How to a Add and Remove User Account on RHEL, CentOS, Oracle Linux

In Linux server administration, one of the fundamental tasks that you will need to perform is the management of users and groups. It’s crucial to know how to add and remove users, set user permissions, and configure user settings.

This tutorial will guide you through the process of adding and removing user accounts on RHEL, CentOS, and Oracle Linux servers.

We will be using the useradd and userdel commands, which are essential tools in the arsenal of every server administrator. These commands allow you to create and delete user accounts from the command line, providing you with a quick and efficient way to manage users on your server.

Adding a New User to a Linux System

To understand the useradd command better, you can access its manual by typing the following command in the terminal:

man useradd

To create a new account and a home directory for the user, use the following command:

useradd --home /home/username username

Replace “username” with the username of the new account you want to create.

For example:

# useradd --home /home/geeks geeks

By default, the useradd command does not set any valid password, and the user cannot log in until a password is set. To set the password, use the following command:

passwd username

You will be prompted to enter and retype the new password.

# passwd geeks
Changing password for user geeks.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

To verify the values in /etc/passwd, use the following command:

cat /etc/passwd | grep username

For example:

# cat /etc/passwd | grep geeks
geeks:x:501:501::/home/geeks:/bin/bash

To verify the values in /etc/group, use the following command:

cat /etc/group | grep username
# cat /etc/group | grep geeks
geeks:x:501:

To verify if an email user has been created for the new user, use the following command:

ls /var/spool/mail | grep username

For example:

# ls /var/spool/mail | grep ehowstuff
ehowstuff

The useradd command has several options that you can use to customize the new user account. Here are some of them:

NAME
       userdel - delete a user account and related files

SYNOPSIS
       userdel [options] LOGIN

DESCRIPTION
       userdel is a low level utility for removing users. On Debian, administrators should usually use
       deluser(8) instead.

       The userdel command modifies the system account files, deleting all entries that refer to the user
       name LOGIN. The named user must exist.

OPTIONS
       The options which apply to the userdel command are:

       -f, --force
           This option forces the removal of the user account, even if the user is still logged in. It also
           forces userdel to remove the user's home directory and mail spool, even if another user uses the
           same home directory or if the mail spool is not owned by the specified user. If USERGROUPS_ENAB
           is defined to yes in /etc/login.defs and if a group exists with the same name as the deleted
           user, then this group will be removed, even if it is still the primary group of another user.

           Note: This option is dangerous and may leave your system in an inconsistent state.

       -h, --help
           Display help message and exit.

       -r, --remove
           Files in the user's home directory will be removed along with the home directory itself and the
           user's mail spool. Files located in other file systems will have to be searched for and deleted
           manually.

           The mail spool is defined by the MAIL_DIR variable in the login.defs file.

       -R, --root CHROOT_DIR
           Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR
           directory.

       -Z, --selinux-user
           Remove any SELinux user mapping for the user's login.

Each of these options has a specific function, which you can learn more about by referring to the useradd manual.

See also  How to Setup Bind DNS Server in Chroot Jail on CentOS 7

Deleting a User from a Linux System

To understand the userdel command better, you can access its manual by typing the following command in the terminal:

man userdel

The userdel command removes the user from /etc/passwd, but leaves the home directory intact by default. To remove the user’s account, user’s home directory, and mail spool as part of the deletion process, use the following command:

userdel --remove username

or

userdel -r username

Please be aware that when a user is removed with userdel without the -r option specified, the system will have files that are owned by an unassigned user ID number. This can also happen when files created by a deleted user exist outside their home directory. This situation can lead to information leakage and other security issues.

