CHAPTER 8

MANAGING USER
ACCOUNTS
 List user accounts
PART 1
Add user account
MANAGING USER
Switch user account
ACCOUNTS IN
Modify user account
LINUX Delete user account
USER ACCOUNTS
A user account on a Linux system is identified by a
unique identification number called user ID (UID).
A user account must belong to a group. Each user
may belong to one primary group and any number of
secondary groups.
When a user is created, a group with the same name
as the username and group ID (GID) is also created.
The first user account is called root and is always
assigned a UID of 0 and a GID of 0.

3
The /etc/passwd file
Information about each user account is contained in
the /etc/passwd file also known as the "password"
file.
The passwd file has the following colon-delimited
fields:

4
LIST USER ACCOUNTS
To list user accounts, open the passwd file using
the command line: tail /etc/passwd

$ tail /etc/passwd
jammy:x:1000:1000:IT 314 LINUX:/home/jammy:/bin/bash
user1:x:1010:1010:test account:/home/user1:/bin/bash
user2:x:1011:1011:test acc:/home/user2:/bin/sh

Each time a new user is added to the system, a

record of that user will be appended to the passwd
file.

5
ADD A USER ACCOUNT
The useradd command is used to create a new user
account.

Syntax:
useradd [options] <username>

Only the root account or users that has root access

can add a new user to the system.
When running administrative tasks, such as managing
user accounts, precede the command line with sudo.

6
ADD A USER ACCOUNT
Common options to useradd command:

Option Meaning

-m Create the user's home directory if it does not exist

-s Specifies the user's login shell.

Specifies the user’s primary group. If not specified, a primary group with the same name and UID
-g
as the user is created.

-e Specifies the date on which the user account will be disabled in YYYY-MM-DD format.

User description. It is generally a short description of the login and is displayed on the login
-c
screen. It is currently used as the field for the user's full name.

7
ADD A USER ACCOUNT EXAMPLE
$ sudo useradd –m –e 2023-05-31 –c “Pablo Nase” –s /bin/bash pablo

The above command line will create a user with

username pablo, with a home directory, using bash
shell, and will expire by the end of May this year.

$ tail /etc/passwd
jammy:x:1000:1000:IT 314 LINUX:/home/jammy:/bin/bash
user1:x:1010:1010:test account:/home/user1:/bin/bash
user2:x:1011:1011:test acc:/home/user2:/bin/sh
pablo:x:1012:1012:Pablo Nase:/home/pablo:/bin/bash

8
CHECK USER ACCOUNT EXPIRY
The chage command is used to change user password
and account expiry information.
Syntax:
chage [options] <username>
To only view user password expiry information, use
chage with the –l option:
$ sudo chage -l pablo

9
ADD PASSWORD TO A USER ACCOUNT
By default a newly created user account is locked
until a password is set.
To assign a password, use the passwd command:
Syntax: passwd <username>

$ sudo passwd pablo

Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Note: The passwd command is also used to change the password of a

user account.
10
ADD A USER ACCOUNT
The adduser command is a
high level utility for
adding user accounts in
the command line
interactively.

Syntax: adduser <username>

11
SWITCH BETWEEN USER ACCOUNTS
The su (switch user) command is used to switch to
another user account.

Syntax: su [options] <username>

The optional argument "-" may be used to provide an

environment similar to what the user would expect
had the user logged in directly.

12
SWITCH BETWEEN USER ACCOUNTS
For example, to switch to pablo user account:
$ su - pablo
Password:
$ whoami
pablo
$ id
uid=1012(pablo) gid=1012(pablo) groups=1012(pablo)

13
MODIFY USER ACCOUNT
The usermod command is used to modify user account
information.

Syntax:
usermod [options] <username>

14
MODIFY USER ACCOUNT EXAMPLE
To change a user’s shell from bash to sh:
$ tail /etc/passwd
pablo:x:1012:1012:Pablo Nase:/home/pablo:/bin/bash

$ sudo usermod -s /bin/sh pablo

$ tail /etc/passwd
pablo:x:1012:1012:Pablo Nase:/home/pablo:/bin/sh

15
MODIFY USER ACCOUNT EXAMPLE
To change account expiration date:
$ sudo usermod -e 2023-12-25 pablo
$ sudo chage -l pablo
Last password change : May 03, 2023
Password expires : never
Password inactive : never
Account expires : Dec 25, 2023
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

16
MODIFY USER ACCOUNT EXAMPLE
To remove account expiration, set expiration to -1:
$ sudo usermod -e -1 pablo
$ sudo chage -l pablo
Last password change : May 03, 2023
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

17
MODIFY USER ACCOUNT EXAMPLE
To change account username or login name:
$ sudo usermod -l nase pablo
$ tail /etc/passwd
nase:x:1012:1012:Pablo Nase:/home/pablo:/bin/sh

