Linux Useradd Command
Linux Useradd Command
In a different type of Linux distribution, the useradd command may be slightly different.
Syntax:
In order to use the useradd command, we have to log-in with root or sudo access.
Before using Linux useradd command, let's understand some common terms that are
used in the Linux command line.
Password: A password is a secret code that is used to protect your system from
unauthorized access. It is stored in etc/shadow file in an encrypted format.
User ID (UID): Linux provide a unique Id to every user; it is called user identification
number or User ID or UID. By default, the UID for the root user is reserved as zero, and
the remaining UID from 1 to 99 is reserved for other predefined accounts. Further, UID's
from 100-999 are reserved for groups and system accounts.
Group ID (GID): The GID or Group ID is a group identification number provided by the
Linux system. It is stored in /etc/group file.
User Info: It allows us to define some additional information about the user, such as user
full name. It is optional.
Home Directory: It is an absolute location for a user.
To create a new user by useradd command, execute the useradd command followed by
username as follows:
The above command will ask for the system administration password, enter the password.
It will create a user named as JTP3. This username is used by the user to login the system.
The username must be unique. Consider the below output:
To set the password for the newly created user, execute the below command:
The above command will ask for the new password, enter the password and retype the
new password. It will update the password for the specified user. Consider the below
output:
The above command will create a Demo1 folder under the root directory for the user
Demo1. Consider the below snap of the terminal:
The above command will create a user with a specified expiry date. It will create a user
named Demo2, which will be auto-deleted after 16 March 2020. Consider the below snap
of the terminal:
It will be useful when you want to create an account for any user who is going to depart
after a short period.
Linux su Commands
The su command allows you to run a shell as another user.
Syntax:
1. su <username>
Example:
1. su jtp
Look at the above snapshot, user account is changed from sssit to jtp.
su to root
You can change the user to root when you know the root password.
Syntax:
1. su root
su as root
The root user can become any existing user without knowing that user's password.
Otherwise, password is needed.
Example:
1. su - sssit
Look at the above snapshot, it is asking for password while switching from user jtp to sssit.
Example:
1. su - jtp
Look at the above snapshot, we are at user root. While switching from root to jtp it didn't
ask for password and we're successfully arrived at user jtp.
su - $username
By default, the su command maintains the same shell environment. To access the target
user's shell environment use the su command with (-) followed by the target user name.
Example:
1. su - jtp
2. su jtp
Look at the above snapshot, with the command "su - jtp" current shell environment
is /home/jtp and user is also jtp. With the command "su jtp" current shell environment
is /home/sssit and user is sssit.
su -
If any user name is not mentioned then by default, it will assume root as the target user.
Example:
1. su -
Look at the above snapshot, command "su -" has assumed root as the target.
Example:
1. /usr/sbin/useradd -m akki
Look at the above snapshot, shell gives the above message while creating usr 'akki'.
Example:
Look at the above snapshot, user 'akki' is created with sudo command.
sudo su -
By default, some Linux systems like Ubuntu, don't have a password set for root user. It
means you can't login as root user.
To perform root like task, a user is given all sudo rights via etc/sudoers. All the users that
are members of the admin group can use sudo command for performing root tasks.
Syntax:
By typing sudo su - a user can become root user without typing password for root. The
sudo command will ask for the user's own password.
Syntax:
1. sudo su -
Look at the above snapshot, bash is asking for sssit password not for root password, after
that we are logged in as root user.
Graphical tools are easy and suitable for new users, as it makes sure you'll not run into any
trouble.
Command line tools includes commands like useradd, userdel, passwd, etc. These are mostly
used by the server administrators.
Third and very rare tool is to edit the local configuration files directly using vi.
1. /etc/passwd
root
The root user is the superuser and have all the powers for creating a user, deleting a user and can
even login with the other user's account. The root user always has userid 0.
useradd
With useradd commands you can add a user.
Syntax:
Example:
/etc/default/useradd
File /etc/default/useradd contains some user default options. The command useradd -D can be
used to display this file.
Syntax:
1. useradd -D
userdel
To delete a user account userdel command is used.
Syntax:
1. userdel -r <userName>
Example:
1. userdel -r xyz
Look at the above snapshot, first we have shown the xyz user account with 'tail' command. To
delete it, command "userdel -r xyz" is passed.