Few Real-Life Examples

Example 1: Creating a New User Account

Let’s say you want to create a new user account for a new employee named John. You can use the useradd command to create the account and the passwd command to set a password:

useradd --home /home/john john
passwd john

Example 2: Adding a User to a Group

Suppose you have a group named “developers” and you want to add John to this group. You can use the usermod command to add John to the group:

usermod -aG developers john

Example 3: Changing a User’s Login Shell

If John prefers to use the Zsh shell instead of the default Bash shell, you can change his login shell using the usermod command:

usermod -s /bin/zsh john

Example 4: Locking a User Account

If John is going on vacation and you want to temporarily disable his account, you can lock it using the usermod command:

usermod -L john

Example 5: Unlocking a User Account

When John returns from vacation, you can unlock his account using the usermod command:

usermod -U john

Example 6: Changing a User’s Home Directory

If you want to move John’s home directory to a different location, you can use the usermod command:

usermod -d /new/path/to/home john

Example 7: Deleting a User Account

If John leaves the company and you want to remove his account, you can use the userdel command:

userdel --remove john

Example 8: Checking a User’s Mail Spool

If you want to check if there are any mails for John, you can use the ls command:

ls /var/spool/mail | grep john

Commands Mentioned

  • man useradd – Displays the manual for the `useradd` command
  • useradd –home /home/username username – Creates a new user account and a home directory
  • passwd username – Sets a password for the user
  • cat /etc/passwd | grep username – Verifies the values in `/etc/passwd`
  • cat /etc/group | grep username – Verifies the values in `/etc/group`
  • ls /var/spool/mail | grep username – Verifies if an email user has been created
  • man userdel – Displays the manual for the `userdel` command
  • userdel –remove username – Removes the user’s account, user’s home directory, and mail spool
See also  How to Setup MailWatch on CentOS 6.3

Conclusion

The useradd and userdel commands are powerful tools that allow administrators to manage user accounts efficiently.

With useradd, you can create a new user account, specify its home directory, set its login shell, and assign it to a user group. For instance, if you’re setting up a new Apache web server on a dedicated server account, you might create a new user account for each member of your web development team, giving them the access they need to contribute to the project.

On the other hand, userdel allows you to remove a user account from the system. This is particularly useful when a team member leaves the project or when an account is no longer needed. For example, if you’re migrating from a VPS to a cloud hosting environment, you might need to remove user accounts associated with the old server.

See also  How to Find Default Gateway IP address on Linux

However, it’s important to use userdel responsibly. If you remove a user without the -r option, the user’s home directory and mail spool are left intact. This can lead to files being owned by an unassigned user ID number, potentially causing information leakage and other security issues. Therefore, it’s recommended to always use the -r option when removing a user account to ensure that all associated files are also deleted.

In conclusion, managing user accounts is a crucial aspect of maintaining a secure and efficient server environment. Whether you’re a seasoned administrator or a beginner, understanding how to add and remove users in Linux is a skill that will undoubtedly prove valuable in your work.

Always remember to manage user accounts responsibly, remove accounts that are no longer needed, and regularly update passwords to maintain a secure environment.

FAQ

  1. What is the purpose of the `useradd` command in Linux?

    The `useradd` command in Linux is used to create a new user account on the system. It allows administrators to specify various settings for the new user, such as the home directory, login shell, and user group.

  2. How can I set a password for a new user in Linux?

    You can set a password for a new user in Linux using the `passwd` command followed by the username. You will be prompted to enter and retype the new password.

  3. What does the `userdel` command do in Linux?

    The `userdel` command in Linux is used to delete a user account from the system. It removes the user from the `/etc/passwd` file. If used with the `–remove` or `-r` option, it also removes the user’s home directory and mail spool.

  4. What happens if a user is removed without the `-r` option?

    If a user is removed with the `userdel` command without the `-r` option, the user’s home directory and mail spool are left intact. The system will have files that are owned by an unassigned user ID number, which can lead to information leakage and other security issues.

  5. How can I verify if a new user has been created in Linux?

    You can verify if a new user has been created in Linux by checking the `/etc/passwd` and `/etc/group` files. You can use the `grep` command with the username to search for the user in these files. Additionally, you can check if an email user has been created for the new user by using the `ls /var/spool/mail | grep username` command.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *