Master Linux User & Group Management: Commands, Files, and Best Practices
This guide explains Linux's multi‑user architecture, the meaning of UID/GID, how to view and edit /etc/passwd and /etc/shadow, and provides step‑by‑step commands for creating, modifying, and deleting users and groups, including su and sudo usage.
Linux Learning – User Management
1. User/Group Overview
Linux is a multi‑user, multitasking OS where each process belongs to a file owned by a specific user. To use system resources you must be a regular user created by the superuser. The superuser can monitor ordinary users and set their permissions, ensuring system security. Each user belongs to one or more groups, allowing centralized management of permissions.
3.1.1 User Identifier: UID and GID
Every user has a unique UID, similar to a personal ID number.
The id command shows the current login information: UID is the user ID, GID is the primary group ID, and groups lists all groups the user belongs to.
root@localhost ~# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023The ll command displays file owners.
root@localhost ~# ll /home
total 12
drwxrwxrwx. 2 root root 31 Oct 10 15:21 dir01
drwxr-sr-x. 2 root hr 19 Oct 10 15:11 hr
drwx------. 3 linux linux 78 Nov 1 15:19 linux
...The ps aux | less command lists processes.
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 193908 7060 ? Ss 12:00 0:26 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
...After installing Apache, ps aux shows the httpd process and its user.
root@localhost ~# yum -y install httpd
root@localhost ~# systemctl start httpd
root@localhost ~# ps aux | grep httpd
root 43382 0.0 0.0 112824 988 pts/1 S+ 21:56 0:00 grep --color=auto httpd3.1.2 User/Group Related Files
All usernames and encrypted passwords are stored in /etc/passwd and /etc/shadow. /etc/passwd contains one line per user, with seven colon‑separated fields: username, password placeholder, UID, primary GID, comment, home directory, and login shell.
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
.../etc/shadowstores encrypted passwords and aging information in nine fields: username, encrypted password, last change, minimum age, maximum age, warning period, inactivity period, expiration date, and reserved.
root:$6$...$...:19655:0:99999:7:::
bin:*:18353:0:99999:7:::
...From CentOS 6 onward, UID 0 is the privileged root user, UID 1‑499 are system accounts, and UID 500+ are regular users.
3.1.3 Types of Users
1. Superuser (root) – UID 0, can execute any command and manage all resources.
2. Regular user – typically UID 1000+, can run a limited set of commands.
3. System/Program user – UID 1‑999; used for services, cannot log in or have a home directory.
3.2 Managing Users and Groups
Creating, modifying, and deleting users and groups.
3.2.1 Create User/Group
useraddcreates a new user.
root@localhost ~# useradd qf1
root@localhost ~# grep qf1 /etc/passwd /etc/group
/etc/passwd:qf1:x:1015:1015::/home/qf1:/bin/bash
/etc/group:qf1:x:1015:Common useradd options:
-d – specify home directory
-u – specify UID
-g – specify primary GID or group name
-G – specify supplementary groups
-s – specify login shell groupadd creates a new group, and useradd -G creates a user with additional groups.
root@localhost ~# groupadd hh
root@localhost ~# groupadd hhh
root@localhost ~# useradd qf2 -G hh
root@localhost ~# useradd qf3 -G hh,hhh
root@localhost ~# id qf2
uid=1016(qf2) gid=1016(qf2) groups=1016(qf2),2006(hh)
root@localhost ~# id qf3
uid=1017(qf3) gid=1017(qf3) groups=1017(qf3),2006(hh),2007(hhh)groupadd -gsets a specific GID; if the GID already exists, an error is shown.
root@localhost ~# groupadd hhhh -g 2000
groupadd: GID "2000" already exists
root@localhost ~# groupadd hhhh -g 1802
root@localhost ~# grep hhhh /etc/group
hhhh:x:1802:usermodor gpasswd modify existing user/group settings.
root@localhost ~# useradd qf4 -G hh
root@localhost ~# id qf4
uid=1018(qf4) gid=1018(qf4) groups=1018(qf4),2006(hh)
root@localhost ~# gpasswd -d qf4 hh
root@localhost ~# id qf4
uid=1018(qf4) gid=1018(qf4) groups=1018(qf4)
root@localhost ~# gpasswd -a qf4 hhh
root@localhost ~# id qf4
uid=1018(qf4) gid=1018(qf4) groups=1018(qf4),2007(hhh)Group information resides in /etc/group.
root@localhost ~# tail /etc/group
sie:x:2004:ysq
robot:x:2005:ysq
mysql:x:27:
qf01:x:1014:
qf1:x:1015:
hh:x:2006:qf2,qf3
hhh:x:2007:qf3,qf4
...3.2.2 Delete User/Group
userdelremoves a user; userdel -r also removes the home directory and mail spool.
root@localhost ~# id qf4
uid=1018(qf4) gid=1018(qf4) groups=1018(qf4),2007(hhh)
root@localhost ~# userdel qf4
root@localhost ~# id qf4
id: qf4: no such user
...groupdeldeletes a group unless it is still referenced by a user.
root@localhost ~# grep hhhh /etc/group
hhhh:x:1802:
root@localhost ~# groupdel hhhh
root@localhost ~# grep hhhh /etc/group3.2.3 Change User Password
Any user can change their own password with passwd; only root can change others' passwords without providing the old password.
root@localhost ~# passwd qf13.2.4 Create a Secure (nologin) User
Use useradd -s /sbin/nologin to create a user that cannot log in.
root@localhost ~# useradd qf8 -s /sbin/nologin
root@localhost ~# tail -2 /etc/passwd
qf2:x:1016:1016:/home/qf2:/bin/bash
qf8:x:1017:1017:/home/qf8:/sbin/nologinList login‑capable users by filtering /etc/passwd for shells ending in bash.
root@localhost ~# grep "bash$" /etc/passwd
root:x:0:0:root:/root:/bin/bash
none:x:1000:1000:None:/home/none:/bin/bash
...3.2.5 Configuration Files
/etc/login.defsand /etc/default/useradd define default values for useradd. Example excerpts:
#MAIL_DIR /var/spool/mail
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
ENCRYPT_METHOD SHA512# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes3.2.6 su and sudo
suswitches to another user after providing the target's password.
none@localhost ~]$ whoami
none
none@localhost ~]$ su -
Password:
[root@localhost ~]#sudoallows members of the wheel group to execute commands as root after entering their own password; the authentication is cached for five minutes.
root@localhost ~# useradd qf9 -G wheel
root@localhost ~# id qf9
uid=1018(qf9) gid=1018(qf9) groups=1018(qf9),10(wheel)
none@localhost ~]$ sudo useradd qf10
[sudo] password for none:3.3 Chapter Summary
This chapter introduced UID/GID concepts, the role of a user's shell, and how to add, delete, modify, and query users and groups. It covered the structure of /etc/passwd and /etc/shadow, useradd defaults, and demonstrated using su for identity switching and sudo for privilege escalation.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.