Managing Users in Linux

Before you start

Objectives: Learn which files hold user information, how to add new user, how to modify existing user, and how to set a password for specific user.

Prerequisites: no prerequisites.

Key terms: password, user management, passwd file, useradd, usermod, userdel


 Passwd File

In early days of Linux, we basically had to use the text editor to manage users. Since user database and group database are only text files, we can always open them in text editor and view them. The common editor which we can use to edit text files is vi. We can enter the command “sudo vipw” directly in terminal which will open the passwd file in vi automatically.  We can also open it manually by entering the command “vi /etc/passwd“. However, we should always use the vipw command because it locks the user file so we can safely work with it.

 1 vi passwd

passwd file

As we can see, each line identifies a user account. Each line contains a colon delimited fields which describe user information. The first field is the user name. The next field is for users password. If we see an X instead of the password, that means that shadow files are enabled (password is stored in the shadow file). The next field is the user ID, which is unique on the operating system. The next fields is the primary group ID. To find the name of the group we have to open the group file. The next field is the GECOS comment which is typically used for users full name.  The next field is users home directory and the last field is users shell. The shell is the first program that is executed when a user logs on.

To add the user, we could simply add a new line with all fields populated and then save the file. After we exit the file, we would get a prompt to edit the shadow file also. Then we would have to edit the group database file also. This is the old way of doing things when creating users. Now we have tools dedicated to user creation.

User Management Commands

To create a new user we can use the “useradd” command. For example, if we want to add the user “demo”, we would enter the “useradd demo” command. This command will populate the passwd file, update the shadow file.

If we want to specify more things when creating users, we can use additional options. For example, lets create a new user named demo2 with the id of 1010, and with the primary group named “holsten”. The command for this is “sudo useradd -u 1010 -g holsten demo2“. To also create the users home directory, we can use the -m option, like this: “sudo useradd -u 1010 -g holsten -m demo2″. When adding users to the group, that group must exist. Using -c option, we can enter GECOS description, for example “useradd -c “Demo User”“.

If we want to change existing users we can use the “usermod” command. It has similar options as “useradd” command. For example, if we want to change user ID for demo2 to 1030, we would enter the “sudo usermod -u 1030” command. With the -l switch we can rename a user account. When renaming the account, we can use the -d option to rename the home directory.

If we want to delete a user, we can use the “userdel” command. For example, to delete the demo2 user, we would enter the “sudo userdel demo2” command. If we also want to remove the users home directory, we can use the -r option. So, the command to remove the user and its home directory is “sudo userdel -r demo2“. If we don’t use the -r option, the home directory will remain.

Shadow File

If we open the /etc/shadow file, we will see that it has the similar format as passwd file. The first field is the user name, and second field is the password. The third field is the date of the most recent password change timestamp (measured in the number of days since 1 January 1970). Fourth field is the minimum password age. Fifth is the maximum password age. Sixth field is the number of days a user is warned before the password must be changed. Seventh is the number of days the user can log in without changing password.  Eight field is the number of days since 1 January 1970 after which the account will be disabled.

 2 Shadow File

shadow File

Notice that we have a password set for users “cicnavi” and “demo3”. We can tell that because we see a long string which is actually a password hash. However, user “demo” doesn’t have a password set. To set a password for a user, we can use the “passwd” command. For example, if we want to set the password for the “demo” user, we would enter “sudo passwd demo” command. After that we will be able to enter the password for the user.

 3 Passwd Command

passwd Command

Now the user “demo” has the password set.

Switching Users

We have to mention the “su” command which allows us to become any user without having to log of and log in again. It’s like the “Run as” command in Windows. For example, if we want to become user “demo”, we can enter the command “su demo“. If we are not root user, we will have to enter the password for the “demo” user. To get back to the original user, we can enter the “exit” command.

If we only enter the “su” command (without specifying the user), we will switch to the “root” user. If we use the “-” option together with the “su” command, we will also log us in as that user, load that users profile, and change to the home directory of that user. If we don’t use the “-” option, we will stay at our current position. The example command would be “su – demo” .