Managing Local User Accounts And Groups In Linux

Today I will be showing you how to manage local user accounts and groups in Linux. This guide will not be including things such as LDAP but simply local users on your specific server or desktop.

Creating A Local User Account/s

You can add a user account with the following command, some of the options that you can change or add are which shell you want the user to use for example bash or zsh (if not specified the default shell will be used), additional user groups (for example sudo), etc. Below is a list of some of the useful options, for a full list you can simply type useradd –help.

-b, –base-dir BASE_DIR base directory for the home directory of the
new account
-d, –home-dir HOME_DIR home directory of the new account
-D, –defaults print or change default useradd configuration
-e, –expiredate EXPIRE_DATE expiration date of the new account
-g, –gid GROUP name or ID of the primary group of the new
account
-G, –groups GROUPS list of supplementary groups of the new
account
-m, –create-home create the user’s home directory
-M, –no-create-home do not create the user’s home directory
-N, –no-user-group do not create a group with the same name as
the user
-p, –password PASSWORD encrypted password of the new account
-r, –system create a system account
-R, –root CHROOT_DIR directory to chroot into
-s, –shell SHELL login shell of the new account
-u, –uid UID user ID of the new account
-U, –user-group create a group with the same name as the user

sudo useradd username -m -s /bin/bash -G sudo # Sudo Account
sudo useradd username -m -s /bin/bash # Regular Account

If you would like to create multiple accounts at the same time then you can use a simple for loop. Here are two example loops that you can use, the first one will use a text file filled with a list of usernames, the second will just use the provided names.

# List Of Names
for a in `cat /path/to/list.txt`; do
  sudo useradd $a -m -s /bin/bash && echo "Created $a" || echo "Failed to create $a";
done;

# Specified Names
for a in "batman" "robin" "joker"; do
  sudo useradd $a -m -s /bin/bash && echo "Created $a" || echo "Failed to create $a";
done;

Now that we have created an account, we will need to set a password, if you already specified one then you can skip this step but it is better if you manually set one like below because your commands are saved in your shell history, meaning if somebody reads your shell history then they can see what password you set. Also keep in mind that if you do not set any password then the user account will be locked until you set one, root can still switch into the account but nobody can actually login to it. To set a password simply use the passwd command like below.

sudo passwd username

You can verify that the account was created by checking the /etc/passwd file. Note this is not where your passwords are actually stored, they are stored in /etc/shadow, however this will give you a list of all accounts.

cat /etc/passwd
OR
grep username /etc/passwd

Remove A Local User Account

To remove a user account you can use the userdel command, this will remove the user. By default this will not remove the home directory, you can however remove it at the same time if you wish. Below are two examples, the second will remove the home directory and the user.

sudo userdel username
sudo userdel -r username

Just like with adding users, you can use the following for loops to bulk remove users, either with a list or by specifying the users.

# List Of Names
for a in `cat /path/to/list.txt`; do
  sudo userdel -r $a && echo "Removed $a" || echo "Failed to remove $a";
done;

# Specified Names
for a in "batman" "robin" "joker"; do
  sudo userdel -r $a && echo "Removed user $a" || echo "Failed to remove $a";
done;

Granting SUDO Permissions To A User

If you have already created a user but need to grant them sudo access, then you can use the following command. Be careful when granting sudo permissions as this is basically the same as giving them the root password.

sudo usermod -aG sudo username

Changing User Passwords

If you need to change either your password or another user’s password, you can do so using the passwd command just like when creating an account. Note that if you want to change a different user’s account you will either need to be logged in as root or use sudo, to change your own password you do not need sudo access. Here are two examples below.

# Change your own password
passwd

# Change somebody elses password
sudo passwd username

Creating User Groups

A good practice to get into is creating groups for your users. By default when you create a user it will also create a new group, you can override this though or simply remove their groups if you have already created the accounts. Some of the benefits include seeing which groups are responsible for what roles (for example an IT support group and an accountant group), setting group wide permissions, etc.

To create a group you can simply run the following command, you can change the number and group name to whatever you like however you may want to keep it in the hundreds for simplicity sake. This example will create a group with group ID (GID) of 700.

sudo groupadd -g 700 groupname

Deleting A Group

You can easily delete a group with the following command, this will however not remove any of the users in that group.

sudo groupdel groupname

Adding Users To Groups

To add a user to a group you can run the following command. It is important that you have the lowercase a option otherwise your user will be removed from all other groups.

sudo usermod -aG groupname username

Checking Group ID and User ID

If you find yourself needing a list of groups that your user is in, or even just their user ID, you can use the id command as follows.

id username

Checking User’s Login Times

You can check when users were logged into the system as-well as how long they were logged in by using the last command. Note you can also use this command to see when the system was rebooted. The following two examples will show you how.

# Check user login times
last

# Check specific user login times
last | grep username

# Check system reboot times
last reboot

I hope you have enjoyed this post, please don’t forget to like/share/comment. Thanks!

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *