Linux System Administration for Beginners

User and Group Management

Create delete and modify local user accounts

Managing local user accounts on Linux is essential for security, privacy, and streamlined administration. Each user should have a dedicated account so they:

  • Keep personal files and directories protected by proper permissions
  • Configure their own environment and tool settings
  • Operate with the least privilege, reducing accidental damage and attack surface

The image shows a dark interface with the text "Manage Local User Accounts" on the left and a user icon in the center. The word "KodeKloud" is in the top right corner.


1. Creating a New User

Use useradd to provision a fresh account.

sudo useradd john

By default, this performs:

ActionDescription
Create user and groupA new user named john and a primary group john with matching GID
Home directory/home/john is created and populated from /etc/skel
Default shell/bin/bash
Account expirationNo expiration date (unlimited)
PasswordUnset (must be initialized with passwd)

Inspect `/etc/skel`

Skeleton files define initial user config.

ls -a /etc/skel
# .  ..  .bash_logout  .bash_profile  .bashrc

You can also review default parameters:

useradd --defaults
# GROUP=100
# HOME=/home
# INACTIVE=-1
# EXPIRE=
# SHELL=/bin/bash
# SKEL=/etc/skel
# CREATE_MAIL_SPOOLS=yes

2. Setting a Password

After account creation, assign a strong password:

sudo passwd john
# Changing password for user john.
# New password:

3. Deleting a User

Remove user accounts carefully:

TaskCommand
Delete account (keep home directory)sudo userdel john
Delete account + home + mail spoolsudo userdel --remove john<br>sudo userdel -r john

Data Loss Warning

Using --remove (or -r) will delete the user’s home directory and mail spool permanently.
Always back up important data before proceeding.


4. Customizing Account Creation

Pass flags to override defaults:

OptionDescriptionExample
-d, --home <dir>Custom home directorysudo useradd -d /home/special_john john
-s, --shell <shell>Specify login shellsudo useradd -s /bin/zsh john
-u, --uid <UID>Assign specific user IDsudo useradd -u 1100 smith
-g, --gid <GID-or-name>Assign primary group (must exist or be created)sudo useradd -g 1100 smith

5. Inspecting User Records

Account metadata resides in /etc/passwd:

cat /etc/passwd | grep john
# john:x:1001:1001::/home/john:/bin/bash
  • Field breakdown: username:password:UID:GID:comment:home:shell

View file ownership under /home:

ls -l /home/
# drwxr-xr-x 2 john john 4096 Feb  5 10:00 john

Display numeric IDs:

ls -ln /home/

6. Identifying the Current User

CommandOutput
idUID, GID, groups, and SELinux context (if applicable)
whoamiCurrent username
id
whoami
# aaron

7. System Accounts

System accounts serve daemons and services. They typically have UIDs below 1000 and no home directory:

sudo useradd --system sysacc

8. Modifying an Existing User

Use usermod to update user settings:

ChangeCommand
Move home directorysudo usermod -d /home/newdir -m john
Rename usersudo usermod -l jane john
Change login shellsudo usermod -s /bin/zsh jane
Lock accountsudo usermod --lock jane <br> sudo usermod -L jane
Unlock accountsudo usermod --unlock jane <br> sudo usermod -U jane
Set expiration date (YYYY-MM-DD)sudo usermod -e 2022-01-01 jane
Remove expiration datesudo usermod -e "" jane

9. Password Aging with chage

Control password policies using chage:

PolicyCommand
Force change on next loginsudo chage -d 0 jane
Reset last password changesudo chage -d -1 jane
Set max days between changessudo chage -M 30 jane
Disable expirationsudo chage -M -1 jane
View aging infosudo chage -l jane

10. References

Watch Video

Watch video content

Previous
Verify the integrity and availability of resources