Manage Linux Users & Linux Groups
Linux, as we all know, is a multi-user operating system. If you have multiple users on a desktop or a server, you can easily manage multiple Linux user accounts and provide permissions to each account.
In this article, you will learn –
- How to manage users and groups on a Linux system
- Create a new user account in Linux
- Add user to a group in Linux
- Create user group in Linux
- Remove user group in Linux
Manage Linux Users
But, before we discuss how to manage Linux users and Linux groups, let me explain why having a distinct user account is vital from a security standpoint. Many users begin using the root account on the first boot of a Linux server, which is not recommended.
It is not a good idea to execute day-to-day server operations using a root account. The root user is a superuser account. Having it logged in guarantees that at least once the user will run an incorrect command, and the root user will do it, most of the time without even asking for confirmation. When you log in as a non-root user, the user has fewer access on the system and is less likely to do something bad.
Second, adding users to a group or groups rather than managing individual users makes it easier to manage multiple users in Linux. This takes us to the topic of Linux user groups. It may be tedious for some desktop users, but it is a useful function for system administrators.
Linux User Groups
Managing multiple users is a difficult chore for a system administrator, especially when the users come from various domains. An administrator may want to grant one type of user access to a directory while denying other types of users access to other directories on the system. Alternatively, an administrator may want to have multiple sorts of users with varied permissions in the same directory. It is possible to accomplish this on Linux by creating Linux user groups.
Assume we own a software development firm. All project directories are stored on a central server. We only want to provide Python programmers access to the Python directory, which contains all of the Python code.
To demonstrate, we will create a new user named sandy. Sandy is a Python developer who requires access to our server’s Python code directory. So let’s start by making his account.
Create a new user in Linux
Creating a new user in Linux is extremely easy from GUI.
For example, I am using Manjaro Linux (Deepin), and creating a new user is like creating a new note in any note-taking application. Just type the username & password, and that’s it.
But if you need to create a new user on a Linux server, the following two commands can do the job –
- useradd
- adduser
useradd – This command is available in all Linux distros. It accepts different arguments to create a new user in Linux. If run without arguments, the command will create a user account without a home directory, shell extension, etc.
Though, you can set the default options in /etc/default/useradd
so that each time a user is created, the command takes the default values from /etc/default/useradd
automatically.
adduser – A command written in perl that uses useradd
in the backend. Unlike useradd
, it only requires the username and runs a setup in the terminal to create a user. It is easier than useradd.
adduser
is only available in Ubuntu and other Debian-based Linux distributions.
How to use useradd?
useradd -m sandy
The above command will create a user account with a home directory at /home/sandy
. Now set the password for the user.
sudo passwd sandy
And that’s it. A user has been created. If you want to create a different home directory for the user, the -d
parameter is for that.
sudo useradd -d /home/james sandy
You can also set the shell in the useradd command. Just use the -s
parameter.
sudo useradd -d /home/james -s /bin/bash sandy
How to use adduser?
As I mentioned above, adduser
is way easier than useradd
. It only requires the username. adduser
asks questions and sets the input values as the parameter values in useradd command.
sudo adduser sandy
If you are using Ubuntu or other Debian-based distros, go ahead with adduser
command. This command was created to simplify the user creation process on Linux systems.
Add User group in Linux
As mentioned above, managing Linux users is easier by adding them to one or Linux groups.
We can create a group called ‘python-programmers’, add sandy, our python developer, to this group, and then grant him access to the Python directory.
groupadd python-programmer
Add user to a group in Linux
Now add sandy to the python-programmer group.
sudo usermod -aG python-programmer sandy
Add group to a directory in Linux
Change the group of the Python directory that exists under $HOME/Projects/Python
.
sudo chown -R :python-programmer $HOME/Projects/Python
Add Permissions To Directory
Now add read & write permission to the directory for the group users.
sudo chmod -R g+w $HOME/Projects/Python
Remove Permissions From Directory
And finally, disallow other users to access the Python directory.
sudo chmod -R o-x Python
And the job is done! Now the Python directory can either be accessed by the root user or any user under the ‘python-programmers’ group.
But there is a problem!
The above procedure will do the job. It will grant access to users of python-programmers to the Python directory, but there is a problem. The above approach will only allow one group of users to access the Python directory at a time. If you want to allow some other developers access to the Python directory, you will have to remove access from the previous group and set the new group as the directory owner.
To resolve this problem and allow access to multiple types of users at a time, we can use access control lists.
Access control lists
Let’s say we have a group of auditors in our company. We want to allow the group auditors to have ‘read’ access to the Python directory without removing any other group from it.
setfacl -m g:auditors:rx -R $HOME/Projects/Python
And that is it. Now the users of the python-programmers group have read & write access, and users of the auditors’ group have read access on the Python directory. If you want to allow auditors also to have write access, add the w in the above command.
setfacl -m g:auditors:rwx -R $HOME/Projects/Python
Remove user in Linux
You may also need to remove a user in Linux. It can be done using userdel
command.
userdel sandy
Deleting a user is a non-recoverable action. So make sure to backup important files and settings before removing any user. By default, the command will not remove the user’s home directory.
