User and Group Management
This guide covers user and group management in Linux systems, including creation, modification, and security.
π€ User Management
User types
user account
Normal user
username
root
Superuser
root
system account
System user
daemon, ssh
service account
Service user
nginx, mysql
User Information
# View user information
id username # Show user ID and groups
whoami # Show current username
who # Show logged in users
w # Show who is logged in and what they're doing
last # Show last logins
lastlog # Show last login for all usersUser Creation and Modification
-c- Custom comments-d- Home directory-e- Expiration date-g- Group GID-l- Do not add the user to the lastlog and faillog databases-m- Create the user's home directory-M- Do not create the user's home directory-N- Do not create a group with the same name as the user-o- Allow to create users with duplicate (non-unique) UID-p- Encrypted password of the new account-r- Create a system account-R- Directory to chroot into-P- Prefix directory where are located the /etc/* files-s- Login shell of the new account-u- User ID of the new account-U- Create a group with the same name as the user-Z- Use a specific SEUSER for the SELinux user mapping
# Create user
useradd username # Basic user creation
useradd -m -s /bin/bash username # Create with home dir and shell
adduser username # Interactive user creation
# Modify user
usermod -aG groupname username # Add user to group
usermod -s /bin/bash username # Change shell
usermod -L username # Lock account
usermod -U username # Unlock account
# Delete user
userdel username # Delete user
userdel -r username # Delete user and home directoryPassword Management
# Set/change password
passwd username # Set password
passwd -l username # Lock password
passwd -u username # Unlock password
passwd -e username # Expire password
# Password policies
chage -l username # View password aging
chage -M 90 username # Set maximum password age
chage -d 0 username # Force password changeπ₯ Group Management
Group Information
# View groups
groups username # Show user's groups
getent group # List all groups
getent group groupname # Show group details
cat /etc/group # View group fileGroup Creation and Modification
# Create group
groupadd groupname # Create new group
groupadd -g 1000 groupname # Create with specific GID
# Modify group
groupmod -n newname oldname # Rename group
groupmod -g 1001 groupname # Change GID
# Delete group
groupdel groupname # Delete groupGroup Membership
# Modify members
gpasswd -a username groupname # Add user to group
gpasswd -d username groupname # Remove from group
gpasswd -A username groupname # Set group administratorπ User Security
Account Security
# Account locking
passwd -l username # Lock account
passwd -u username # Unlock account
# Account expiration
usermod -e 2024-12-31 username # Set expiration date
usermod -e "" username # Remove expiration
# Login restrictions
/etc/nologin # Prevent non-root logins
/etc/security/limits.conf # Set resource limitsSudo Configuration
# Edit sudo configuration
visudo # Edit sudoers file
# Common sudo entries
username ALL=(ALL) ALL # Full sudo access
username ALL=(ALL) NOPASSWD: ALL # No password
%groupname ALL=(ALL) ALL # Group sudo accessπ Home Directory Management
Home Directory Operations
# Create home directory
mkhomedir_helper username # Create home directory
cp -r /etc/skel /home/username # Copy skeleton files
# Fix permissions
chown -R username:group /home/username
chmod 700 /home/usernameUser Files
# Important user files
/etc/passwd # User account information
/etc/shadow # Encrypted passwords
/etc/group # Group information
/etc/gshadow # Group passwords
/etc/skel/ # Skeleton directoryπ System Users and Groups
System Accounts
# Create system user
useradd -r username # Create system user
useradd -r -s /sbin/nologin username # No login shell
# System groups
groupadd -r groupname # Create system groupSpecial Users
# Root user
sudo su - # Switch to root
sudo -i # Interactive root shell
# Service accounts
useradd -r -s /sbin/nologin webserverπ‘ Best Practices
Security
Use strong passwords
Regular password changes
Limit sudo access
Audit user accounts
Management
Document user creation
Regular account review
Remove unused accounts
Standardize naming
Permissions
Use least privilege
Regular permission audit
Secure home directories
Group-based access
π οΈ Advanced Configuration
PAM Configuration
# PAM configuration files
/etc/pam.d/ # PAM configuration directory
/etc/security/ # Security policies
# Common PAM modules
pam_unix.so # Unix authentication
pam_limits.so # Resource limits
pam_access.so # Access controlLogin Configuration
# Login settings
/etc/login.defs # Login policy settings
/etc/shells # Valid login shells
/etc/security/limits.conf # Resource limitsπ User Monitoring
Activity Monitoring
# Monitor user activity
w # Current activity
last # Login history
lastlog # Last login times
ac # Connect time accounting
# Process monitoring
ps -u username # User processes
top -u username # Real-time monitoringAudit Configuration
# Enable user auditing
auditctl -w /etc/passwd -p wa -k user-modify
auditctl -w /etc/group -p wa -k group-modify
# View audit logs
ausearch -k user-modifyπ§ Troubleshooting
Common Issues
# Login issues
tail -f /var/log/auth.log # Authentication logs
grep username /var/log/secure # Security logs
# Permission issues
ls -l /home/username # Check home directory
namei -l /home/username # Check path permissionsAccount Recovery
# Password reset
passwd -d username # Delete password
chroot /mnt passwd username # Reset from live system
# Home directory repair
find /home/username -type f -exec chown username:group {} \;Last updated
Was this helpful?