User Administration

User administration is the process of creating and managing different types of user accounts on a linux operating system and their respective permissions in an operating system.

In this tutorial we will learn about user administration on linux based operating system.

User Accounts

In Linux, there are three types of user accounts:

  • Root/Super User
  • System User
  • Normal User

Root/Super Account: This user account is also known as the root account. It has all the permissions and can run all the commands without any restrictions.When you install operating system the root account is created.

System Account: System users mostly run system services and processes in the background. System user does not own home directory. We user this account to run a daemon, service, or other system software, rather than an account for interactive use.

Normal Account: Normal user accounts are created by root user so that user can login and perform different tasks on a server. Root user can also assign or restrict their access to some file or directories.

How to login using user account?

Normally, when root user creates normal user account they have username and password. You need to know which server this account is created for.

To login you need server ip address, username and a password. You can use terminal or putty software to login to linux machine. Use following command to login:

# login to server using user account
ssh user@127.0.0.1

It will ask you to enter password and then you would be able to see home directory once you are logged in.

Important user administration files

  • /etc/passwd - when root user creates a new user it will add entry for this newly created user in this file. This file holds user account related information.
  • /etc/shadow - this file holds encrypted password for the entry in /etc/passwd file for the user. Not all system supports this file.
  • /etc/group - this file keeps info regarding user group for each account.
  • /etc/gshadow - this file contains secure group account information

How to create normal user in linux?

To create a normal user in linux you first need to login as a root user to your linux server and then run following command to create new user.

# create a normal user
useradd john

# assign passwod to john user
passwd john

# check user entry in /etc/passwd file
cat /etc/passwd | grep -i john

What happens when user is created:

  • system will create unique user id for newly created user
  • it will also create a group name same as your username with unique group id
  • a new record related to user will be added to /etc/passwd and /etc/shadow files

Followings are some other ways of creating user accounts using diff options:

Command Description
useradd <user> creates a user with home directory /home/<username>
useradd -d <dir-location> <user> creates user with different home directory
useradd -u <id> <user> creates user with user id provided
useradd -u <id> -g <group-name> <user> creates user with user id and user group provided
id -gn <user> displays current users group name
usermod -a -G <groups seperated by comma> <user> adds existing user to multiple groups
id <user> shows current user group and user id
useradd -M <user> add user without home directory
useradd -e <YYYY-MM-DD> <user> creates user with expiry date of the account
chage -l <user> verify age of the user account
useradd -e <YYYY-MM-DD> -f <days> <user> creates user with expiry date and days to expire his password
useradd -c <comment> <user> adds user with some comments
useradd -s <shell-location> <user> creates user with login shell assigned
userdel <user> delete a user
useradd -g <primary-group> -G <secondary-group> <user> creates user with primary and secondary group
passwd -l <user> lock user's password
passwd -u <user> unlock the user password
usermod -l <new-name> <existing-name> change name of the user
usermod -d <dir-loc> <user> change user's home directory
usermod -L <user> lock user's account
usermod -U <user> unlock the user account

User groups

In linux groups are created in order to organize and administer user accounts. The primary purpose of the group is to define set of permissions such as read, write and execute for a given resource.

There are two types of groups:

  • The Primary Group - usually name of the group is same as the name of the user. When user is created group with same name as user is also created.
  • Secondary Group - this group is useful when you want to grant certain file or folder permissions to set of users.

Each user can belong to exactly one primary group and zero or more secondary groups.

How to create a group in linux?

There are different commands that you can use in order to create groups. Followings are some of thw ways you can create a new group or add user to group.

Command Summary
groupadd <group> creates a group with name provided
usermod -a -G <group> <user> adds an existing user to a secondary group
usermod -a -G <group1, group2> <user> add user to multiple groups
groupdel <group> delete a group
usermod -g <group> <user> changing users primary group
groups <user> shows user's seconday groups

In next tutorial we will learn about user permissions or access control.