How to Manage Users from the Command Line in Linux

One of the central responsibilities of Linux administration is the management of users. Through the use of the command line, user creation can be completed remotely or programmatically. Once you’ve created a user, you can then add them to groups or give them escalated privileges. In addition, you are able to keep an audit trail on what has been done on your server and any potential issues.

If you’ve developed software or programmed for the Web, you might be familiar with the policy of never trusting users. This same premise applies in other areas of computer usage in regards to user involvement. Only give access to those who need it and when they need it. Generous delegation of privileges could allow unspecified and unauthorized access to others’ information and core data.

One of the quickest ways to view users is to use the cat (concatenate) or more (pager) commands to view the list of users on the system. The file you will need to view is the “/etc/passwd” file. This file stores all user accounts and user login information.

useradd is a low-level binary available on most distros. This command is typically less used due to it being less user-friendly and intuitive compared to the adduser command. However, there are very few differences and either can be used.

To find out more about useradd, run the man command or add --help to get a quick overview.

linux-useradd-help

To add a user using useradd, type useradd and the name of the login you want to create.

In the case above, the user “testuser” will be created. By default, this command will only create the user and nothing else. If you need a home directory for this user, append the --create-home flag to create the home directory for the user.

The adduser command is a perl script that will create the user similar to the useradd command. What makes it different is that it is an interactive command and will prompt you to set the password, the home directory path, etc. Take note that on some distros, such as Red Hat and CentOS, adduser is a symbolic link to useradd, and on other distro like Arch Linux, adduser comes as a package that is not installed by default.

Using this command will create a group for the user using the user’s login by default. Other defaults can typically be found in the useradd file at “/etc/default”.

In this file you can change default settings for users created with useradd such as the shell and the home directory.

linux-useradd-conf

Run the adduser command similar to the following:

linux-adduser

This will then prompt you regarding the defaults you want set and ask you for the password.

Adding a password for a user will require running the passwd command.

Without superuser privileges, running passwd will only change the password of the logged-in user. This command will test the password for complexity. On Ubuntu password requirements are set in the common-password file located in “/ec/pam.d.” More information regarding updating the complexity can be found in the man page for pam-auth-update.

linux-pam-auth-man

Once a user is on the system, you can review the “/etc/passwd” file to see the user’s information and encrypted password. If you need to make changes to a user, you will need to utilize the usermod command.

linux-usermod-man

As an example, to change the user id for the testuser4 account created above, you would run the command:

You can then review the changes in the “/etc/passwd” file.

linux-tail-passwd

Be careful of changing critical information such as the login name, or as in this case, the user id. Review the man page for usermod to see what you will need to do if those items are changed.

There are times when you need to add users to a group so they have the necessary permission to run certain tasks.

To add a user to a group:

Note that the -a flag is necessary to “append” the group for the user. If not, you will risk removing the user from the “sudo” group if the user is supposed to have superuser permission.

Alternatively, you can use the gpasswd command to add/remove user to/from group.

To remove user from a group:

Similar to the other user commands, deleting a user is prefixed with “user” and the action. In this case you will need to use the userdel command.

linux-userdel-man

Take note that userdel will not remove a user if there are processes using that user’s account.

Depending on your distro, you will either check the auth log or the secure log located in “/var/log” to review user logins. This log file will give you logins on your system as soon as they happen. This is a critical element to monitoring events in the case of a breach and just to ensure things are working as desired.

User management is a crucial part of managing Linux servers if there is more than one person who will use your system. Using the command line will allow you to quickly administer users, as well as have a history of account creation and changes. Perhaps one of the best uses would be to automate creation with a shell script if multiple accounts are needed at once.

Either way, be sure to go through your accounts on a regular basis and remove accounts that are no longer needed. Ensure access is granted only to those who currently need access and monitor your logs frequently.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.

Sponsored Stories