Master Linux User & Group Management: Commands, Files, and Best Practices

1. Concept of Users and Groups

Linux manages users and groups by numeric IDs. When a user logs in, the username is translated to a UID, which the system uses to verify the account and password.

UID 0 is the super‑administrator (root). Linux users fall into three categories:

root user (ID 0)

system users (ID 1‑499)

regular users (ID 500‑60000)

2. User Password Files

User account information (except passwords) is stored in /etc/passwd. Because all users can read this file, passwords are kept in /etc/shadow, which is readable only by root.

Example of the /etc/passwd file:

Fields in /etc/passwd (left to right) include username, placeholder x for password, UID, GID, user description, home directory, and login shell.

3. User Password File (/etc/shadow)

Passwords are stored encrypted (MD5) in /etc/shadow, which only root can read. Each line mirrors a /etc/passwd entry: the first field is the username, the second is the encrypted password.

4. Group Account File

Group information is stored in /etc/group, readable by all users. The real group password is in /etc/gshadow, readable only by root.

Fields in /etc/group are: group name, placeholder x, GID, and a comma‑separated list of member usernames.

5. Adding Users

Command syntax: useradd [options] username Common options: -c Set comment (full name) -d Set home directory (default /home/username) -e Set expiration date (YYYY‑MM‑DD) -g Set primary group -G Set supplementary groups (comma‑separated) -M Do not create home directory -s Set login shell (default bash) -u Specify UID

[root@qll251 ~]# useradd -s /sbin/nologin -M user01</code><code># create user01 without login shell and without home directory

[root@qll251 ~]# useradd -c administrator -d /home/admin -e 2020-03-11 -g root -G mail,bin admin</code><code># create user admin with description, custom home, expiration, primary group root, and supplementary groups mail and bin

6. Modifying User Attributes

Command syntax: usermod [options] username Common options: -d Change home directory -e Change expiration date -g Change primary group -G Change supplementary groups -s Change login shell -u Change UID

[root@qll251 ~]# usermod -d /home/nginx nginx01</code><code># change nginx01 home to /home/nginx

[root@qll251 ~]# usermod -u 1005 admin</code><code># set admin UID to 1005

[root@qll251 ~]# usermod -s /sbin/nologin admin</code><code># prevent admin from logging in

7. Deleting Users

Command syntax:

userdel [-r] username

-r

also removes the user's home directory.

[root@qll251 ~]# userdel -r admin

8. Creating Groups

Command syntax: groupadd [options] groupname Common option: -g Set GID

[root@qll251 ~]# groupadd -g 1002 xiaoming</code><code># create group xiaoming with GID 1002

9. Modifying Group Attributes

Rename a group:

[root@qll251 ~]# groupmod -n admin02 admin</code><code># rename group admin to admin02

Change GID:

[root@qll251 ~]# groupmod -g 1001 admin02</code><code># set GID of admin02 to 1001

10. Deleting Groups

Command syntax: groupdel groupname Note: a group that is a user's private group cannot be deleted until the user is removed.

[root@qll251 ~]# groupdel test

11. Adding/Removing Users from Groups and Setting Group Administrators

Add a user to a group:

[root@qll251 ~]# gpasswd -a test admin02</code><code># add user test to group admin02

Remove a user from a group:

[root@qll251 ~]# gpasswd -d test admin02</code><code># remove user test from group admin02

Set a group administrator:

[root@qll251 ~]# gpasswd -A test admin02</code><code># make user test the admin of group admin02

Append a user to an additional group without leaving existing groups:

[root@qll251 ~]# usermod -a -G admin test</code><code># add test to group admin while keeping other memberships

12. Miscellaneous User Commands

Useful commands to query user and group information: id – display UID, GID, and group list of the current user whoami – show the current username groups – list groups a specified user belongs to