How to Add, Remove and Modify Users in Linux
As a Linux administrator, it is essential to know how to add users, modify users and delete users in a Linux system. It is a good practice to have different accounts for different users and set permissions, for security purposes.
In this article, we will see how to manage users in Linux by adding new users, modifying existing users and delete user accounts which are not required.
To execute most of the commands in this article, you need root access. The distribution we’re using to show these examples supports
sudo, so we’ll add
sudo before the command to execute the command as root. If you don’t have
sudo installed, then you may either log in as the root user into your system, or you may run
su and enter the root password to gain root access.
The commands we’ve discussed here work across all Linux distributions, including Debian, Ubuntu, CentOS and RHEL.
Add a user in Linux
To add users, run the
useradd command, like so:
sudo useradd -m <name of the user>
For example, if you want to add the user named
john, then the command will be like:
sudo useradd -m john
useradd creates a user without creating a home directory. So, to make
useradd create a home folder, we’ve used the
If the command is successful, it won’t have any output, like so:
Behind the scenes, it automatically creates the user
john by assigning a unique user ID for the user, and adding the user’s details to the
/etc/passwd file. It also creates a home directory for the user under
/home (so the full path is
At this point, the user has been created, but they don’t have a password and can’t log in. So, to assign a password to the newly created user, run the
passwd command like so:
sudo passwd <username>
The command will ask for the new password, and ask you to confirm it:
This command adds the user’s password in
/etc/shadow in an encrypted format. After running this command, the new user should be able to login as usual.
You can view the new user’s ID by using
id -u <username>. In our case,
john was given an ID of 1001:
User Groups in Linux
Before we move on creating and managing “groups”, let us review what a group is.
In Linux, groups are a collection of users. A group can have zero or more users assigned to it. Just like users, each group has its own “group name” and a unique “group ID”. Groups are used to assign users to a set of permissions, access or privileges.
There are two types of groups:
- Primary Group: When a Linux user is created, it is automatically assigned to a single, default group, known as the “primary group”. Usually, the name of the primary group is the same as the user’s username, although you can change this if you want.
- Supplementary Group: Apart from the primary group, you can add a user to other groups. These other groups to which a user belongs are called supplementary groups.
Let us understand this with an example. Previously, when we created the user
john, a group named
john was automatically created as well. This group is the primary group, and the user
john was added to the group
Later, you can add
john to another group, such as
sales. Now, with respect to the user
sales is a supplementary group.
Information about all groups on your system is stored in
/etc/group. Groups can also have passwords, although they’re rarely used because it requires everyone in the group to know a common password. If a group has a password, it is stored in
Create a new Group
To create a new group in Linux, run the
groupadd command, like so:
sudo groupadd <name of the group>
For example, to add a group named
sales to your system, use the command:
sudo groupadd sales
Just like the
groupadd also doesn’t show any output if the user was successfully created:
If you want to verify that the group was indeed created, you can view the file
Previously, we’ve mentioned that group passwords are rarely ever used. However, if you do want to assign a group password, you can use the
sudo gpasswd sales
Enter the group password and confirm it by typing it again. The group password is set once you complete this process.
View a user’s groups and user ID
To see a user’s information, such as a user’s ID and the groups they belong to, you can use the
id command. To see your own user’s information, simply type:
The output shows your user’s ID (
uid) and primary group’s ID (
gid), as well as a list of primary and supplementary groups you belong to. For example, in the output below, the user
booleanworld belongs to the groups
On the other hand, if you want to view the information for a different user, use the following command:
It lists the user ID, primary group ID, as well as the associated names of the groups and their IDs:
Otherwise, if you only want to see the groups to which a user belongs, you can use the
groups command. It’s similar to
id, and by default it lists your own groups by default. For example, once again we can see that the current user,
booleanworld belongs to the groups
If you want to see the group of another user, use:
In the example below, we’re using it to list the groups
john belongs to:
Add a User to a Group
Now that you have an idea about groups, we can now modify a user and assign them to groups. To add a user to a group, use the following command:
sudo usermod -a -G <group name> <user name>
For example, to assign the user John to the group
sales, you should run:
sudo usermod -a -G sales john
-a flag “adds” the user to the group and the
-G signifies that we’re adding them to a supplementary group (as opposed to changing their primary group).
If you want to change the user’s primary group instead, you can use the
-g flag like so:
sudo usermod -g <primary group name> <username>
In the above command, notice that we aren’t using the
-a append flag. This is because, we want to simply change the primary group of the user, and we’re not adding the user to a group. By its very definition, a primary group can only have one user.
Change Password of a User
Previously, when we created a new user, we’ve used the
passwd command to assign a password to the new user. You can also use this to change passwords. If you want to change your own password, simply run:
When you change your own password, it’ll ask you for your current password. Once you enter it correctly, you will be asked to enter your new password twice.
You can also use it to change a different by providing the username, although you need to be root to change passwords for others. The syntax for changing another user’s password is:
sudo passwd <username>
When you are the root user,
passwd doesn’t ask you for your current password — it’ll just ask you for the new password.
You can also use
passwd to prevent a user from logging in (aka “locking out the user”), using the
-l switch. For example, if you want to prevent
john from logging in, you can use:
sudo passwd -l john
Grant Sudo Permissions to Users
sudo is a utility to allow users to execute commands as another user, usually the root user. In most distributions, only a certain set of users can execute
For example, in Debian and its derivatives (like Ubuntu), users in the
sudo group can use the
sudo command. Similarly, CentOS or RHEL has a
wheel group that does the same thing.
If you want a user (say
john) to be able to use sudo, you can use
usermod to add them to the
sudo group like so:
sudo usermod -a -G sudo john
For CentOS or RHEL use:
sudo usermod -a -G wheel john
What if you don’t use something based on Debian or CentOS? Although the default
sudo configuration can vary a lot between distributions, the steps below should help you get started.
First, you should create your own group, such as
sysadmins and add users to it, just like we’ve done previously. Then, you can edit the file
/etc/sudoers as a root user to allow anyone who belongs to
sysadmins to have
sudo access. To edit the file, you can use an editor like
vi by running:
sudo nano /etc/sudoders # if you have 'nano' installed sudo vi /etc/sudoers # if you have 'vi' installed
Now, go to the end of the file, and add the following text on its own line. This will allow anyone belonging to
sysadmins to use sudo:
%sysadmins ALL=(ALL) ALL
Save the file and exit the editor. After this, any users in
sysadmins would be able to use
sudo to run commands.
Delete a User in Linux
To delete a user in Linux, you can use userdel command, like so:
sudo userdel <username>
By default, this command preserves the home directory and some other special files, such as the user’s list of cron jobs. If you want to delete these files as well, you should use the
For example, if you want to delete the user john along with the home directory of john, use the following command:
sudo userdel -r john