🐧 Linux System User and Group Management

This chapter mainly explains the methods of Linux user and group management, including account addition, modification, deletion, password management, group management, and related system file structures. This knowledge is fundamental for system maintenance, security control, and permission management.

🧭 1. Management of Linux System User Accounts

Linux is a multi-user, multitasking time-sharing operating system. Each user must have a valid account before using system resources.

The functions of user accounts include:

• Helping system administrators track and control user access permissions;

• Helping users organize their files and data;

• Providing security protection mechanisms.

🧩 1. Adding User Accounts (<span><span>useradd</span></span> command)

Syntax:

useradd [options] username

Common option descriptions:

• <span>-c comment</span>: Add a comment description;

• <span>-d directory</span>: Specify the user’s home directory;

• <span>-m</span>: Automatically create the home directory if it does not exist;

• <span>-g group</span>: Specify the user’s primary group;

• <span>-G group1,group2</span>: Specify additional groups;

• <span>-s shell file</span>: Specify the user’s login shell;

• <span>-u user ID</span>: Specify the user ID;

• <span>-o</span>: Allow the reuse of an existing UID.

Example 1:

# useradd -d /home/sam -m sam

Create user `sam`, and automatically generate home directory `/home/sam`.

Example 2:

# useradd -s /bin/sh -g group -G adm,root gem

Create user `gem`, with login shell `/bin/sh`, primary group `group`, and additional groups `adm` and `root`.

💡 If the specified group does not exist, you can first use:

# groupadd group
# groupadd adm

📘 Principle Explanation: When a new user is added, a record will be added in the `<span>/etc/passwd</span>` directory. It also updates the `<span>/etc/shadow</span>`, `<span>/etc/group</span>` and other files.

🧱 2. Deleting User Accounts (<span><span>userdel</span></span> command)

Syntax:

userdel [options] username

Common options:

• <span>-r</span>: Also delete the user’s home directory.

Example:

# userdel -r sam

Delete user `sam` and their home directory /home/sam.

🧮 3. Modifying User Accounts (<span><span>usermod</span></span> command)

Syntax:

usermod [options] username

Common options:

• <span>-c, -d, -m, -g, -G, -s, -u, -o</span>: Same meanings as <span>useradd</span>;

• <span>-l new username</span>: Change the login name.

Example:

# usermod -s /bin/ksh -d /home/z -g developer sam

Change user `sam`'s login shell to `ksh`, home directory to `/home/z`, and primary group to `developer`.

🔐 4. User Password Management (<span><span>passwd</span></span> command)

After creating a user account, it is locked by default, and a password must be set to enable it.

Syntax:

passwd [options] username

Common options:

• <span>-l</span>: Lock the account;

• <span>-u</span>: Unlock the account;

• <span>-d</span>: Delete the password;

• <span>-f</span>: Force the user to change the password at the next login.

Example:

# passwd sam
New password: ******
Re-enter new password: ******

🔸 Regular users must enter the original password when changing their own password; 🔸 Superuser (root) can directly change others’ passwords.

Example of empty password:

# passwd -d sam

Delete <span>sam</span>‘s password, making it temporarily unable to log in.

Example of locking an account:

# passwd -l sam

Security Recommendations:

• Password length should be at least 8 characters;

• Include uppercase and lowercase letters, numbers;

• Do not use easily guessable information such as birthdays or names.

👥 2. Management of Linux System User Groups

User groups are one of the core mechanisms of Linux permission management. They allow the system to control resource access for multiple users as a unit.

🧩 1. Adding User Groups (<span><span>groupadd</span></span> command)

Syntax:

groupadd [options] groupname

Option descriptions:

• <span>-g GID</span>: Specify the group ID;

• <span>-o</span>: Allow the reuse of an existing GID.

Example 1:

Create a new group <span>group1</span>.

# groupadd group1

Example 2:

Create group <span>group2</span>, with group number 101.

# groupadd -g 101 group2

🧱 2. Deleting User Groups (<span><span>groupdel</span></span> command)

Syntax:

groupdel groupname

Example:

Delete group <span>group1</span>.

