In Linux server administration, one of the fundamental tasks that you will need to perform is the management of users and groups. It’s crucial to know how to add and remove users, set user permissions, and configure user settings.
This tutorial will guide you through the process of adding and removing user accounts on RHEL, CentOS, and Oracle Linux servers.
We will be using the useradd and userdel commands, which are essential tools in the arsenal of every server administrator. These commands allow you to create and delete user accounts from the command line, providing you with a quick and efficient way to manage users on your server.
Adding a New User to a Linux System
To understand the useradd command better, you can access its manual by typing the following command in the terminal:
man useradd
To create a new account and a home directory for the user, use the following command:
useradd --home /home/username username
Replace “username” with the username of the new account you want to create.
For example:
# useradd --home /home/geeks geeks
By default, the useradd command does not set any valid password, and the user cannot log in until a password is set. To set the password, use the following command:
passwd username
You will be prompted to enter and retype the new password.
# passwd geeks Changing password for user geeks. New password: Retype new password: passwd: all authentication tokens updated successfully.
To verify the values in /etc/passwd, use the following command:
cat /etc/passwd | grep username
For example:
# cat /etc/passwd | grep geeks geeks:x:501:501::/home/geeks:/bin/bash
To verify the values in /etc/group, use the following command:
cat /etc/group | grep username
# cat /etc/group | grep geeks geeks:x:501:
To verify if an email user has been created for the new user, use the following command:
ls /var/spool/mail | grep username
For example:
# ls /var/spool/mail | grep ehowstuff ehowstuff
The useradd command has several options that you can use to customize the new user account. Here are some of them:
NAME userdel - delete a user account and related files SYNOPSIS userdel [options] LOGIN DESCRIPTION userdel is a low level utility for removing users. On Debian, administrators should usually use deluser(8) instead. The userdel command modifies the system account files, deleting all entries that refer to the user name LOGIN. The named user must exist. OPTIONS The options which apply to the userdel command are: -f, --force This option forces the removal of the user account, even if the user is still logged in. It also forces userdel to remove the user's home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user. If USERGROUPS_ENAB is defined to yes in /etc/login.defs and if a group exists with the same name as the deleted user, then this group will be removed, even if it is still the primary group of another user. Note: This option is dangerous and may leave your system in an inconsistent state. -h, --help Display help message and exit. -r, --remove Files in the user's home directory will be removed along with the home directory itself and the user's mail spool. Files located in other file systems will have to be searched for and deleted manually. The mail spool is defined by the MAIL_DIR variable in the login.defs file. -R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. -Z, --selinux-user Remove any SELinux user mapping for the user's login.
Each of these options has a specific function, which you can learn more about by referring to the useradd manual.
Deleting a User from a Linux System
To understand the userdel command better, you can access its manual by typing the following command in the terminal:
man userdel
The userdel command removes the user from /etc/passwd, but leaves the home directory intact by default. To remove the user’s account, user’s home directory, and mail spool as part of the deletion process, use the following command:
userdel --remove username
or
userdel -r username
Please be aware that when a user is removed with userdel without the -r option specified, the system will have files that are owned by an unassigned user ID number. This can also happen when files created by a deleted user exist outside their home directory. This situation can lead to information leakage and other security issues.
Few Real-Life Examples
Example 1: Creating a New User Account
Let’s say you want to create a new user account for a new employee named John. You can use the useradd command to create the account and the passwd command to set a password:
useradd --home /home/john john passwd john
Example 2: Adding a User to a Group
Suppose you have a group named “developers” and you want to add John to this group. You can use the usermod command to add John to the group:
usermod -aG developers john
Example 3: Changing a User’s Login Shell
If John prefers to use the Zsh shell instead of the default Bash shell, you can change his login shell using the usermod command:
usermod -s /bin/zsh john
Example 4: Locking a User Account
If John is going on vacation and you want to temporarily disable his account, you can lock it using the usermod command:
usermod -L john
Example 5: Unlocking a User Account
When John returns from vacation, you can unlock his account using the usermod command:
usermod -U john
Example 6: Changing a User’s Home Directory
If you want to move John’s home directory to a different location, you can use the usermod command:
usermod -d /new/path/to/home john
Example 7: Deleting a User Account
If John leaves the company and you want to remove his account, you can use the userdel command:
userdel --remove john
Example 8: Checking a User’s Mail Spool
If you want to check if there are any mails for John, you can use the ls command:
ls /var/spool/mail | grep john
Commands Mentioned
- man useradd – Displays the manual for the `useradd` command
- useradd –home /home/username username – Creates a new user account and a home directory
- passwd username – Sets a password for the user
- cat /etc/passwd | grep username – Verifies the values in `/etc/passwd`
- cat /etc/group | grep username – Verifies the values in `/etc/group`
- ls /var/spool/mail | grep username – Verifies if an email user has been created
- man userdel – Displays the manual for the `userdel` command
- userdel –remove username – Removes the user’s account, user’s home directory, and mail spool
Conclusion
The useradd and userdel commands are powerful tools that allow administrators to manage user accounts efficiently.
With useradd, you can create a new user account, specify its home directory, set its login shell, and assign it to a user group. For instance, if you’re setting up a new Apache web server on a dedicated server account, you might create a new user account for each member of your web development team, giving them the access they need to contribute to the project.
On the other hand, userdel allows you to remove a user account from the system. This is particularly useful when a team member leaves the project or when an account is no longer needed. For example, if you’re migrating from a VPS to a cloud hosting environment, you might need to remove user accounts associated with the old server.
However, it’s important to use userdel responsibly. If you remove a user without the -r option, the user’s home directory and mail spool are left intact. This can lead to files being owned by an unassigned user ID number, potentially causing information leakage and other security issues. Therefore, it’s recommended to always use the -r option when removing a user account to ensure that all associated files are also deleted.
In conclusion, managing user accounts is a crucial aspect of maintaining a secure and efficient server environment. Whether you’re a seasoned administrator or a beginner, understanding how to add and remove users in Linux is a skill that will undoubtedly prove valuable in your work.
Always remember to manage user accounts responsibly, remove accounts that are no longer needed, and regularly update passwords to maintain a secure environment.
FAQ
-
What is the purpose of the `useradd` command in Linux?
The `useradd` command in Linux is used to create a new user account on the system. It allows administrators to specify various settings for the new user, such as the home directory, login shell, and user group.
-
How can I set a password for a new user in Linux?
You can set a password for a new user in Linux using the `passwd` command followed by the username. You will be prompted to enter and retype the new password.
-
What does the `userdel` command do in Linux?
The `userdel` command in Linux is used to delete a user account from the system. It removes the user from the `/etc/passwd` file. If used with the `–remove` or `-r` option, it also removes the user’s home directory and mail spool.
-
What happens if a user is removed without the `-r` option?
If a user is removed with the `userdel` command without the `-r` option, the user’s home directory and mail spool are left intact. The system will have files that are owned by an unassigned user ID number, which can lead to information leakage and other security issues.
-
How can I verify if a new user has been created in Linux?
You can verify if a new user has been created in Linux by checking the `/etc/passwd` and `/etc/group` files. You can use the `grep` command with the username to search for the user in these files. Additionally, you can check if an email user has been created for the new user by using the `ls /var/spool/mail | grep username` command.