Intro to Linux: Users and groups

In another blog post I talked about how to control file permissions but I never talked about users and groups.  In linux users groups and passwords are stored in files.  You can directly modify these files but it’s a better idea to use the built in commands.

Users information is stored in /etc/passwd in the following format (fields seperated by :):

bob:x:3002:302:Bob Bobo's account:/home/bob:/bin/bash


  1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file)
  5. User ID Info: The comment field.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Users actual password is stored in /etc/shadow in the following format:

bob:asdk1324E@#$Fsa:324:0:99999:7
 1. User name : It is your login name
 2. Password: It your encrypted password. 
 3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
 4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
 5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
 6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
 7. Inactive : The number of days after password expires that account is disabled
 8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used


The groups are stored in /etc/group (your Primary group will not show up here that’s in /etc/passwd)

power_users:x:3009:bob,tom,bill

 1. group_name: It is the name of group. 
 2. Password: Generally password is not used, hence it is empty/blank. 
 3. Group ID (GID): Each user must be assigned a group ID. 
 4. Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.


So now how to we interact with these:

To add a user … useradd :

useradd -u 3002 -d /home/bill -m -c "Bill Thomas" -s /bin/bash -G 3002 bill
(-u uid)(-d home dir -m to create)(-c comment)(-s shell)(-G primary group)

To delete a user:

userdel username

This will not delete their home directory you have to do this manually.

To add a group:

groupadd -g 4021 name
(-g group id) 

To delete a group

groupdel name_or_gid

To add a user to a group as primary group (When you create a file it will be group owned by your primary group)

usermod -G gid username_or_uid

To add a user to a group as a secondary group (user has permissions but does not create files as this group)

usermod -g gid username_or_uid


To change your new users password just type the following

passwd username



	

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.