Complete Guide to User Management in Linux

Introduction / Why This Is Needed

User management is one of the fundamental tasks of a Linux system administrator. Proper configuration of user accounts ensures security, access control separation, and accountability within the system. This guide explains how to perform basic operations: creating, modifying, and deleting users, as well as working with groups. All commands work on most modern distributions (Ubuntu, Debian, CentOS, RHEL, Fedora).

After completing this guide, you will be able to:

Create users with specific parameters (home directory, shell).
Assign and change passwords.
Manage group membership.
Safely delete user accounts.
Check user information.

Prerequisites / Preparation

Before you begin, ensure that:

You have access to a terminal or server management console.
You are logged in as root or as a user with sudo privileges.
You have a basic understanding of the command line.

Check privileges: Run the command sudo -v. If a password is requested and you know it — you're ready. If an error message appears, contact your system administrator.

Step-by-Step Instructions

Step 1: Create a New User

The primary utility is useradd. Recommended command template:

sudo useradd -m -s /bin/bash newusername

-m — automatically creates the home directory /home/newusername based on the /etc/skel template.
-s /bin/bash — sets bash as the default login shell. For other shells, specify the corresponding path (/bin/zsh, /bin/sh).

Example creating a user devops with the bash shell:

sudo useradd -m -s /bin/bash devops

Note: If you need to create a user without a home directory (e.g., for system services), omit the -m flag.

Step 2: Assign a Password to the User

The created user will not be able to log in until they have a password. Use passwd:

sudo passwd newusername

The system will prompt you to enter the new password twice. Input characters are not displayed.

Important: For enhanced security, the password should comply with complexity policies. Configuring policies (length, presence of digits/special characters) is done via the /etc/login.defs file and the PAM module (/etc/pam.d/common-password on Debian/Ubuntu).

Step 3: Add the User to Additional Groups

By default, a user is added to their primary group (with the same name). To grant them sudo privileges or access to other resources (e.g., docker), add them to the necessary groups.

sudo usermod -aG sudo newusername

-aG — critical flags. -a (append) adds the group to existing ones without removing others. -G specifies the list of additional groups.

Example: Adding the user devops to the sudo and docker groups:

sudo usermod -aG sudo,docker devops

Check the user's groups:

groups devops
# or
id devops

Step 4: Configure Default Parameters (Optional)

If you frequently create users with the same settings, change the default values in /etc/default/useradd or use flags directly in the useradd command.

Commonly used useradd flags:

-c "Comment" — Full name or description (e.g., -c "Ivan Petrov").
-d /path/to/home/directory — explicit path to the home directory (if not /home/username).
-G group1,group2 — add to additional groups immediately upon creation.
-e YYYY-MM-DD — account expiration date.
-f N — number of days after password expiration during which login is still allowed (0 — immediate lock).

Example creating a user with a comment and immediately in the developers group:

sudo useradd -m -c "Anna Sidorova" -G developers -s /bin/bash anna
sudo passwd anna

Step 5: Delete a User

When deleting a user, you can either keep their home directory and mail spool (files in /var/spool/mail) or remove everything.

sudo userdel -r username

-r — removes the user's home directory (/home/username) and mail spool. Use with caution!

Safe variant (account only):

sudo userdel username

In this case, files in /home/username will remain on disk and will be owned by the deleted UID. You will need to manually find (find / -uid former_UID) and delete or re-assign them.

Verification

User existence: Check the entry in /etc/passwd:
```
getent passwd newusername
```
The output should contain a line with UID, GID, home directory, and shell.
Password: Ensure the password is set (the password field in /etc/shadow will contain a hash, not ! or *):
```
sudo grep newusername /etc/shadow
```
Groups: Check membership:
```
id newusername
```
Login: Try logging in as the new user using su - newusername (in a new session) or via SSH/console if it's a remote user.

Potential Issues

useradd: user 'username' already exists — A user with that name already exists in the system. Use a different name or delete the old user.
passwd: Authentication token manipulation error — Failed to set the password. Most often the cause is lack of sudo privileges or a locked /etc/shadow file (check permissions: ls -l /etc/shadow). It can also be due to insufficient disk space.
User cannot execute sudo — After adding the user to the sudo group, the user must log out and log back in to update the group list. You can apply changes without re-logging in: newgrp sudo (in the current session) or sg sudo -c 'command'.
Home directory is not created — Ensure that CREATE_HOME yes is correctly set in /etc/login.defs. Or use the -m flag explicitly. Also check the presence and permissions of the /etc/skel template.
usermod: cannot lock /etc/passwd; try again later — Another process (e.g., another useradd or vipw) has locked the password file. Wait a minute and try again.

F.A.Q.

How to create a user with a home directory and bash shell?

What to do if you get the error 'user already exists' when creating a user?

How to temporarily lock an account without deleting it?

Can you change a user's UID after creation?

Hints

Preparation and Permission Check

Create a New User

Set Password

Configure Additional Parameters (Optional)

Verify the Created Account

Delete User