18
DISABLE A USER ACCOUNT
There are two ways to disable a user account:
set an expiration date
lock the account
To lock an account, pass the -L argument to usermod
command:
$ sudo usermod -L pablo
$ su - pablo
Password:
su: Authentication failure

19
DISABLE A USER ACCOUNT
To unlock an account, use the -U argument to
usermod command:

$ sudo usermod -U pablo

$ su - pablo
Password:
$ whoami
pablo

20
REMOVE A USER ACCOUNT
The userdel command is used to delete a user
account and related files of a user account.

Syntax:
userdel [options] <username>

To remove the user's home directory, pass the -r

option:
userdel -r <username>

21
REMOVE USER ACCOUNT EXAMPLE
To remove user pablo from the system:
$ sudo userdel pablo
$ tail /etc/passwd
jammy:x:1000:1000:IT 314 LINUX:/home/jammy:/bin/bash
user1:x:1010:1010:test account:/home/user1:/bin/bash
user2:x:1011:1011:test acc:/home/user2:/bin/sh

To remove the user account including its home

directory:
$ sudo userdel -r pablo

22
 Listing user accounts
PART 2
Add user account
MANAGING USER
Switch user account
ACCOUNTS IN
Modify user account
WINDOWS Delete user account

23
LISTING USER ACCOUNTS
The Get-LocalUser cmdlet lists the local users accounts.

> Get-LocalUser
Name Enabled Description
---- ------- -----------
Administrator False Built-in account for administering..
DefaultAccount False A user account managed by the...
Guest False Built-in account for guest access to
Prescilla F. Catalan True
Pureza True

24
ADD A USER ACCOUNT
The New-LocalUser cmdlet creates a local user account.

Parameter Meaning

-Name Specifies the user name for the user account.

Specifies a password for the user account. You can use Read-Host -AsSecureString to
-Password
create a SecureString object for the password.

Specifies the full name for the user account. The full name differs from the user name of the
-FullName
user account.

-Description Specifies a comment for the user account. The maximum length is 48 characters.

25
ADD A USER ACCOUNT EXAMPLE
> $Password = Read-Host -AsSecureString
> New-LocalUser -Name "User01" -Password $Password
-FullName "First User" -Description "This is the first user."

Name Enabled Description

---- ------- -----------
User01 True This is the first user.
The first command prompts for a password by using the Read-Host and the password as a
secure string in the $Password variable.
The second command creates a local user account by using the password stored in
$Password. It also specifies a user name, full name, and description for the user
account.

26
ADD A USER ACCOUNT TO A GROUP
A user account has to be added to a user group.
Groups give administrators the ability to grant rights and
permissions to the users within the group at the same time,
without having to maintain each user individually.

The Add-LocalGroupMember cmdlet adds members to a local group.

> Add-LocalGroupMember "Users" -Member "User01"

To list members of a local group, user Get-LocalGroupMember.

> Get-LocalGroupMember -Group "Users"

27
SWITCH USER ACCOUNTS
To run or start the shell as another account, you can use
the "start" command.

> start PowerShell -Credential ""

The command prompts for the credentials of the user account

you want to switch to and start PowerShell in another
window.

To confirm that you are logged into the account, you can run
the command "whoami".

28
MODIFY USER ACCOUNTS
The Set-LocalUser cmdlet modifies a local user account.

Example 1. Change account password.

> Password = Read-Host -AsSecureString

> Set-LocalUser -Name "User01" -Password $Password

Example 2. Change account description.

> Set-LocalUser -Name "User01" -Description "New description"

29
MODIFY USER ACCOUNTS
Example 3. Set account expiration.

> Set-LocalUser -Name "User01" -AccountExpires 05/31/2023

To view account expiration:

> Net User User01
User name User01
Full Name First User
Comment This is the first user.
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires 5/31/2023 12:00:00 AM

30
MODIFY USER ACCOUNTS
Example 4. Remove account expiration.

> Set-LocalUser -Name "User01" -AccountNeverExpires

To view account expiration:

> Net User User01
User name User01
Full Name First User
Comment This is the first user.
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never

31
RENAME USER ACCOUNT
The Rename-LocalUser cmdlet renames a local user account.

> Rename-LocalUser -Name "User01" -NewName "Linus"

> Get-LocalUser

Name Enabled Description

---- ------- -----------
Linus True This is the first user.

32
REMOVE A USER ACCOUNT
The Remove-LocalUser cmdlet deletes local user accounts.
> Remove-LocalUser -Name "Linus"

The -Confirm option prompts for confirmation before deleting the

user account.
> Remove-LocalUser -Confirm -Name "Linus"
Confirm
Are you sure you want to perform this action?
Performing the operation "Remove local user" on target "Linus".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y"):

33