Managing local user accounts on Linux is essential for security, privacy, and streamlined administration. Each user should have a dedicated account so they:
Keep personal files and directories protected by proper permissions
Configure their own environment and tool settings
Operate with the least privilege, reducing accidental damage and attack surface
1. Creating a New User Use useradd to provision a fresh account.
By default, this performs:
Action Description Create user and group A new user named john and a primary group john with matching GID Home directory /home/john is created and populated from /etc/skelDefault shell /bin/bashAccount expiration No expiration date (unlimited) Password Unset (must be initialized with passwd)
Skeleton files define initial user config. ls -a /etc/skel # . .. .bash_logout .bash_profile .bashrc
You can also review default parameters:
useradd --defaults # GROUP=100 # HOME=/home # INACTIVE=-1 # EXPIRE= # SHELL=/bin/bash # SKEL=/etc/skel # CREATE_MAIL_SPOOLS=yes
2. Setting a Password After account creation, assign a strong password:
sudo passwd john # Changing password for user john. # New password:
3. Deleting a User Remove user accounts carefully:
Task Command Delete account (keep home directory) sudo userdel johnDelete account + home + mail spool sudo userdel --remove johnsudo userdel -r john
Using --remove (or -r) will delete the user’s home directory and mail spool permanently.
4. Customizing Account Creation Pass flags to override defaults:
Option Description Example -d, --home <dir>Custom home directory sudo useradd -d /home/special_john john-s, --shell <shell>Specify login shell sudo useradd -s /bin/zsh john-u, --uid <UID>Assign specific user ID sudo useradd -u 1100 smith-g, --gid <GID-or-name>Assign primary group (must exist or be created) sudo useradd -g 1100 smith
5. Inspecting User Records Account metadata resides in /etc/passwd:
cat /etc/passwd | grep john # john:x:1001:1001::/home/john:/bin/bash
Field breakdown: username:password:UID:GID:comment:home:shell
View file ownership under /home:
ls -l /home/ # drwxr-xr-x 2 john john 4096 Feb 5 10:00 john
Display numeric IDs:
6. Identifying the Current User Command Output idUID, GID, groups, and SELinux context (if applicable) whoamiCurrent username
7. System Accounts System accounts serve daemons and services. They typically have UIDs below 1000 and no home directory:
sudo useradd --system sysacc
8. Modifying an Existing User Use usermod to update user settings:
Change Command Move home directory sudo usermod -d /home/newdir -m johnRename user sudo usermod -l jane johnChange login shell sudo usermod -s /bin/zsh janeLock account sudo usermod --lock jane <br /> sudo usermod -L janeUnlock account sudo usermod --unlock jane <br /> sudo usermod -U janeSet expiration date (YYYY-MM-DD) sudo usermod -e 2022-01-01 janeRemove expiration date sudo usermod -e "" jane
9. Password Aging with chage Control password policies using chage:
Policy Command Force change on next login sudo chage -d 0 janeReset last password change sudo chage -d -1 janeSet max days between changes sudo chage -M 30 janeDisable expiration sudo chage -M -1 janeView aging info sudo chage -l jane
10. References 
