If you are a linux system administrator one of the more important things to learn and to know is how to manage users and groups on linux systems.
This guide will describe how to add, delete and modify users and groups (manage users and groups) on CentOS 6 linux (same applies to other linux distributions) from command line (CLI).
The following guide was tested on a fresh fully updated CentOS 6.5 64bit minimal install.
Let’s start our Manage Users and Groups on Linux Guide!
1. Adding New Users
There are two available commands for adding a new user to our linux system. These commands are “useradd” and “adduser”. The difference is that “useradd” is a native binary, that comes with the system and “adduser” is a perl script which uses “useradd” binary. “adduser” is more user friendly than “useradd” (though on CentOS it seems completely the same) but in the end you can use both to achieve the same result. Let’s try “adduser” command first. Please note we are running all commands as user root or with sudo privileges!
Adduser
Run command “adduser username” to create a new user account as follows:
[root@centos1 ~]# adduser geekpeek
If you want to manually specify a home directory for the user run the command with “-d” parameter. Home directory will be created if it does not exist:
[root@centos1 ~]# adduser -d /homedir geekpeek
Set the password for the newly created user “geekpeek”. Without setting a password the newly created user will not be able to login via SSH (default SSH security restrictions):
[root@centos1 ~]# passwd geekpeek Changing password for user geekpeek. New password: Retype new password: passwd: all authentication tokens updated successfully.
Check to confirm home directory for user “geekpeek” was created:
[root@centos1 ~]# ll /home/ total 4 drwx------ 2 geekpeek geekpeek 4096 May 27 10:10 geekpeek
That’s great. The newly created user can now connect to our linux system via SSH, but sometimes we want to force the user to change the password on first login. We can do this by issuing the following command:
[root@centos1 ~]# chage -d 0 geekpeek
We can now provide the user with the details about his account and remind him he is forced to change his password on first login.
Useradd
As in previous “adduser” example run command “useradd username” to create a new user account:
[root@centos1 ~]# useradd geekpeek
If you want to manually specify a home directory for the user run the command with “-d” parameter. Home directory will be created if it does not exist:
[root@centos1 ~]# adduser -d /homedir geekpeek
Set password for user to enable him to login via SSH:
[root@centos1 ~]# passwd geekpeek Changing password for user geekpeek. New password: Retype new password: passwd: all authentication tokens updated successfully.
Confirm users home directory was created:
[root@centos1 ~]# ll /home/ total 4 drwx------ 2 geekpeek geekpeek 4096 May 27 10:20 geekpeek
..and force password change (if desired) on first login:
[root@centos1 ~]# chage -d 0 geekpeek
We can now provide the user with the details about his account and remind him he is forced to change his password on first login. So now we are one step closer learning how to manage users and groups on linux systems. Let’s continue…
NOTE: When adding new users a group with the same name is automatically created!
ADDUSER & USERADD HELP:
[root@centos1 ~]# adduser --help Usage: useradd [options] LOGIN Options: -b, --base-dir BASE_DIR base directory for the home directory of the new account -c, --comment COMMENT GECOS field of the new account -d, --home-dir HOME_DIR home directory of the new account -D, --defaults print or change default useradd configuration -e, --expiredate EXPIRE_DATE expiration date of the new account -f, --inactive INACTIVE password inactivity period of the new account -g, --gid GROUP name or ID of the primary group of the new account -G, --groups GROUPS list of supplementary groups of the new account -h, --help display this help message and exit -k, --skel SKEL_DIR use this alternative skeleton directory -K, --key KEY=VALUE override /etc/login.defs defaults -l, --no-log-init do not add the user to the lastlog and faillog databases -m, --create-home create the user's home directory -M, --no-create-home do not create the user's home directory -N, --no-user-group do not create a group with the same name as the user -o, --non-unique allow to create users with duplicate (non-unique) UID -p, --password PASSWORD encrypted password of the new account -r, --system create a system account -s, --shell SHELL login shell of the new account -u, --uid UID user ID of the new account -U, --user-group create a group with the same name as the user -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
2. Adding New Groups
There are two commands available to add a new group in some distributions but not in CentOS! In CentOS we can only use command “groupadd” to add a new group to our linux system.
Run command “groupadd groupname” to create a new group:
[root@centos1 ~]# groupadd testing
We can check and confirm the group was successfully created by looking into /etc/group file:
[root@centos1 ~]# grep testing /etc/group testing:x:501:
Great, new group was successfully created with group ID 501. Let’s create another group called “admin” for following examples:
[root@centos1 ~]# groupadd admin [root@centos1 ~]# grep admin /etc/group admin:x:502:
Great
GROUPADD HELP:
[root@centos1 ~]# groupadd --help Usage: groupadd [options] GROUP Options: -f, --force exit successfully if the group already exists, and cancel -g if the GID is already used -g, --gid GID use GID for the new group -h, --help display this help message and exit -K, --key KEY=VALUE override /etc/login.defs defaults -o, --non-unique allow to create groups with duplicate (non-unique) GID -p, --password PASSWORD use this encrypted password for the new group -r, --system create a system account
3. Modifying Users
There are many scenarios in which we are forced to modify an existing user. We will not go through all of the use cases but the syntax is always the same “usermod [options] username” – you can get all information by running “usermod –help”. In the following example we will re-configure user “geekpeek” and change his primary and secondary groups.
