Master Linux User Management: Create, Modify, Secure, and Elevate Users Efficiently

1. User Overview

A user is an account that can log into a Linux or Windows system. Linux supports multiple simultaneous logins, while Windows allows only one active session per user.

2. Why Create Users?

Each process runs under a specific user. Ordinary users are preferred for server management to avoid the risks of using the powerful root account.

3. Viewing Users

Use id to view the current user’s UID, GID and groups, and id username for other users.

# id    # view current user info
uid=0(root) gid=0(root) groups=0(root)
# id oldboy    # view another user
uid=1000(oldboy) gid=1000(oldboy) groups=1000(oldboy)

2. User Management Commands

The main commands are useradd , usermod and userdel .

2.1 Adding Users

Usage: useradd [options] LOGIN
      useradd -D               # show defaults
      useradd -D [options]     # modify defaults
# Options
-d   # home directory
-g   # primary group ID
-G   # supplementary groups
-k   # skeleton directory (use with -m)
-m   # create home directory
-c   # comment / description
-N   # do not create a group with same name
-s   # login shell
-u   # user ID
-r   # create system account

Relevant files: /etc/default/useradd (default settings) and /etc/skel/* (files copied to new home directories).

2.2 Modifying Users

# Change description
usermod -c "new comment" username
# Change home directory (create if needed)
usermod -d /new/home -m username
# Change primary group
usermod -g newgroup username
# Add supplementary groups
usermod -a -G group1,group2 username
# Lock / unlock account
usermod -L username   # lock
usermod -U username   # unlock
# Change login name
usermod -l newname oldname
# Change UID
usermod -u 6001 username
# Set expiration date
usermod -e 2025-12-31 username

2.3 Deleting Users

# Delete user, keep home directory
userdel user1
# Delete user and home directory
userdel -r user1

3. Extended User Knowledge

3.1 Creation Process

When creating a user, useradd references /etc/login.defs and /etc/default/useradd. If options are supplied they override defaults.

MAIL_DIR   /var/spool/mail
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
UID_MIN 1000
UID_MAX 60000
SYS_UID_MIN 201
SYS_UID_MAX 999
CREATE_HOME yes
USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512

Default home directory is set by HOME=/home in /etc/default/useradd.

3.2 Password Management

Set passwords with passwd. Password policies are defined in /etc/login.defs (e.g., PASS_MAX_DAYS, PASS_MIN_LEN).

# Change password for current user
passwd
# Change password for root
passwd root
# Non‑interactive change
echo "123456" | passwd --stdin user1

Complexity recommendations: include numbers, upper/lowercase letters, special characters; length >12; avoid weak passwords; rotate every 3–6 months.

3.3 Password Aging Commands

# View aging info
chage -l username
# Set aging parameters
chage -M 90 -m 0 -W 7 username

3.4 SSH Key‑Based Login

ssh-keygen -t rsa -b 4096   # generate key pair
ssh-copy-id user@remote      # copy public key

4. Privilege Escalation

4.1 Using su

su - username

starts a login shell and loads the target user's environment; su username starts a non‑login shell without changing environment variables.

# Switch to root (need root password)
su -
# Switch to another user without password (if root)
su - lqz -c 'whoami'

4.2 Using sudo

sudo

allows specific commands to be run as root without sharing the root password. Configure via /etc/sudoers (use visudo).

# Add user to wheel group for sudo access
usermod -aG wheel bgx
# Example sudoers entry
bgx ALL=(ALL) /usr/bin/yum, /usr/sbin/useradd
oldboy ALL=(ALL) NOPASSWD:/bin/cp, /bin/rm

Define command aliases and user aliases to simplify management:

User_Alias OPS = oldboy, alex
Cmnd_Alias NETWORKING = /sbin/ifconfig, /bin/ping
OPS ALL=(ALL) NETWORKING, SOFTWARE, SERVICES

5. Group Management

5.1 What Is a Group?

Groups are logical collections of users. A primary (basic) group is unique per user; supplementary groups allow additional permissions.

5.2 Group Files

Group information is stored in /etc/group (name, password placeholder, GID, members) and /etc/gshadow (secure data).

5.3 Managing Groups

# Create a group
groupadd devops
# Create with specific GID
groupadd -g 5555 ops
# Create system group (GID 201‑999)
groupadd -r sysgroup
# Modify group GID
groupmod -g 1111 devops
# Rename group
groupmod -n opsdev ops
# Delete group
groupdel opsdev

5.4 Group Password and Switching

# Set group password (optional)
gpasswd devops
# Switch primary group for current session
newgrp devops

5.5 UID Ranges (summary)

UID 0 – super‑admin (root). UID 1‑200 – system users for core services. UID 201‑999 – system users without login. UID 1000+ – regular login users with limited privileges.