Before you remove any user in Linux, make sure the user is using no other process. Otherwise, you’ll get the following error –
userdel: The user sandy is being used by process 3861
List all processes of a user in Linux
ps -u sandy
Output -
PID TTY TIME CMD
4831 ? 00:00:00 systemd
4832 ? 00:00:00 (sd-pam)
4845 ? 00:00:00 gnome-keyring-d
4849 tty5 00:00:00 gdm-x-session
4851 tty5 00:00:10 Xorg
4856 ? 00:00:00 dbus-daemon
4860 tty5 00:00:00 gnome-session-b
4958 ? 00:00:00 ssh-agent
4961 ? 00:00:00 gvfsd
4966 ? 00:00:00 gvfsd-fuse
4975 ? 00:00:00 at-spi-bus-laun
4980 ? 00:00:00 dbus-daemon
4983 ? 00:00:00 at-spi2-registr
4997 ? 00:00:00 gnome-keyring-d
5012 tty5 00:00:21 gnome-shell
5023 ? 00:00:00 pulseaudio
5032 tty5 00:00:00 ibus-daemon
5034 ? 00:00:00 xdg-permission-
5042 tty5 00:00:00 ibus-dconf
5044 ? 00:00:00 gnome-shell-cal
5046 tty5 00:00:00 ibus-x11
5050 ? 00:00:00 ibus-portal
5057 ? 00:00:00 evolution-sourc
5066 ? 00:00:00 dconf-service
5073 ? 00:00:00 goa-daemon
5084 ? 00:00:00 goa-identity-se
5094 ? 00:00:00 gvfs-udisks2-vo
5099 ? 00:00:00 gvfs-gphoto2-vo
5103 ? 00:00:00 gvfs-goa-volume
5107 ? 00:00:00 gvfs-afc-volume
5112 ? 00:00:00 gvfs-mtp-volume
5116 tty5 00:00:00 gsd-power
5117 tty5 00:00:00 gsd-print-notif
5119 tty5 00:00:00 gsd-rfkill
5121 tty5 00:00:00 gsd-screensaver
5125 tty5 00:00:00 gsd-sharing
5128 tty5 00:00:00 gsd-smartcard
5130 tty5 00:00:00 gsd-xsettings
5131 tty5 00:00:00 gsd-wacom
5139 tty5 00:00:00 gsd-sound
5144 tty5 00:00:00 gsd-a11y-settin
5147 tty5 00:00:00 gsd-color
5150 tty5 00:00:00 gsd-clipboard
5154 tty5 00:00:00 gsd-housekeepin
5155 tty5 00:00:00 gsd-datetime
5160 tty5 00:00:00 gsd-media-keys
5162 tty5 00:00:00 gsd-keyboard
5164 tty5 00:00:00 gsd-mouse
5186 tty5 00:00:00 gsd-printer
5217 tty5 00:00:00 gsd-disk-utilit
5219 tty5 00:00:01 nautilus-deskto
5232 ? 00:00:00 gvfsd-trash
5254 ? 00:00:00 evolution-calen
5267 ? 00:00:00 evolution-calen
5282 ? 00:00:00 evolution-addre
5289 ? 00:00:00 evolution-addre
5310 tty5 00:00:00 ibus-engine-sim
5311 ? 00:00:00 gvfsd-metadata
5364 ? 00:00:00 gvfsd-network
5375 ? 00:00:00 gvfsd-dnssd
5443 tty5 00:00:00 update-notifier
5461 tty5 00:00:02 gnome-software
5563 ? 00:00:03 nautilus
5951 tty5 00:00:00 deja-dup-monito
Or there is another command to list users’ processes in Linux, pgrep
.
pgrep -u sandy
Output -
4831
4832
4845
4849
4851
4856
4860
4958
4961
4966
4975
4980
4983
4997
5012
5023
5032
5034
5042
Kill all process used by the user
killall
command will kill all the users’ processes.
killall -u sandy
Remove a Linux user
After all the users’ processes are killed, we can delete the user.
userdel sandy
As I mentioned above, by default, the command will not remove the user’s home directory. To also remove the user’s home directory, add –-r
argument to the command.
userdel -r sandy
Remove user from a group in Linux
If you decide to snatch away rights from a user, remove the user from the group.
sudo gpasswd -d sandy python-programmers
If the user is a member of the group, it will output the following –
Removing user sandy from group python-programmers
Remove a group in Linux
If you want to remove a group in Linux, use groupdel
command.
groupdel username
If the deleting group is the primary group for any of the users on the system, the group can not be deleted. In that case, change the primary group of that user.
Delete auditors group from the system.
groupdel auditors
Conclusion
That’s all there is to it. Managing Linux users and Linux groups is simple. Once you’ve learned how to manage users, you’ll be able to keep your files safe and private without relying on a third-party library or service.
If you believe I have overlooked something in the article, please let me know in the comments section below. I will update this article every three months with your suggestions (with your name).
Please let me know if you don’t understand any of the instructions in the comments area below. If you are a nerd and discovered an error in the article, please let me know using the Contact us page or by joining our Discord server.
Frequently Asked Questions
How can I list users in Linux?
cat
command on the /etc/passwd
file, which contains the system’s user account information.How do I open user manager in Linux?
How to check all user logins in Linux?
Open a terminal window.
Type
sudo cat /var/log/auth.log | grep "session opened"
and press Enter. This command will display a list of all user logins on your system.You can refine the output by specifying a date range. For example, if you want to see all user logins from the last 24 hours, type
sudo cat /var/log/auth.log | grep "session opened" | grep "$(date +"%b %d")"
and press Enter.If you want to see logins for a specific user, you can use the
grep
command to filter the output. For example, to see all logins for the user “john”, type sudo cat /var/log/auth.log | grep "session opened" | grep "john"
and press Enter.Note that the location and format of the system logs may vary depending on your Linux distribution and version.