Users account management is one of the fundamental task of every Linux system administrator. In this article we will learn how to create a new user account, how to modify it and how to delete it from the command line using the useradd, usermod and userdel utilities, which are part of the base system.

In this tutorial you will learn:

  • What is the use of the /etc/login.defs file
  • How to create a user account with various options using the useradd command
  • How to modify a user account using the usermod command
  • How to delete a user account using the userdel command
How to create modify and delete users account on Linux
How to create modify and delete users account on Linux

Software requirements and conventions used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Distribution independent
Software Useradd, usermod and userdel utilities (installed by default)
Other Root permissions to perform administrative tasks
Conventions # - requires given linux-commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux-commands to be executed as a regular non-privileged user

Default settings

The default settings applied when a user is created are defined in the /etc/login.defs file. If we take a look at the file on a Fedora system, for example, we can see the options defined in it, which can be overridden at runtime by the dedicated command line options. Let’s see some of those definitions:

OPTION MEANING DEFAULT VALUE
CREATE_HOME Defines if an home directory should be created for new users yes
ENCRYPT_METHOD The encrypt method used for encrypting passwords SHA512
UID_MIN Minimum uid value automatically assigned to standard users 1000
UID_MAX Maximum uid value automatically assigned to standard users 60000
SYS_UID_MIN Minimum uid value automatically assigned to “system” users 201
SYS_UID_MAX Maximum uid value automatically assigned to “system” users 999
PASS_MAX_DAYS Maximum number of days a password may be used 99999
PASS_MIN_DAYS Minimum number of days allowed between password changes 0
PASS_WARN_AGE Number of days warning is given before a password expires 7

The ones above are only a small subset of the options defined in the /etc/login.defs file, but enough to give a general idea.


SUBSCRIBE TO NEWSLETTER
Subscribe to our NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


Creating a new user

To create a new user account on our Linux system we can use the useradd utility; its syntax is the following:

useradd [options] LOGIN

Where LOGIN is the login name to be created. Suppose we want to create a new account for the “newuser” user; we would run:

$ sudo useradd newuser

The command above will create the “newuser” account on the system; additionally an home directory will be created for the user, since, as we can see in the table above, the CREATE_HOME option is set to yes by default. It is possible to to request the creation of a home directory for the new user explicitly by using the -m (short for --create-home) option of the useradd command. If we instead we want to avoid the creation of said directory we should use the -M option, which is the short for --no-create-home.

After the creation of a user, the recommended way to set its password is to use the passwd utility, remember this, is an important step!

Specifying a login shell

Another common thing we may want to specify when creating a new user, is its login shell: we can do it by using the -s option (--shell) and passing the path of the shell binary as argument. If this option is not provided explicitly, the shell specified by the $SHELL variable will be used (on Fedora it is /bin/bash). For instance, to explicitly declare the login shell of a new user, we would run:

$ sudo useradd -s /bin/bash newuser

Manually specify the user UID

When a new user is created, by default, the first available uid greater or equal to that specified by the UID_MIN option in the /etc/login.defs file, greater than the one of any other user and smaller or equal to the one specified with the UID_MAX option, is assigned to him. If we want to manually specify an uid, we should use the -u (--uid) option and provide the uid value we want to use as its argument (it must be a non-negative value). To create a user with an uid of 1005 assigned manually, we would run:

$ sudo useradd -u 1005 newuser


Creating a “system” user

If not explicitly declared, the useradd command will create “standard” users, so users with an uid >= 1000. If we want to create a “system” user, instead, so a user with no aging information declared in the /etc/shadow file, we must use the -r (--system) option. System users are normally used by daemons or other applications, therefore home directories are not created for them. Their uid is chosen in the range defined by the SYS_UID_MIN and SYS_UID_MAX options in the /etc/login.defs file. To create a “system” user we would run:

$ sudo useradd -r newuser

Specify additional groups for a new user

When a standard user is created, by default, a group named after it, will be created and it will be automatically included in it: this is its primary group. If we want to specify a series of additional groups the user should be part of, we must use the -G option, which is the short for --groups, and provide a comma-separated list of groups as its argument. For example, to include a user in the wheel group, which is necessary to let it use the sudo command, we would run

$ sudo useradd -G wheel newuser

Modifying user account with the usermod utility

If the useradd utility is used to create a new user account, the usermod one, as its name suggests, is used to modify an existing one. The syntax to use with the command is the same used by useradd:

usermod [options] LOGIN

Let’s see some examples of the utility usage.

