Master Linux User & Group Management: Commands, IDs, and Best Practices

3.1 User/Group Overview

Linux is a multi‑user, multitasking operating system where each process is owned by a specific user. To use system resources, a regular user must be created by the superuser (root) and then log in with that account. The superuser can monitor regular users and set their access permissions to ensure system security.

3.1.1 User Identification and Classification

Linux simplifies user management by grouping users. Each user belongs to a primary group, and groups can contain zero or more users. Every user has a unique User ID (UID) and each group has a Group ID (GID).

(1) Two main user categories: Administrator (root) and regular users. Regular users are further divided into:

System users – created for background processes or services to run without administrative privileges; they typically never log in.

Login users – the accounts used for interactive logins.

(2) User identifiers

UID is a numeric identifier, usually represented with 16‑bit values (0‑65535). Modern Linux uses 32‑bit UIDs starting at 0, but for compatibility IDs are kept below 60000. The three UID ranges are: root (ID 0)

System users (ID 1‑499 on CentOS 6, 1‑999 on CentOS 7)

Login users (ID 500‑60000 on CentOS 6, 1000‑60000 on CentOS 7)

(3) User groups

Linux defines groups in three ways:

Administrator group and regular user groups (system‑user group, login‑user group)

Primary group and supplementary groups

Private groups and public groups

GID is the numeric group identifier, also using 16‑bit values (0‑65535). The administrator group has GID 0; regular groups use 1‑65535, with specific ranges for system and login groups similar to UID ranges.

3.1.2 System Files Related to Users

/etc/passwd – stores basic user information

/etc/shadow – stores encrypted user passwords

/etc/group – stores group information

/etc/login.defs – defines user attribute limits, password expiration, etc.

/etc/default/useradd – default configuration for the useradd command

3.2 Managing Users and Groups

Managing users involves adding, modifying, and deleting accounts. New accounts are initially locked and must be assigned a password before use.

3.2.1 Creating Users and Groups

1. Add a user

Adding a user creates a new entry in /etc/passwd and updates related files such as /etc/shadow and /etc/group. useradd [option] username Common options:

-c comment – description of the user

-d directory – home directory (creates it with -m if it does not exist)

-g group – primary group

-G group – supplementary groups

-s shell – login shell

-u uid – user ID (use -o to allow duplicate IDs)

2. Delete a user userdel -r username This removes the user's entries from system files and optionally deletes the home directory.

3. Modify a user usermod -s /bin/ksh -d /home/z -g developer sam 4. Set a user password

New accounts are locked until a password is set with the passwd command. The superuser can set passwords for any account; regular users can only change their own. passwd [option] username Common passwd options:

-l – lock the account

-u – unlock the account

-d – delete the password

-f – force password change on next login

5. Add a group groupadd [option] groupname Options:

-g GID – specify a numeric group ID

-o – allow the new group to share an existing GID

6. Delete a group groupdel groupname 7. Modify a group groupmod [option] groupname Options:

-g GID – assign a new GID

-o – allow the new GID to duplicate an existing one

-n new_name – rename the group