User management is a crucial aspect of Linux administration, allowing system owners to control access, permissions, and security settings for different users. In this guide, we’ll cover user management fundamentals, starting with understanding ‘sudo’, followed by essential system commands, and finally diving into user management commands.
Understanding ‘sudo’
sudo — short for Superuser Do is a command in Linux that allows a permitted user to execute a command as the superuser (root) or another specified user. It is commonly used to run administrative tasks without switching to the root user entirely.
How sudo Works
When you use sudo, the system temporarily grants elevated privileges for that specific command. The user must be in the sudoers file (/etc/sudoers) to execute commands with sudo. By default, sudo asks for the user’s password before executing the command.
Example command:-
sudo apt update
Key Features of sudo
Security & Control – Users don’t need to log in as root, reducing security risks.
Logging & Auditing – Commands run with sudo are logged in /var/log/auth.log.
Time-Limited Authentication – Once authenticated, sudo allows repeated use for a short period (default: 5 minutes).
Add a user to the sudoers list:
sudo usermod -aG sudo username
usermod → Modifies the user account.
-aG → A combination of two options:
-a (Append): Adds the user to a group without removing existing group memberships.
-G (Groups): Specifies the groups to which the user should be added, here it is added to the sudo group.
We will learn about ‘groups’ later in this blog.
Running shutdown using normal user won’t work, it works as root user or using sudo:
shutdown
If the user is a sudoer, use the following command:
sudo shutdown
To restart the system:
sudo reboot
Essential System Commands for User Information
Before managing users, it’s helpful to gather system information using these commands:
who — shows a list of logged-in users, their terminals, and login times.
whoami — Displays the current logged-in user's username.
There is only one user right now, so who is showing only 1 user otherwise it gives a list of logged-in users.
id — it tells the info about user id, group id, for current user.
check for another user — id username
show only UID — id -u
show only GID — id -g
show only groups — id -G
User Management Commands
useradd
add new user – sudo useradd -m user1
-m → Creates a home directory (/home/username) for the user.
What Happens without -m?
- A new user is created.
- No home directory is created (unlike with -m).
- The user will not have a default working directory under /home/username.
- The user may not have a personal environment setup (e.g., .bashrc, .profile)
To see all the users you can check the ‘/etc/passwd’ file:
cat /etc/passwd
The newly created users - user1, user2 are visible at the end of the file.
passwd – set password for user:
sudo passwd user1
su – switch user
It will ask password and switch user:
su user1
Notice the username changed from ‘ubuntu’ to ‘user1’.
Use exit to go to primary user.
There are two ways to switch user:
su username vs su - username
su john
What Happens?
- Switches to john, but keeps the current shell environment (variables, paths, etc.).
- Does not load john's profile settings (~/.bashrc, ~/.profile).
- Current directory remains unchanged.
su - john
What Happens?
- Completely switches to john's environment, just like a fresh login.
- Loads john's shell profile (~/.bashrc, ~/.profile).
- Current directory changes to john's home (/home/john).
- Sets PATH, HOME, and other variables specific to john.
userdel — delete user
Delete ‘user1’:
sudo userdel user1
Delete ‘user1’ and its home directory:
sudo userdel -r user1
Force delete ‘user1’ even if the user is logged in:
sudo userdel -f user1
If you have deleted the user using the first command, and home directory is not removed, use the following to delete it manually:
sudo rm -rf /home/user1
rm → The remove (delete) command in Linux.
-r → Stands for recursive, meaning it deletes directories and all their contents.
-f → Stands for force, meaning it bypasses confirmation prompts and deletes files without asking.
groupadd – command is used to create a new group in Linux
Create a group named devops:
sudo groupadd devops
Create a group with a specific GID (Group ID):
sudo groupadd -g 5001 testers
Run this command to see all the groups:
cat etc/group
Displayed output is cropped.
There is a group of each user also, when we create a user, a group with same name gets created automatically
usermod → Recommended for Adding user to Multiple Groups
Adding 'user1' to 'devops' group:
sudo usermod -aG devops user1
Adding to 'john' multiple groups at the same time:
sudo usermod -aG developers,testers,QA john
Add a user to sudo group:
sudo usermod -aG sudo username
usermod → Modifies the user account.
-aG → A combination of two options:
-a (Append): Adds the user to a group without removing existing group memberships.
-G (Groups): Specifies the groups to which the user should be added, here it is added to the sudo group.
Change the default/primary group using -g:
sudo usermod -g QA john
Assign primary and secondary groups in one line:
sudo usermod -g developers -aG testers,QA john
Options in usermod command:
-d /new/home/directory → Changes the user's home directory to a new location.
-m → Moves all existing files from the old home directory to the new one.
Example: Change john's home directory to /home/devuser and move files
sudo usermod -d /home/devuser -m john
-p is not recommended to set password for a user, use passwd instead
sudo passwd user1 → it will give option to set password
gpasswd → Recommended for Single Group Changes
Add user1 to devops group:
sudo gpasswd -a user1 devops
-a → appends the user1 to devops group without removing other memberships
Add multiple users to testers group:
sudo gpasswd -M user1,user2 testers
see the users in devops and testers
To check the groups in which user1 is present:
groups user1
groupdel – delete a group:
sudo groupdel testers – delete testers group
Testers group no more showing up
It just deletes the group not the users inside that group, you can see the user1, user2 are still there.
Conclusion
Proper user and group management in Linux is vital for maintaining security and control over system access. By understanding and utilizing these commands, administrators can efficiently manage users and permissions, ensuring smooth and secure operations. In the next blog, we will cover user permissions and file access management to further enhance security and control.
Top comments (0)