Topics Summary

Useradd:

 

Usermod:

 

Userdel:

 

Create-Modify-Delete-users-in-Linux-Unix

One of the day to day activity for any Linux/UNIX admin is to create new user and modify their attributes as per the end user requirements.

Below is the list of Linux commands that we use for user administration.

useradd ---- For adding a new user
usermod---- For modifying user attributes
userdel------ For removing user from Linux machine.

 

Note:

For add/modify/remove users, we should have root level privileges or someone having sudo root user credentials.

 

A non-root user, should raise request or ticket following ITIL standards, to for any changes in user credentials on the machine.

We will understand the different phases of user administration in Linux with below examples.

 

Create a new user:

In general, Non root users won't have credentails to create a new user. Instead they have to request the Linux team following ITIL standards to create a new user.

 

Command Syntax:

Below given are some of the most commonly used options with useradd commands. for more options, please refer to man pages or info of command.

#useradd u -g -G -c -d <user’s working directory> -m –s
g--------Primary group
G------ Secondary group
C------- Comment at type of user
m------make directory
s--------Shell
d--------Path of user’s home directory.

 

Note:

username & user id both are not same.

username is generic name for human understanding, whereas userid is unique number assigned to each user by OS for its reference.

 

Note:

U -----user id’s in RHEL 6 0- 499 are reserved
0-99 are system users
100-499 are daemon users

500-2147483647 are minimum user id and maximum user ids available to be assigned by linux administrators.

 

For example, Create a new user named "john" for database admin team, assigning Bash shell.

Before creating any new user, we should gather few details from end user,

Userid =501
Primary group = dba
Secondry group = sales
Comment = system admin
Directory = /home/john
Shell=/bin/bash
Username = john

 

Important:

In Linux, we can create usernames with capital letters also, but best practice is to follow lower cases.

 

Syntax

[root@sys2 ~]# useradd -u 501 -g dba -G sales -c systemadmin -d /home/john -m -s /bin/bash john

 

To check whether a user is created or not, we can use any one of the below ways,

  • Using id command,

id john

 

[root@sys1 ~]# id john
uid=501(john) gid=501(john) groups=501(john)

 

  • Checking from /etc/passwd file,

[root@sys2 ~]# grep john /etc/passwd
john:x:501:502:systemadmin:/home/john:/bin/bash

 

Note:

  • usernames are case sensitive in Linux and UNIX Flavors. Type, id JOHN and see the output.
  • If the group doesn’t exist already, then they are created by default with the user name.

 

Default attributes for new user:

The default attributes for a normal user are user id and group id given by the system.

Default working directory is ‘/home/’

The default shell is bash shell.

The syntax Is #useradd sampleusername

[root@sys2 ~]# useradd steve

 

Checking the details in /etc/passwd file,

[root@sys2 ~]# grep steve /etc/passwd
[root@sys2 ~]# grep steve /etc/passwd
steve:x:503:503::/home/steve:/bin/bash

 

Usermod

This command is used modify the user attributes like user id, group, name etc.

 

Syntax:

Usermod [options] username

 

The following are the list of options to modify already existing user attributes.

-d  this option is used to change the working directory of the user

-g  this option is used to change the primary group of the user

-G this option is used to change the secondary group of the user

-L  this option is used to lock the user account.

-U this option is used to unlock the user account.

-s  this option is used to assign shell to the user.

-e  this option is used to assign specific expiry date to the particular user.

-u  this option is used to modify the user id of the user.

-l   this option is used to modify the login name of the user.

-c  this option is used to change the comment or assign the comment to the particular user.

 

Let us see some examples to understand more on this topic.

Example-1:

Assigning comment to a user:

So we are going to assign a comment to the user john by using “-c” option.

[root@sys1 ~]# grep --color DB2admin /etc/passwd
john:x:501:501:DB2admin:/home/john:/bin/bash

 

Example -2:

Changing working directory of the user:

To change working directory of the user we use ‘-d’ option with usermod command.

[root@sys1 ~]# usermod -d /repo john
[root@sys1 ~]# grep --color /repo /etc/passwd
john:x:501:501:DB2admin:/repo:/bin/bash

 

Example-3:

Changing primary group of the user:

To change primary group of the user we use ‘-g’ option with usermod command.

[root@sys1 ~]# usermod -g OracleDB steve
[root@sys1 ~]# id steve
uid=503(steve) gid=504(OracleDB) groups=504(OracleDB)

 

Example-4:

Changing secondary group of the user:

We use “-G” option with usermod command to change the secondary group of a particular user. To understand more observe the following scenario.

[root@sys1 ~]# id steve
uid=503(steve) gid=504(OracleDB) groups=504(OracleDB)

 

Now I am going to add SQL as the secondary group of the user steve.

[root@sys2 ~]# usermod -G SQL steve

 

Now check whether the secondary group has assigned or not using id command.

[root@sys2 ~]# id steve
uid=502(steve) gid=504(OracleDB) groups=504(OracleDB),510(SQL)

 

Example-5:

Locking and unlocking the user account:

By locking the user account the user was not able to login to the server. To lock the user account we use ‘-L’ option with user mod command. Have a look on the following scenario to understand more.