# groupdel group1

🔧 3. Modifying User Groups (<span><span>groupmod</span></span> command)

Syntax:

groupmod [options] groupname

Option descriptions:

• <span>-g GID</span>: Modify the group ID;

• <span>-o</span>: Allow the reuse of GID;

• <span>-n new group name</span>: Change the group name.

Example 1:

# groupmod -g 102 group2

Example 2:

Change the group number of <span>group2</span> to <span>10000</span>, and change the group name to <span>group3</span>.

# groupmod -g 10000 -n group3 group2

🔄 4. Switching User Groups (<span><span>newgrp</span></span> command)

Syntax:

newgrp targetgroupname

Example:

Switch to <span>root</span> user group (provided the current user belongs to that group).

$ newgrp root

🗂️ 3. System Files Related to User Accounts

All information about Linux users and groups is stored in system files:

• <span>/etc/passwd</span>

• <span>/etc/shadow</span>

• <span>/etc/group</span>

📁 1. <span><span>/etc/passwd</span></span> File Structure

Each user has a record in <span>/etc/passwd</span>, formatted as follows:

username:password:userID:groupID:comment:home directory:login shell

Field descriptions:

1. Username: Login name;

2. Password: Encrypted password or placeholder (e.g., <span>x</span>);

3. User ID (UID): Unique identifier;

4. Group ID (GID): Primary group;

5. Comment: Description information;

6. Home Directory: Directory after login;

7. Login Shell: Command interpreter path.

Example:

sam:x:200:50:Sam san:/home/sam:/bin/sh

⚙️ If the system enables shadow technology, then the password field in <span>/etc/passwd</span> will only be “x”, and the actual password is stored in <span>/etc/shadow</span>.

🛡️ 2. <span><span>/etc/shadow</span></span> File Structure

Field format:

login name:encrypted password:last modified:min interval:max interval:warning:inactive:expire:flag

Field explanations:

• Login name: Corresponds to <span>/etc/passwd</span>;

• Encrypted password: The real encrypted password;

• Last modification time: Days since the start time;

• Minimum interval: Minimum days between two modifications;

• Maximum interval: Password validity period;

• Warning time: Days to remind before expiration;

• Inactive time: Days valid but not logged in;

• Expiration time: Days until account expiration.

👨👩👧👦 3. <span><span>/etc/group</span></span> File Structure

Format:

group name:password:group ID:user list

Field descriptions:

• Group name: The name of the group;

• Password: Generally empty;

• Group ID: Integer;

• User list within the group: Separated by commas.

Example:

users::20:root,sam

⚙️ 4. Batch Adding Users

When a large number of users need to be created, batch command combinations can be used.

Steps are as follows:

1️⃣ Edit the user information file (user.txt)

user001::600:100:user:/home/user001:/bin/bash
user002::601:100:user:/home/user002:/bin/bash...

2️⃣ Import user data

# newusers < user.txt

3️⃣ Disable shadow password functionality

# pwunconv

4️⃣ Create password mapping file (passwd.txt)

user001:123456
user002:123456...

5️⃣ Batch set passwords

# chpasswd < passwd.txt

6️⃣ Re-enable shadow encryption

# pwconv

✅ After execution, you can check the home directories and permissions in <span>/home</span> to ensure they are correct.

📚 Summary

• The Linux system achieves multi-user security management through accounts + user groups + file permissions.

• User-related information is mainly stored in <span>/etc/passwd</span>, <span>/etc/shadow</span>, and <span>/etc/group</span> three files.

• Administrators can use commands <span>useradd</span>, <span>usermod</span>, <span>userdel</span>, <span>passwd</span> to maintain users; and use <span>groupadd</span>, <span>groupmod</span>, <span>groupdel</span> to maintain groups.

• For batch user creation, you can use the <span>newusers</span> + <span>chpasswd</span> command combination for quick implementation.

✍️ Learning Tips:

1. Familiarize yourself with each command parameter;

2. Practice in a virtual machine environment;

3. Pay attention to the security of <span>/etc/shadow</span>;

4. Avoid directly deleting system accounts (such as daemon, lp, nobody).

💡 END · Linux User and Group Management (Completed)