Master Linux User & Group Management: UID, GID, Commands Explained

Linux User Management

1. User/Group Overview

Linux is a multi‑user, multitasking OS where each process belongs to a specific user. To use system resources you must have a regular user account created by the superuser. Superusers can monitor users and set permissions to ensure security.

Each user belongs to one or more groups, allowing centralized management of permissions.

3.1.1 User identifiers: UID and GID

Each user has a unique UID, similar to an ID card number.

The id command shows the current user’s UID, GID and group list.

# id
uid=0(root) gid=0(root) groups=0(root) ...

The ll command lists file owners.

# ll /home
... (listing) ...

Use ps aux | less to view processes.

# ps aux | less
USER   PID %CPU %MEM ... COMMAND
root    1  0.0 0.1 ... /usr/lib/systemd/systemd
...

After installing Apache, ps aux shows the httpd process owner.

# yum -y install httpd
# systemctl start httpd
# ps aux | grep httpd
root 43382 0.0 ... grep --color=auto httpd

3.1.2 User and group files

User names and encrypted passwords are stored in /etc/passwd and /etc/shadow. Each line in /etc/passwd has seven fields: username, password placeholder, UID, primary GID, comment, home directory, login shell.

# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
...

The /etc/shadow file contains nine fields, including the encrypted password, last change date, minimum and maximum age, etc.

# cat /etc/shadow
root:$6$...$...:19655:0:99999:7:::
...

UID 0 is privileged, 1‑499 are system users, 500+ are regular users (CentOS 6+).

3.1.3 Types of users

1. Superuser (root) – has UID 0 and can execute any command.

2. Regular user – UID usually starts at 1000; can run limited commands.

3. Service (program) user – non‑login accounts used by daemons, UID 1‑999.

3.2 Managing users and groups

3.2.1 Creating users and groups

Use useradd to create a user.

# useradd qf1
# grep qf1 /etc/passwd /etc/group
/etc/passwd:qf1:x:1015:1015:/home/qf1:/bin/bash
/etc/group:qf1:x:1015:

Common useradd options:

-d Specify home directory

-u Specify UID

-g Specify primary GID

-G Specify supplementary groups

-s Specify login shell

Use groupadd to create a group and useradd -G to add a user to existing groups.

# groupadd hh
# groupadd hhh
# useradd qf2 -G hh
# useradd qf3 -G hh,hhh
# id qf2
uid=1016(qf2) gid=1016(qf2) groups=1016(qf2),2006(hh)
# id qf3
uid=1017(qf3) gid=1017(qf3) groups=1017(qf3),2006(hh),2007(hhh)

Specify a GID with groupadd -g.

# groupadd hhhh -g 1802
# grep hhhh /etc/group
hhhh:x:1802:

3.2.2 Deleting users and groups

Remove a user with userdel. Use -r to also delete the home directory and mail spool.

# userdel qf4
# userdel -r qf3

Remove a group with groupdel (cannot delete a group that is still the primary group of a user).

# groupdel hhhh

3.2.3 Changing user passwords

Any user can change their own password with passwd. Only root can change another user’s password without the old password.

# passwd qf1

3.2.4 Secure users

Set a user’s login shell to /sbin/nologin to create a non‑login (secure) account.

# useradd qf8 -s /sbin/nologin
# tail -2 /etc/passwd
qf2:x:1016:1016:/home/qf2:/bin/bash
qf8:x:1017:1017:/home/qf8:/sbin/nologin

3.2.5 Configuration files

/etc/login.defs

and /etc/default/useradd define defaults for useradd, such as password aging and default shell.

# /etc/login.defs excerpt
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7
ENCRYPT_METHOD  SHA512

# /etc/default/useradd excerpt
GROUP=100
HOME=/home
SHELL=/bin/bash
CREATE_MAIL_SPOOL=yes

3.2.6 su and sudo

Use su to switch users; sudo allows users in the wheel group to execute commands as root after entering their password.

# su -
Password:
# su none
# useradd qf9 -G wheel
# sudo useradd qf10

3.3 Chapter summary

This chapter covered the meaning of UID/GID, the role of a user’s shell, and how to add, delete, modify, and query users and groups; how to edit /etc/passwd and /etc/shadow; default configurations for useradd; and how to switch identities with su and elevate privileges with sudo.