[root@sys2 ~]# usermod -L steve

 

From the above command, we locked the user steve. Now try to login with the credentials of steve.

login as: steve
steve@192.168.0.17's password:
Access denied

 

Hence, the user account was successfully locked. Now my question is how to check locked user account?

Simply use passwd command with –s option as shown below.

[root@sys2 ~]# passwd -S steve
steve LK 2016-01-26 0 99999 7 -1 (Password locked.)

 

From the above output the user account was successfully locked .

Now, I am going to unlock the user steve by using ‘-U’ with usermod command. After unlocking the user can be able to login to the server.

[root@sys2 ~]# usermod -U steve
[root@sys2 ~]# passwd -S steve
steve PS 2016-07-31 0 99999 7 -1 (Password set, SHA512 crypt.)
From the above scenario we are successfully unlocked the user account steve. Now I am trying to login as steve as follows.
login as: steve
steve@192.168.0.4's password:
[steve@sys2 ~]$

 

From the above view the steve account was successfully unlocked.

 

Example-6:

Assigning a shell to the user:

To change or assign ashell to the user we use “-s” option with usermod command. To know more about the Shell go through the topic shell in the introduction 

[root@sys2 ~]# grep steve /etc/passwd
steve:x:502:509::/home/steve:/bin/bash

 

From the above command the shell assigned to the steve is bash. Now I am going ro change the shell to c-shell.

[root@sys2 ~]# grep steve /etc/passwd
steve:x:502:509::/home/steve:/bin/csh

 

From the above lines the shell is successfully updated to the user steve.

 

Example-7:

Modifying the username of the user account:

Using ‘-l’ option with usermod command we can change the user name of a particular account. To understand more observe the following.

[root@sys2 ~]# grep --color steve /etc/passwd
steve:x:502:509::/home/steve:/bin/csh
[root@sys2 ~]# usermod -l steveJobs steve
[root@sys2 ~]# grep --color steveJobs /etc/passwd
steveJobs:x:502:509::/home/steve:/bin/csh

 

This is how we can change the user name of a particular account.

 

Example-8:

Assigning an expiry date to a user account:

By using ‘-e’ option with the usermod command we can assign the expiry date to a particular user account.

 

Let us see practically,

Check the expiry date of the user steve using chage –l command. We can change the expiry date of a user using chage command also click here to view that.

[root@sys2 ~]# chage -l steve
Last password change : Jul 31, 2016
Password expires        : never
Password inactive        : never
Account expires           : never
Minimum number of days between password change  : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires   : 7

 

From the above output we understood that there is no account expiry date to the user steve.

Now assign an expiry date to the user steve as follows.

[root@sys2 ~]# usermod -e 2018-01-01 steve

 

Now check weather expiry date has assigned or not.

[root@sys2 ~]# chage -l steve
Last password change : Jul 31, 2016
Password expires     : never
Password inactive    : never
Account expires      : Jan 01, 2018
Minimum number of days between password change    : 0
Maximum number of days between password change    : 99999
Number of days of warning before password expires : 7

 

Hence we assigned an expiry date to the user account steve.

 

Example-9:

Modifying the user id of an user account:

To change the user id of an user we use ‘-u’ option with usermod command. Observe the following to understand more.

Now I am going to change the user id of steve.

 

Check the user id of steve.

[root@sys2 ~]# id steve
uid=502(steve) gid=509(OracleDB) groups=509(OracleDB),510(SQL)

 

Change the user id of steve from 502 to 520.

[root@sys2 ~]# id steve
uid=520(steve) gid=509(OracleDB) groups=509(OracleDB),510(SQL)

 

Hence the user id of steve has changed successfully.

You can change different attributes of the user account within single command also.

 

Userdel

Basically this command is used to delete the user. Observe the following examples to get more knowledge on userdel command.

 

Example-1:

Deleting the user account:

[root@sys2 ~]# userdel steve
[root@sys2 ~]# useradd steve

 

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

Creating mailbox file: File exists

In the above few lines. We remove the user steve and again tried to add the user steve. But the user cannot be created because the home directory exists.

 

Note: using userdel command alone we can delete the user but not the home directories of the user.

 

Example-2:

Deleting the user account along its home directory:

Using ‘-r’ option with userdel command we can delete the user account along with its home directory.

[root@sys2 ~]# userdel -r steve

 

Check the appropriate directories weather they are deleted or not.

 

Note: 

Make sure that you have a backup of users data before using this option.

 

Example-3:

Deleting the user forcefully:

Sometimes when we rare trying to remove the user they can’t delete because they are already logged in or any process belongs to the particular user is running in the background.

 

For example the user steve is logged in but, I am trying to delete the user steve as shown delow.

[root@sys2 ~]# userdel -r steve
userdel: user steve is currently logged in

 

To delete the user forcefully we use “-f ‘ option with userdel command .

[root@sys2 ~]# userdel -f steve
[root@sys2 ~]# grep steve /etc/passwd

 

Note: Kill all the process of user before deleting the particular user.