To recheck, again 'tail' command is passed and as you can see no xyz user account is displayed.
Hence, it is deleted.
A user can set the password with the command passwd. Old password has to be typed
twice before entering the new one.
Syntax:
1. passwd
Look at the above snapshot, shell warns the user from creating a simple password.
Ultimately, after two or three attempts if password is not changed then the
command passwd fails and you have to pass the command again.
Although, these rules are not applied on the root user neither they need to type the old
password. They can change the password directly.
Syntax:
1. passwd <userName>
Example:
1. passwd jtp
Look at the above snapshot, password is changed successfully without any warning.
Shadow File
Shadow files are the encrypted user passwords which are kept in /etc/shadow. This file
is read-only directory and can be read only by root.
Syntax:
1. /etc/shadow
Look at the above snapshot, the /etc/shadow file contains nine columns separeted by
colons.
Starting from left to right, these nine columns contain username, encrypted password, last
changed password day, number of days password must be left unchanged, password
expiry day, warning number of days before password expiry, number of days after expiry
before disabling the account, and the day account was disabled. Last column has no
meaning yet.
1. useradd -m <userName>
Example:
1. useradd -m akki
Syntax:
1. passwd <typePassword>
Example:
1. passwd ****
Look at the above snapshot, user name akki is created with a password successfully.
To create a user with a password -p option is also used, but that requires an encrypted
password.
openssl passwd command can genereate several distinct hashes for the same pssword.
To do this, it uses salt.
This salt can be chosen and is visible as the first two characters of the hash as shown
below.
Look at the above snapshot, the first two characters start from the defined sale '32'.
To create a user with password using openssl command, following syntax is used.
Syntax:
Example:
Look at the above snapshot, user aaa is created and its password is kept into command
history.
/etc/login.defs
The /etc/login.defs file contains some default settings like password aging and length
settings.,
Syntax:
chage
The chage command can be used by a user to know the information about their password.
The -l option is used to list the information.
Syntax:
1. chage -l <userName>
Example:
1. chage -l abc
Disabling A Password
Passwords in /etc/shadow are not saved starting with exclamation mark (!). If exclamation
mark is present in starting then password can not be used.
This feature can be used to disable a password and the process is called locking,
disabling and suspending a user account. It can be done in vi or
with usermod command.
Syntax:
1. usermod -L <userName>
Example:
1. usermod -L akki
Look at the above snapshot, first command shows hashed password of akki, and
command "usermod -L akki" disables the password of akki. Now user akki can't
authenticate using this password.
Look at the above snapshot, hashed password is preceded with !, which means it is
disabled.
Please note that root user will be able to open the akki account as password is not needed
here. And if user akki wouldn't have set password, then akki can also login.
Syntax:
1. usermod -U <userName>
Example:
1. usermod -U akki
Look at the above snapshot, hashed password of akki is unlocked now as there is
no (!) mark in starting.
Linux Groups
Users can be listed in different groups. Group allow us to set permission on the group
level instead of setting the permission on individual level.
Every Linux distribution have a graphical tool to manage groups. Groups can be managed
by graphical tools, command line tools and by vi or vigr depending upon the user's
experience. Only experienced users should use vi or vigr to manage groups, since it will
do proper locking or changes in the file.
groupadd
Syntax:
1. groupadd <groupName>
Example:
1. groupadd php
2. groupadd java
3. groupadd android
4. groupadd spring
Look at the above snapshot, groups php, java, android and spring are created with
groupadd command.
Group File
The /etc/group file defines the group membership. A user can be a member of more than
one group.
Syntax:
1. /etc/group
Look at the above snapshot, first column indicates group name, second is the group's
encrypted password which may remain empty also, third is group identification (GID) and
fourth is the list of members. Fourth list is empty as these groups do not have members.
Groups
The group command tells about the group where current user belongs to.
Syntax:
1. groups
Look at the above snapshot, user jtp and sssit belongs to the different groups.
usermod
The group members can be edited with usermod or useradd command. If a group is not
listed then by default, usermod command will remove the user from every group of which
he is a member. Here, -a (append) option is used to prevent this from happening.
Syntax:
Example:
groupmod
With the help of groupmod command you can change the name of an already existing
group.