First use “id username” command to see existing user configuration:
[root@centos1 ~]# id geekpeek uid=500(geekpeek) gid=500(geekpeek) groups=500(geekpeek)
As we see user “geekpeek” has user ID 500 and his primary group is “geekpeek” with group ID 500. This user is only a member of “geekpeek” group. Let’s add “geekpeek” user to previously created group “testing”:
[root@centos1 ~]# usermod -G testing geekpeek [root@centos1 ~]# id geekpeek uid=500(geekpeek) gid=500(geekpeek) groups=500(geekpeek),501(testing)
As we can see “-G” parameter added user “geekpeek” to a supplementary group “testing”. Now this user is a member of two groups, primary “geekpeek” and secondary “testing”. Let’s try and change this users primary group with the following command:
[root@centos1 ~]# usermod -g admin geekpeek [root@centos1 ~]# id geekpeek uid=500(geekpeek) gid=502(admin) groups=502(admin),501(testing)
Voila, the parameter “-g” changes the users primary group. We can also change users user ID:
[root@centos1 ~]# usermod -u 505 geekpeek [root@centos1 ~]# id geekpeek uid=505(geekpeek) gid=502(admin) groups=502(admin),501(testing)
Let’s modify user “geekpeek” to the state it was before we started playing around with it:
[root@centos1 ~]# usermod -u 500 geekpeek [root@centos1 ~]# usermod -g geekpeek geekpeek [root@centos1 ~]# usermod -G geekpeek geekpeek [root@centos1 ~]# id geekpeek uid=500(geekpeek) gid=500(geekpeek) groups=500(geekpeek)
NOTE: We can use numeric user or group ID’s or human friendly user and group names to change and modify users.
USERMOD HELP:
[root@centos1 ~]# usermod --help Usage: usermod [options] LOGIN Options: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message and exit -l, --login NEW_LOGIN new value of the login name -L, --lock lock the user account -m, --move-home move contents of the home directory to the new location (use only with -d) -o, --non-unique allow using duplicate (non-unique) UID -p, --password PASSWORD use encrypted password for the new password -s, --shell SHELL new login shell for the user account -u, --uid UID new UID for the user account -U, --unlock unlock the user account -Z, --selinux-user new SELinux user mapping for the user account
4. Modifying Groups
Modifying groups is pretty much the same or similar to modifying users. We can modify groups with the command “groupmod” and the syntax is “groupmod [options] groupame” – you can get all information by running “groupmod –help”. In the following example we will change the group name and group ID for previously created group “testing”.
Let’s see the current configuration for group “testing”:
[root@centos1 ~]# grep testing /etc/group testing:x:501:geekpeek [root@centos1 ~]# id geekpeek uid=500(geekpeek) gid=500(geekpeek) groups=500(geekpeek),501(testing)
Let’s change group name to “testgroup” with the following command:
[root@centos1 ~]# groupmod -n testgroup testing
..and check if we succeded:
[root@centos1 ~]# grep testgroup /etc/group testgroup:x:501:geekpeek [root@centos1 ~]# id geekpeek uid=500(geekpeek) gid=500(geekpeek) groups=500(geekpeek),501(testgroup)
We can see that “geekpeek” user secondary group name changed. What will happen when we change the group ID by issuing the following command:
[root@centos1 ~]# groupmod -g 505 testgroup
Let’s see the current situation:
[root@centos1 ~]# grep testgroup /etc/group testgroup:x:505:geekpeek [root@centos1 ~]# id geekpeek uid=500(geekpeek) gid=500(geekpeek) groups=500(geekpeek),505(testgroup)
..again everything was changed successfully and no manual action is needed.
GROUPMOD HELP:
[root@centos1 ~]# groupmod --help Usage: groupmod [options] GROUP Options: -g, --gid GID change the group ID to GID -h, --help display this help message and exit -n, --new-name NEW_GROUP change the name to NEW_GROUP -o, --non-unique allow to use a duplicate (non-unique) GID -p, --password PASSWORD change the password to this (encrypted) PASSWORD
5. Removing Users
We can remove users from our linux system with the command “userdel” The correct syntax is “userdel [options] username”. To remove user home directory and mail spool add parameter “-r” as option:
[root@centos1 ~]# userdel -r geekpeek
Check that home directory and mail spol was removed:
[root@centos1 ~]# ll /var/spool/mail/ total 0 [root@centos1 ~]# ll /home/ total 0
Doing great! Just one more step in our manage users and groups on linux system guide!
USERDEL HELP:
[root@centos1 ~]# userdel --help Usage: userdel [options] LOGIN Options: -f, --force force removal of files, even if not owned by user -h, --help display this help message and exit -r, --remove remove home directory and mail spool -Z, --selinux-user remove SELinux user from SELinux user mapping
6. Removing Groups
We remove groups with “groupdel” command. The syntax is “groupdel groupname” – no parameters are available here:
[root@centos1 ~]# groupdel testgroup [root@centos1 ~]# groupdel admin
..and we are finished!
As we can see we can easily manage users and groups from linux command line. If you do not remember the parameter to use, you can always see help which is very direct and self explanatory. Hope this post was helpful in learning how to manage users and groups on CentOS 6.