5.2 Creating Users and Groups (Weight: 2)
📘Linux Essentials (LPI 010-160)
Managing users and groups is an important part of Linux system administration. Linux is a multi-user operating system, meaning multiple users can access the system at the same time. Each user has their own account, files, and permissions.
System administrators must manage these users and groups to control who can log in, what they can access, and what actions they are allowed to perform.
This section explains the commands, files, and concepts used to manage users and groups in Linux.
1. What is User and Group Management?
User and group management refers to the tasks involved in:
- Creating user accounts
- Modifying user accounts
- Deleting user accounts
- Creating and managing groups
- Assigning users to groups
- Controlling user access and permissions
These tasks are usually performed by the root user or by users with administrative privileges.
In an IT environment, administrators manage users to:
- Provide login access to employees
- Organize users into teams or departments
- Control access to system resources
- Maintain system security
2. User Accounts in Linux
A user account allows a person or service to access the Linux system.
Each user account contains several pieces of information such as:
- Username
- User ID (UID)
- Primary group
- Home directory
- Default shell
- Password
This information is stored in system files such as:
/etc/passwd/etc/shadow/etc/group
3. Important Files Used for User Management
3.1 /etc/passwd
The /etc/passwd file stores basic information about user accounts.
Each line represents one user account.
Example:
john:x:1001:1001:John Doe:/home/john:/bin/bash
Fields in /etc/passwd:
| Field | Description |
|---|---|
| Username | Login name of the user |
| Password placeholder | Usually x, meaning password stored in /etc/shadow |
| UID | User ID number |
| GID | Primary Group ID |
| Comment | Description or user information |
| Home directory | User’s home directory |
| Shell | Default login shell |
3.2 /etc/shadow
The /etc/shadow file stores encrypted user passwords and password policies.
Example:
john:$6$abc...:19000:0:99999:7:::
This file is readable only by the root user for security reasons.
Information stored includes:
- Encrypted password
- Password aging rules
- Account expiration information
3.3 /etc/group
The /etc/group file stores group information.
Example:
developers:x:1002:john,mary
Fields include:
| Field | Description |
|---|---|
| Group name | Name of the group |
| Password | Usually unused |
| GID | Group ID |
| Members | Users in the group |
4. Creating Users
In Linux, new users are created using the useradd command.
Basic syntax:
useradd username
Example:
sudo useradd alice
This creates a new user account.
However, it usually does not create a home directory unless specified.
Creating a User with Home Directory
sudo useradd -m alice
Option explanation:
| Option | Meaning |
|---|---|
-m | Create home directory |
Home directory created:
/home/alice
Setting a User Password
After creating a user, a password must be set.
Command:
sudo passwd alice
The system will ask for the new password.
5. Useful useradd Options
Administrators often use additional options when creating users.
| Option | Purpose |
|---|---|
-m | Create home directory |
-d | Specify custom home directory |
-s | Set login shell |
-c | Add user description |
-u | Specify UID |
-g | Set primary group |
-G | Assign additional groups |
Example:
sudo useradd -m -s /bin/bash -c "Web Administrator" -G developers alice
This creates a user with:
- Home directory
- Bash shell
- Description
- Membership in the
developersgroup
6. Modifying Users
Existing users can be modified using the usermod command.
Syntax:
usermod [options] username
Changing a User’s Home Directory
sudo usermod -d /home/newdir alice
Changing Login Shell
sudo usermod -s /bin/zsh alice
Adding a User to a Group
sudo usermod -aG developers alice
Option explanation:
| Option | Meaning |
|---|---|
-a | Append (do not remove existing groups) |
-G | Supplementary groups |
This adds the user to an additional group.
7. Deleting Users
Users can be removed using the userdel command.
Syntax:
userdel username
Example:
sudo userdel alice
This removes the user account but keeps the home directory.
Removing User and Home Directory
sudo userdel -r alice
Option:
| Option | Meaning |
|---|---|
-r | Remove home directory and mail spool |
8. Groups in Linux
A group is a collection of users.
Groups help administrators manage permissions more easily.
Instead of giving access to each user individually, access can be given to a group.
For example, a development team can be placed in a developers group so that all members share access to development resources.
Each group has:
- Group name
- Group ID (GID)
- Members
9. Creating Groups
Groups are created using the groupadd command.
Syntax:
groupadd groupname
Example:
sudo groupadd developers
10. Modifying Groups
Groups can be modified using the groupmod command.
Example: change group name
sudo groupmod -n devteam developers
Option:
| Option | Meaning |
|---|---|
-n | New group name |
11. Deleting Groups
Groups can be removed using the groupdel command.
Example:
sudo groupdel developers
This deletes the group from the system.
12. Primary and Secondary Groups
Each user belongs to at least one group.
There are two types:
Primary Group
The primary group is assigned when the user account is created.
It is stored in /etc/passwd.
Example:
alice:x:1002:1002
Here 1002 is the primary group ID.
Secondary (Supplementary) Groups
Users can belong to additional groups.
These are stored in /etc/group.
Example:
developers:x:1003:alice
This allows the user to access additional resources.
13. Viewing User and Group Information
Administrators often need to check user and group details.
id Command
Shows user ID and group membership.
Example:
id alice
Output example:
uid=1002(alice) gid=1002(alice) groups=1002(alice),1003(developers)
groups Command
Shows which groups a user belongs to.
groups alice
getent Command
Displays user or group database entries.
Example:
getent passwd alice
14. Managing Password Policies
Passwords are managed using the passwd command.
Example:
passwd alice
This allows administrators to:
- Set passwords
- Lock accounts
- Unlock accounts
- Force password changes
Locking a User Account
sudo passwd -l alice
Unlocking a User Account
sudo passwd -u alice
15. Example of User Management in an IT Environment
A system administrator may perform tasks such as:
- Creating user accounts for new employees
- Assigning users to department groups
- Removing accounts when employees leave
- Locking accounts during security incidents
- Managing access to shared directories
Using groups allows administrators to manage permissions efficiently for teams such as:
- developers
- administrators
- database administrators
- system operators
16. Security Best Practices
For secure user management:
- Only administrators should create or modify users
- Use strong passwords
- Remove unused accounts
- Use groups instead of individual permissions
- Lock accounts when necessary
- Regularly review user and group memberships
These practices help maintain a secure Linux environment.
17. Key Commands to Remember for the Exam
| Command | Purpose |
|---|---|
useradd | Create user |
usermod | Modify user |
userdel | Delete user |
groupadd | Create group |
groupmod | Modify group |
groupdel | Delete group |
passwd | Manage passwords |
id | Display user information |
groups | Show group membership |
getent | Query system databases |
✅ Exam Tip:
For the Linux Essentials exam, you should understand:
- How Linux stores user and group information
- Commands used to create, modify, and delete users
- Commands used to manage groups
- Difference between primary and secondary groups
- Basic commands to check user information
These topics form the core of Managing Users and Groups in Linux.