Syntax:
Example:
gruopdel
The command groupdel will delete a group permanently from the system.
Syntax:
1. groupdel <group>
Example:
1. groupdel sql
Look at the above snapshot, group sql is deleted from the system.
gpasswd
Control of group membership can be passed on to another user with gpasswd command.
Syntax:
Example:
Look at the above snapshot, we have passed the membership of java to the user with
command "gpasswd -A jtp java". Then we su to jtp and add aaa to java.
Group administrators need not to be a member of the group. They can add or remove a
member without being a member of that group.
File /etc/gshadow keeps the information about the group administrators as shown in
below snapshot.
To remove all the administrators from a group, set an empty administrator list.
Syntax:
Example:
Look at the above snapshot, administrator jtp is removed from the group java.
Adding a user to a group is a straight forward process, all we need to execute the
appropriate command. We will walk through all the scenarios related to user and group,
such as how to add, delete, remove users to a group. Moreover, we will also learn how to
list groups. First, understand the Linux groups:
Linux Groups
Linux groups are the community of the users that have the right to administrate and
organize the users and file permission in a Linux system. The main motive of creating a
group is to define the set of permissions such as read and write permission or allowing
the shared resources of groups.
o Primary group
o Secondary or supplementary group
Primary group: When we create a file through a specific user account, by default, the
filegroup is set to the user's primary group. It will provide the same name as the file user
group as the user account name. The primary group stores the user information in
/etc/passwd file.
is to allow the specific permission to limited users. For example, if we want to add any
user to the sudo group, the added user will inherit the sudo rights, and be able to run the
sudo commands. If we add a user to the docker group, then it will inherit the properties
of the docker group and be able to run the docker commands.
A user can be added to precisely one primary group. It is not necessary to add a user to
a secondary group, so a user can be added to zero or more secondary groups.
Note: Only the root user has the right to add a user to a group.
Add a Group
To create a new user group on a Linux system, execute the groupadd
command, followed by the group name. You will need the sudo access to gain the
elevated permissions. Execute the command as follows:
The above command will ask for the system administrative password, type the password.
Consider the below output:
let's create two users, user1 and user2, execute the command as follows:
The above command will add the two users called user1 and user2. Consider the below
output:
The above command will add the user1 to jtpGroup. Consider the below output:
The -a option used to append the group; it is recommended to use this option when
adding a new user to a group. If you do not use the -a option, the user will be removed
from any group not specified after -G option.
If the usermod command executes successfully, it will not display any output, but in case
of failure, it will post warning messages such as user or group does not exist.
Now, add the user1 ( which is already added to JtpGroup, so its primary group is JtpGroup)
to the secondary group jtpGroup2, JtpGroup3. Execute the below command.
The above command will add the user1 to JtpGroup2 and JtpGroup3 without removing it
from JtpGroup. Consider the below output:
we can specify any numbers of groups, specify them by a comma after the primary group.
To list all the available groups in the Linux system, execute the command as follows:
1. getent group
The above command will display a large list of pre-defined and user-defined groups.
Consider the below snap of the output:
The above snap of the output is taken from the last. At the starting of the output, there is
an extensive list of pre-defined groups.
The above command will remove the user from the JtpGroup. Consider the below output:
This group will be assigned a new group configuration at the next login. If the user is
logged in, the changes cannot be seen immediately.
To change the user's primary group, execute the usermod command as follows:
Linux id Command
Linux id command is used to print the genuine and effective user ID and group ID. A user
ID (UID) is a particular user identity, whereas group IDs (GIDs) can contain more than one
user's identity. This command is a useful tool for user management.
Tracing the names of users and groups, and their corresponding UIDs and GIDs is a
complex task for the new user. This is important for user management. In such cases, the
id command will help us.
Syntax:
Options:
1. id
From the above command, the output will use the active user. Its default behavior is as
follows:
From the above output, we can see there are several fields. The first two fields are the UID
and GID for the user 'javatpoint'. Whereas, rest are the groups with their respective GID
that the 'javatpoint' is a part of.
1. id -u javatpoint
1. id -g javatpoint
To display the real UID and GID for the user 'javatpoint', execute the following commands:
1. id -r -u javatpoint
2. id -r -g javatpoint
1. id -G
1. id -g
1. id --help
1. man id