is another topic which does not fall in user management. We will see it on some other day.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.