Add an existing user to additional groups

We saw how to add the user to some additional groups at creation time, using the -G option of the useradd command. If a user account already exists, however, and we want to make it member of supplementary groups, we should use the same option together with the -a (--append) one when running the usermod utility and provide the list of groups as its argument:

$ sudo usermod -G -a newgroup user

The -a option must be used exclusively together with -G. Be careful, however, that if the latter is used by itself, the specified groups will not be added to the list of the supplementary ones the user is already part of, but said list will be completely redefined.



Locking and unlocking a user password

Sometimes we may want to lock a user password, so to make impossible for it to login by using it. In such cases we can use the -L option (short for --lock):

$ sudo usermod -L newuser

The ! symbol will be put in front of the encrypted password, disabling it:

newuser:!$ISaqNDTydf51adbjciHWBByfhe9k0sfg8Cky2F3HhgxdfMtmrWyq0323rvuCUu/un0d4rldwI0ELj4aSyFv0.cki3c/oLJFFNGyt/:18602:0:99999:7:::

To perform the opposite operation, and unlock the user password, we should use the -U (--unlock) option:

$ sudo usermod -U newuser

Changing the user uid and the gid of its initial group

To change an existing user uid we should use the -u option of usermod and provide the new value to be used. The specified uid, of course, must not already be in use, otherwise we will receive an error:

$ sudo usermod -u 1000 newuser
usermod: UID '1000' already exists

When the uid of an existing user is changed all the files contained in that user’s home directory, will have their user ID changed accordingly, except if the uid of the home directory is different from the uid currently assigned to the user.

We may also want to change the gid (group id) of the user initial group (the one that is created together with the user: its gid is the same as the user uid). To perform such operation we must run usermod with the -g or --gid option; the new group must already exist:

$ sudo usermod -g 1006 newuser

Once we change a user primary group, the files in its home directory, owned by its previous group, will be automatically set to be owned by the new one.

Changing a user login name

To change a user login name, we must use the -l (--login) option of the usermod utility, provide the new login name as first argument, and the current login name as the second one. Supposing we want to change the login name from “newuser” to “linuxconfig”, we would run:

$ sudo usermod -l linuxconfig newuser

Beware that by running the above command, only the user login name will be changed and nothing else. The user’s home directory will not be renamed. Check the next section if you also want to make those additional changes.

Change a user home directory and move all the user files

Sometimes we may need to change a user’s home directory. To accomplish the task we must run the usermod utility with the -d option, short for --home and specify the path of the new directory. If we also want to move all the files existing in the current home directory we should also provide the -m option, which is the short for --move-home. The new home directory is created only if the current one actually exists; the files ownership, modes, ACL and extended attributes will be adapted to the new setup, but additional manual changes could be necessary. To change the directory of the newuser user, which actually is /home/newuser, to /home/newuser_new, and move all the files, we would therefore run:

$ sudo usermod -d /home/newuser_new -m newuser

Removing a user with the userdel utility

We saw some example of how to create and modify a user account, now let’s see how can we use the userdel utility to delete one and all the related files. The syntax of the userdel utility is the same we saw before for useradd and usermod:

userdel [options] LOGIN

The utility has fewer options than useradd and usermod, for obvious reasons. The most common usage case is the removal of a user account together with all of the files contained in its home and spool directories, and those directories themselves. To accomplish such a task we would run userdel with the -r (--remove) option. Supposing we want to remove the “newuser” account, its home and spool directory, we would run:

$ sudo userdel -r newuser

If the user is currently logged in, we would receive an error, and the system will refuse to remove it. If we want to force the operation we must use also the -f (--force) option. Be warned! The use of this option is dangerous, since it could leave the system in an inconsistent state.

Conclusions

In this tutorial we saw how we can use the useradd, usermod and userdel system utilities to respectively create, modify and delete a user account. We saw some examples and use-cases. For a complete overview of all the options which can be used with these utilities, please consult their manuals.

FIND LATEST LINUX JOBS on LinuxCareers.com
Submit your RESUME, create a JOB ALERT.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.