RMS Meta

RMS Meta

Code to cloud for people & nature

Blog · Dec 25, 2025

Linux User Management: Basics and Core Commands

#Linux #User Management #Admin #CLI

Linux user management controls who can log in, what they can access, and how processes run. Here’s a deeper guide to accounts, groups, commands, and safety tips.

Accounts, groups, and shells

  • User (UID): Each account has a UID, name, primary GID, home dir, and shell.
  • Primary group (GID): The default group for file ownership when a user creates files.
  • Secondary groups: Extra access (e.g., sudo, docker, www-data); a user can belong to many.
  • Shell: The program launched on login (/bin/bash, /bin/sh, /usr/sbin/nologin for service accounts).

Key files (for reference)

  • /etc/passwd: User records (name, UID, GID, home, shell).
  • /etc/shadow: Password hashes and policies (root-readable only).
  • /etc/group: Group definitions and memberships.

Create users and groups

  • Create a group: sudo groupadd developers
  • Create a user (low-level): sudo useradd -m -s /bin/bash -G developers alice
    -m make home, -s shell, -G secondary groups. Set a password: sudo passwd alice.
  • Create a user (interactive helper, Debian/Ubuntu): sudo adduser bob
    Then add to a group: sudo usermod -aG developers bob.

Modify users and groups

  • Add secondary groups: sudo usermod -aG docker alice
  • Change shell: sudo chsh -s /bin/bash alice
  • Lock/unlock account: sudo usermod -L alice (lock) · sudo usermod -U alice (unlock)
  • Change password: sudo passwd alice
  • Change primary group: sudo usermod -g developers alice

Remove users

  • Delete user, keep home: sudo userdel alice
  • Delete user and home: sudo userdel -r alice

Check info

  • Show a user: id alice
  • List users: getent passwd
  • List groups: getent group
  • Switch user: su - alice (needs password) or sudo -u alice -i

File permissions refresh

  • Ownership: owner:group. Change with chown user:group file.
  • Permissions: read/write/execute for owner, group, others. Change with chmod (e.g., chmod 640 file).
  • Use groups to grant shared access instead of loosening “others.”

Good practices

  • Create one account per person/service; avoid shared logins.
  • Use groups for access control; don’t sprinkle permissive chmods.
  • Use /usr/sbin/nologin for service accounts that should not get shells.
  • Lock or remove unused accounts promptly.
  • Protect /etc/shadow; keep sudo restricted and logged.

With these commands and habits, you can add, modify, audit, and remove users safely while keeping permissions tidy.

Talk to us ← Back to blog