Master Linux User and Group Management: Commands, Files, and Best Practices

1. User and Group Files

Linux stores user accounts, passwords, group information, and group passwords in separate configuration files. User account details (except passwords) are in /etc/passwd, while encrypted passwords reside in /etc/shadow. The /etc/group file holds group names and member lists, and /etc/gshadow stores group passwords.

2. Password File

For security, real passwords are MD5‑hashed and saved in /etc/shadow, readable only by root. Like /etc/passwd, each line in /etc/shadow represents one account, with the first field as the username and the second as the password hash.

3. Group Account File

Group information is kept in /etc/group. The first field is the group name, the second is an x placeholder, the third is the GID, and the fourth lists member usernames separated by commas.

4. Adding Users

Use useradd [options] username to create a new user. Common options include: -c comment -d home directory -m create home directory -M do not create home directory -e account expiration date -f days after expiration before disabling -g primary group -G supplementary groups -n no private group -s login shell (default /bin/bash) -r system account (UID < 500) -u specify UID -p password hash (rarely used)

Example:

[root@localhost ~]# useradd -g babyfish nisj

[root@localhost ~]# id nisj

If -g is omitted, a private group with the same name as the user is created; use -n to suppress this.

5. Setting Account Attributes

Modify existing accounts with usermod [options] username. Key options: -l new_name change login name -d new_home change home directory -L lock account (adds ! to password field) -U unlock account

Example of renaming and moving home directory:

[root@localhost ~]# usermod -l nsj0820 nsj820

[root@localhost ~]# usermod -d /home/nsj0820 nsj0820

6. Deleting Accounts

Remove a user with userdel [-r] username. The -r flag also deletes the user’s home directory.

7. Setting User Login Password

Root can set any account’s password with passwd username. Regular users can change only their own password by running passwd without arguments.

8. Locking/Unlocking Passwords and Querying Status

Lock a password with passwd -l username and unlock with passwd -u username. Check status using passwd -S username.

9. Creating User Groups

Create a group with groupadd [-r] groupname. The -r option creates a system group (GID < 500).

10. Modifying Group Attributes

Rename a group: groupmod -n newname oldname. Change GID: groupmod -g newGID groupname.

11. Deleting User Groups

Delete a group with groupdel groupname. The group must not be a private group of any existing account.

12. Adding/Removing Users to/from Groups

Use gpasswd -a username groupname to add and gpasswd -d username groupname to remove a user from a group.

13. Setting Group Administrator

Assign a group admin with gpasswd -A username groupname. The admin can manage members of that group but not other groups.

14. Other Useful Commands

Commands such as id, whoami, and groups display user and group information. Graphical tools are also available via System → Administration → Users and Groups.

Note: When adding a user to a group, always use the -a (append) option with usermod -G to avoid removing the user from existing groups.