Linux Tutorials

Manage Linux Users & Linux Groups

Linux, as we all know, is a multi-user operating system. If you have multiple users on a desktop or a server, you can easily manage multiple Linux user accounts and provide permissions to each account.

In this article, you will learn –

  • How to manage users and groups on a Linux system
  • Create a new user account in Linux
  • Add user to a group in Linux
  • Create user group in Linux
  • Remove user group in Linux

Manage Linux Users

But, before we discuss how to manage Linux users and Linux groups, let me explain why having a distinct user account is vital from a security standpoint. Many users begin using the root account on the first boot of a Linux server, which is not recommended.

It is not a good idea to execute day-to-day server operations using a root account. The root user is a superuser account. Having it logged in guarantees that at least once the user will run an incorrect command, and the root user will do it, most of the time without even asking for confirmation. When you log in as a non-root user, the user has fewer access on the system and is less likely to do something bad.

Second, adding users to a group or groups rather than managing individual users makes it easier to manage multiple users in Linux. This takes us to the topic of Linux user groups. It may be tedious for some desktop users, but it is a useful function for system administrators.

Linux User Groups

Managing multiple users is a difficult chore for a system administrator, especially when the users come from various domains. An administrator may want to grant one type of user access to a directory while denying other types of users access to other directories on the system. Alternatively, an administrator may want to have multiple sorts of users with varied permissions in the same directory. It is possible to accomplish this on Linux by creating Linux user groups.

Assume we own a software development firm. All project directories are stored on a central server. We only want to provide Python programmers access to the Python directory, which contains all of the Python code.

To demonstrate, we will create a new user named sandy. Sandy is a Python developer who requires access to our server’s Python code directory. So let’s start by making his account.

Create a new user in Linux

Creating a new user in Linux is extremely easy from GUI.

For example, I am using Manjaro Linux (Deepin), and creating a new user is like creating a new note in any note-taking application. Just type the username & password, and that’s it.

Accounts Settings in Manjaro Linux
Accounts Settings in Manjaro Linux
Create a new user in Linux
Create a new user in Linux
Create new user in Linux
Create a new user in Linux

But if you need to create a new user on a Linux server, the following two commands can do the job –

useradd – This command is available in all Linux distros. It accepts different arguments to create a new user in Linux. If run without arguments, the command will create a user account without a home directory, shell extension, etc.

Though, you can set the default options in /etc/default/useradd so that each time a user is created, the command takes the default values from /etc/default/useradd automatically.

adduser – A command written in perl that uses useradd in the backend. Unlike useradd, it only requires the username and runs a setup in the terminal to create a user. It is easier than useradd.

adduser is only available in Ubuntu and other Debian-based Linux distributions.

How to use useradd?

useradd -m sandy

The above command will create a user account with a home directory at /home/sandy. Now set the password for the user.

sudo passwd sandy

And that’s it. A user has been created. If you want to create a different home directory for the user, the -d parameter is for that.

sudo useradd -d /home/james sandy

You can also set the shell in the useradd command. Just use the -s parameter.

sudo useradd -d /home/james -s /bin/bash sandy

How to use adduser?

As I mentioned above, adduser is way easier than useradd. It only requires the username. adduser asks questions and sets the input values as the parameter values in useradd command.

sudo adduser sandy

If you are using Ubuntu or other Debian-based distros, go ahead with adduser command. This command was created to simplify the user creation process on Linux systems.

Add User group in Linux

As mentioned above, managing Linux users is easier by adding them to one or Linux groups.

We can create a group called ‘python-programmers’, add sandy, our python developer, to this group, and then grant him access to the Python directory.

groupadd python-programmer

Add user to a group in Linux

Now add sandy to the python-programmer group.

sudo usermod -aG python-programmer sandy

Add group to a directory in Linux

Change the group of the Python directory that exists under $HOME/Projects/Python.

sudo chown -R :python-programmer $HOME/Projects/Python

Add Permissions To Directory

Now add read & write permission to the directory for the group users.

sudo chmod -R g+w $HOME/Projects/Python

Remove Permissions From Directory

And finally, disallow other users to access the Python directory.

sudo chmod -R o-x Python

And the job is done! Now the Python directory can either be accessed by the root user or any user under the ‘python-programmers’ group.

But there is a problem!

The above procedure will do the job. It will grant access to users of python-programmers to the Python directory, but there is a problem. The above approach will only allow one group of users to access the Python directory at a time. If you want to allow some other developers access to the Python directory, you will have to remove access from the previous group and set the new group as the directory owner.

To resolve this problem and allow access to multiple types of users at a time, we can use access control lists.

