As a Linux Server Administrator, it’s your job to keep an eye on your users – and in this video, I’ll show you how to add and remove users. Also, I’ll show you how to change the password of your users. In addition, we’ll go over a quick summary of the
To add a user, we can use the useradd command:
sudo useradd foxmulder
In that example command, we create the user
foxmulder (X-Files reference). So as you can see, adding a new user to the system is a easy task. However, your new user may or may not have their own home directory by default when you run the
useradd command. The defaults for the
useradd is set in
/etc/default/useradd, which can vary from one distribution to another.
To create a user along with a home directory, add the
sudo useradd -m foxmulder
Also, to remove a user, we can use the
sudo userdel foxmulder
By default, the
userdel command does not remove the user’s home directory unless you explicitly tell it that you want it to do so. If we add the
-r option to the
useradd command, the home directory will be removed at the same time the user is removed:
sudo userdel -r foxmulder
Note: Be sure to understand and comply with your company’s data retention policy while removing users, if such a policy exists.
We’ve added a user, but we never added a password for that user. In fact, it didn’t even ask us for a password when we set up that user. We can use the
passwd command to set a password for a user. By default, the
passwd will give you a chance to change your own password. But if you use it with
sudo along with a username, you can change (or set) a password for a different user:
sudo passwd foxmulder
System users are useful for automation, and running processes. You generally wouldn’t want a script or process to run as a normal user, but a system user instead. To create a system user, you can add the
-r option to the
sudo useradd -r sysuser
It’s a good idea to take a look at the
/etc/passwd file, so you can become more familiar with it:
/etc/passwd file consists of multiple fields, separated by a colon. Each line in this file represents a user on the system. Here’s a sample line from this file:
The first column/field is the username, that’s fairly self-explanatory. The second field (which is typically
x) tells us that the password for that user is hashed, and the password is not stored in
/etc/passwd. That’s almost always the case nowadays. The third field is the User ID, or “UID” for short. Each user will have their own UID. Normal users are created with a UID of
1000 or above, while system users will generally have a UID less than
Continuing, the fourth field is the Group ID, or “GID” for short. We’ll be covering the group ID (and groups in general) in another video. After the GID, we have the “Gecos” field, which is used for user information. In my case, it’s set to my first and last name.
After the Gecos field, we have the home directory listed for the user. In my case, the home directory is set to
/home/jay. Finally, we have the shell, which is /bin/bash for me.
Finally, let’s take a look at the
sudo cat /etc/shadow
Here’s an example line from this file:
/etc/shadow file stores the hashed password for each user. This file consists of multiple fields/columns. The first column is the username, and the second column includes the hash of that users password. Continuing, the next field refers to the number of days after the UNIX Epoch that the password was last changed. The fourth column tells us how many days must pass before the user is allowed to change their password. The fifth column tells us how many days until a password change is required. The last several columns refer to password expiration as well, but will be covered in a different video in the future.