How to Manage Users from the Command Line in Linux

Overseeing users is one of the most insightful jobs for any Linux comptroller. Whether you juggle a aloof tool or multitudinous servers, conserving individual accounts planned aids retain control over the tool. Relevant individual security alike plays a secret semblance in tool counterclaim. Administrators should lone give schedule to human beings who in truth warning it and also lone for the time they warning it. Alignment unsuccessful advantages could express breakable information or crucial tool resources. Beneath, we will study command-pitch upwards equipments that allow comptrollers to model, readjust, and also solicit rid of individual accounts uninfluenced from the incurable.

Key Files for Overseeing Linux Users

Linux keeps individual and also group veracities in information tool documents. These documents storefront account veracities, passwords, and also group settings, and also comptrollers can usage them to juggle users and also control schedule.

Watching Existing Users

One of the fastest ideologies to note existent users on a Linux tool is to weigh the “/and also so on/passwd” documents. This documents shops rudimentary veracities around unanimously individual accounts. You can note it amassing earn service of of the obeying command:

sudo cat /etc/passwd

Beneath, each pitch upwards in the documents illustrates one individual account.

Conversely, you can alike weigh individual veracities amassing earn service of of the obeying commands:

id username
groups username
getent passwd username

The id command substantiates the UID, GID, and also unanimously teams the individual belongs to. The groups command lone substantiates the teams that a individual belongs to. It conducts not brandish the UID or GID. While the getent command fetches individual account veracities from the tool databases, involving “/and also so on/passwd”, LDAP, or other seated resources.

Chit: Modern Linux mechanisms do not storefront password hashes in “/and also so on/passwd”. Instead, encrypted passwords are conserved in the “/and also so on/shadow” documents, which can lone be accessed by the root individual.

Cultivation Users with the useradd Command

useradd is a devalued-level binary accessible on most distros. This command is commonly less thieved advantage of because it is not as individual-cordial and also intuitive as the adduser command. Singularly, there are splendidly few disputes, and also either can be thieved advantage of.

To situate out a boatload more around useradd, run the man command or contain --help to solicit a quickly synopsis.

man useradd
useradd --help

Sprinted the obeying command to contain a brand name-newfangled individual with a domicile magazine:

sudo useradd --create-home

This command collects a individual and also collects a domicile magazine for it. Singularly, if you skip the --create-home substitute, the individual account will be invented without a individual magazine. After this, you can substantiate the individual innovation amassing earn service of of the grep command:

grep /etc/passwd

Cultivation Users With the adduser Command

The adduser command is a Perl script that will model a individual indistinguishable to the useradd command. What administers it unlike is that it is an interactive command that activates you to package the password, the domicile magazine path, and also so on. On some provisions, such as Red Hat and also CentOS, adduser is a symbolic link to useradd, and also on other provisions prefer Arch Linux, adduser comes as a package that is not placed by default.

By default, amassing earn service of of this command collects a group for the individual with unchanged tag as the individual’s login. Other default settings are commonly conserved in the “/and also so on/default/useradd” documents. In this documents, you can configure debts for users invented with useradd, such as the default spanning, domicile magazine place, and also other account estates.

Sprinted the obeying command to model a brand name-newfangled individual:

sudo adduser testuser

As splendidly as inventing a individual, you will be prompted to package and also verify the password, lend optional individual veracities, and also verify the account innovation.

Placement or Revolutionizing Consumer Passwords

After inventing a individual account, you can package or update the individual’s password amassing earn service of of the passwd command.

sudo passwd

This command activates you to go into and also verify a brand name-newfangled password. If a invariant individual runs the passwd command without sudo, they can lone readjust their own password.

Password veracities final notices are implemented by PAM and also are commonly seated in “/and also so on/pam.d/average-password” on Ubuntu. For a boatload more veracities on simplifying password veracities mantras, go to the pam-auth-update male page.

Overseeing Linux Users Making earn service of of the usermod Command

You can usage the usermod command to readjust existent individual accounts. It can readjust weakness such as individual IDs, login tags, domicile directories, or group subscriptions. For example, the obeying command enriches the individual’s UID:

sudo usermod -u

Be meticulous when readjusting crucial weakness such as the individual ID or login tag. Revolutionizing these perks could authority documents possession or sanctions on the tool.

In addition, you can readjust a individual’s Domicile Magazine with the usermod command as complies with:

sudo usermod -d

In addition to this, you can lock or unlock a individual account amassing earn service of of the -L and also -U corrects respectively:

sudo usermod -L
sudo usermod -U

Finally, you can package the account’s expiration date amassing earn service of of the --expiredate substitute with the usermod command:

sudo usermod --expiredate

These corrects allow you to control account schedule and also juggle individual settings without separating the account.

Adding Users to the Teams

Teams allow multitudinous users to share unchanged sanctions. For example, users could warning group schedule to juggle documents, run corrects, or do bureaucratic jobs.

To contain a individual to a group, run the usermod command with -a and also -G corrects:

sudo usermod -a -G

The -a flag expects append, which guarantees the individual keeps their existent teams. Without this substitute, the command could overwrite the individual’s group list.

Conversely, you can usage the gpasswd command to contain/solicit rid of a individual to/from a group.

sudo gpasswd -a username groupname

To solicit rid of a individual from a group:

sudo gpasswd -d username groupname

Obliterating Users

If a individual account is zero a boatload longer warranted, you can solicit rid of it amassing earn service of of the userdel command.

sudo userdel username

This command deletes the individual account yet keeps the individual’s domicile magazine. To solicit rid of both the account and also its domicile magazine, usage the obeying command:

sudo userdel -r username

Chit that userdel will not solicit rid of a individual if there are boisterous processes sprinting under that account.

Watching Consumer Login Vacancy

Monitoring login activity aids comptrollers evolve unauthorized schedule and also troubleshoot authentication top priorities. On Ubuntu and also Debian mechanisms, login exertions are tape-recorded in “/var/log/auth.log”. You can note existent access amassing earn service of of the tail command:

sudo tail /var/log/auth.log

On Red Hat or CentOS mechanisms, login documents are conserved in “/var/log/solve”. Contraptions that usage systemd could alike allow perceiving authentication logs amassing earn service of of the obeying command:

sudo journalctl | grep ssh

This way, monitoring individual accounts duly keeps your tool planned and also inhibits unauthorized schedule. To snag your incurable journey even additionally, weigh out this guide on Linux incurable equipments for powers that administer kneading in the incurable much faster and also a boatload more cutthroat.