Master Linux User and Group Management: Commands, Files, and Best Practices

1. User and Group Overview

Linux is a multi‑user, multitasking operating system where each process belongs to a specific user and each file is owned by a user. Access control is enforced through user IDs (UID) and group IDs (GID), allowing administrators to manage permissions centrally.

1.1 UID and GID

Every user has a unique numeric UID, similar to a personal identification number. The id command displays the current user's UID, primary GID, and supplementary groups.

[root@localhost ~]# id
uid=0(root) gid=0(root) groups=0(root)

The ll command shows file ownership.

[root@localhost ~]# ll /home
... drwxrwxrwx. 2 root root 31 Oct 18 15:21 dir01 ...

1.2 Viewing Processes

Use ps aux | less to list all running processes.

USER   PID %CPU %MEM    VSZ   RSS TTY  STAT START   TIME COMMAND
root     1  0.0  0.1 193908 7060 ?   Ss   12:00   0:26 /usr/lib/systemd/systemd ...

2. User and Group Files

All user names and encrypted passwords are stored in /etc/passwd and /etc/shadow. Each line in /etc/passwd contains seven fields separated by colons: username, password placeholder, UID, GID, comment, home directory, and login shell.

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
...

The /etc/shadow file holds encrypted passwords and aging information. The second field consists of three parts: $id (hash algorithm), salt, and the actual hash. Example entries illustrate how identical passwords produce different hashes because of unique salts.

qf1:$6$8FtewMfM$RPD0aIuDGmpE...:19655:0:99999:7:::
qf2:$6$FRsRAaAa$WJuDA0I8w7aM5t...:19655:0:99999:7:::

3. Managing Users and Groups

3.1 Creating Users and Groups

Use useradd to create a user. Common options: -d – set home directory -u – specify UID -g – primary GID -G – supplementary groups -s – login shell

# useradd qf1
# grep qf1 /etc/passwd /etc/group
/etc/passwd:qf1:x:1015:1015:/home/qf1:/bin/bash
/etc/group:qf1:x:1015:

Group creation uses groupadd. Adding a user to existing groups can be done with useradd -G or later with gpasswd.

# groupadd hh
# useradd qf2 -G hh
# id qf2
uid=1016(qf2) gid=1016(qf2) groups=1016(qf2),2006(hh)

3.2 Deleting Users and Groups

Remove a user with userdel. The -r flag also deletes the user's home directory and mail spool.

# userdel -r qf3

Delete a group with groupdel. The group must not be the primary group of any existing user.

# groupdel hhhh

3.3 Modifying Passwords

Any user can change their own password with passwd. Only root can change another user's password without providing the old one.

# passwd qf1

3.4 Restricting Login Shells

Assign /sbin/nologin as the login shell to create a system or service account that cannot log in interactively.

# useradd qf8 -s /sbin/nologin

3.5 Configuration Files

Default settings for useradd are stored in /etc/login.defs and /etc/default/useradd. They control default group, home directory, password aging, and encryption method (e.g., ENCRYPT_METHOD SHA512).

3.6 su and sudo

Switch users with su. The sudo command requires the user to belong to the wheel group; after entering the password, sudo privileges are cached for five minutes.

# useradd qf9 -G wheel
# sudo useradd qf10

4. Chapter Summary

The chapter covered the meaning of UID/GID, the role of the login shell, and how to perform create, read, update, and delete (CRUD) operations on users and groups. It also explained the structure of /etc/passwd and /etc/shadow, password encryption, and how to use su and sudo for privilege escalation.