Access control lists

Let’s say we have a group of auditors in our company. We want to allow the group auditors to have ‘read’ access to the Python directory without removing any other group from it.

setfacl -m g:auditors:rx -R $HOME/Projects/Python

And that is it. Now the users of the python-programmers group have read & write access, and users of the auditors’ group have read access on the Python directory. If you want to allow auditors also to have write access, add the w in the above command.

setfacl -m g:auditors:rwx -R $HOME/Projects/Python

Remove user in Linux

You may also need to remove a user in Linux. It can be done using userdel command.

userdel sandy
userdel: The user sandy is being used by process 3861

List all processes of a user in Linux

ps -u sandy
Output -
  PID TTY          TIME CMD
 4831 ?        00:00:00 systemd
 4832 ?        00:00:00 (sd-pam)
 4845 ?        00:00:00 gnome-keyring-d
 4849 tty5     00:00:00 gdm-x-session
 4851 tty5     00:00:10 Xorg
 4856 ?        00:00:00 dbus-daemon
 4860 tty5     00:00:00 gnome-session-b
 4958 ?        00:00:00 ssh-agent
 4961 ?        00:00:00 gvfsd
 4966 ?        00:00:00 gvfsd-fuse
 4975 ?        00:00:00 at-spi-bus-laun
 4980 ?        00:00:00 dbus-daemon
 4983 ?        00:00:00 at-spi2-registr
 4997 ?        00:00:00 gnome-keyring-d
 5012 tty5     00:00:21 gnome-shell
 5023 ?        00:00:00 pulseaudio
 5032 tty5     00:00:00 ibus-daemon
 5034 ?        00:00:00 xdg-permission-
 5042 tty5     00:00:00 ibus-dconf
 5044 ?        00:00:00 gnome-shell-cal
 5046 tty5     00:00:00 ibus-x11
 5050 ?        00:00:00 ibus-portal
 5057 ?        00:00:00 evolution-sourc
 5066 ?        00:00:00 dconf-service
 5073 ?        00:00:00 goa-daemon
 5084 ?        00:00:00 goa-identity-se
 5094 ?        00:00:00 gvfs-udisks2-vo
 5099 ?        00:00:00 gvfs-gphoto2-vo
 5103 ?        00:00:00 gvfs-goa-volume
 5107 ?        00:00:00 gvfs-afc-volume
 5112 ?        00:00:00 gvfs-mtp-volume
 5116 tty5     00:00:00 gsd-power
 5117 tty5     00:00:00 gsd-print-notif
 5119 tty5     00:00:00 gsd-rfkill
 5121 tty5     00:00:00 gsd-screensaver
 5125 tty5     00:00:00 gsd-sharing
 5128 tty5     00:00:00 gsd-smartcard
 5130 tty5     00:00:00 gsd-xsettings
 5131 tty5     00:00:00 gsd-wacom
 5139 tty5     00:00:00 gsd-sound
 5144 tty5     00:00:00 gsd-a11y-settin
 5147 tty5     00:00:00 gsd-color
 5150 tty5     00:00:00 gsd-clipboard
 5154 tty5     00:00:00 gsd-housekeepin
 5155 tty5     00:00:00 gsd-datetime
 5160 tty5     00:00:00 gsd-media-keys
 5162 tty5     00:00:00 gsd-keyboard
 5164 tty5     00:00:00 gsd-mouse
 5186 tty5     00:00:00 gsd-printer
 5217 tty5     00:00:00 gsd-disk-utilit
 5219 tty5     00:00:01 nautilus-deskto
 5232 ?        00:00:00 gvfsd-trash
 5254 ?        00:00:00 evolution-calen
 5267 ?        00:00:00 evolution-calen
 5282 ?        00:00:00 evolution-addre
 5289 ?        00:00:00 evolution-addre
 5310 tty5     00:00:00 ibus-engine-sim
 5311 ?        00:00:00 gvfsd-metadata
 5364 ?        00:00:00 gvfsd-network
 5375 ?        00:00:00 gvfsd-dnssd
 5443 tty5     00:00:00 update-notifier
 5461 tty5     00:00:02 gnome-software
 5563 ?        00:00:03 nautilus
 5951 tty5     00:00:00 deja-dup-monito

Or there is another command to list users’ processes in Linux, pgrep.

pgrep -u sandy
Output -
4831
4832
4845
4849
4851
4856
4860
4958
4961
4966
4975
4980
4983
4997
5012
5023
5032
5034
5042

Kill all process used by the user

killall command will kill all the users’ processes.

killall -u sandy

Remove a Linux user

After all the users’ processes are killed, we can delete the user.

userdel sandy

As I mentioned above, by default, the command will not remove the user’s home directory. To also remove the user’s home directory, add –-r argument to the command.

userdel -r sandy

Remove user from a group in Linux

If you decide to snatch away rights from a user, remove the user from the group.

sudo gpasswd -d sandy python-programmers

If the user is a member of the group, it will output the following –

Removing user sandy from group python-programmers

Remove a group in Linux

If you want to remove a group in Linux, use groupdel command.

groupdel username

If the deleting group is the primary group for any of the users on the system, the group can not be deleted. In that case, change the primary group of that user.

Delete auditors group from the system.

groupdel auditors

Conclusion

That’s all there is to it. Managing Linux users and Linux groups is simple. Once you’ve learned how to manage users, you’ll be able to keep your files safe and private without relying on a third-party library or service.

If you believe I have overlooked something in the article, please let me know in the comments section below. I will update this article every three months with your suggestions (with your name).

Please let me know if you don’t understand any of the instructions in the comments area below. If you are a nerd and discovered an error in the article, please let me know using the Contact us page or by joining our Discord server.



Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.