Skip to content

Click on each book below to review & buy on Amazon.

As an Amazon Associate, I earn from qualifying purchases.

CompTIA Linux+ XK0-005 - 2.2 - Account Creation & Deletion

This guide provides an in-depth look at the key utilities and configuration files involved in the process of account creation and deletion. Managing user and group accounts involves several tasks: creating and deleting user accounts, modifying account properties, managing groups, and setting user environments. These tasks are typically performed using command-line utilities, each serving a specific function. Additionally, a number of configuration files play a vital role in this process, storing crucial information about user accounts, groups, and user environments.


Creating and deleting user accounts and groups is a common administrative task. Linux provides several utilities for managing user and group accounts. The following commands are commonly used for account creation and deletion:


The useradd command is used for creating new user accounts. It adds a user to the system and is capable of setting up various aspects of the user's account, such as home directory and login shell.

When you use useradd, it operates with default settings which are defined in /etc/default/useradd and /etc/login.defs. These settings can be overridden with command-line options.

A basic useradd command looks like this:

sudo useradd [options] username

Just using a username with this command creates a user with default settings. However, several options can tailor the user account:

  • Home Directory: Specified with -d or --home. If you want to set a custom home directory for the user, use this option.
  • Creating Home Directory: The -m flag ensures the user's home directory is created if it doesn't exist.
  • Login Shell: Defined with -s or --shell. This sets the user's default login shell.
  • Initial Group: Use -g or --gid to set the initial login group of the user.
  • Additional Groups: The -G or --groups option allows you to specify additional groups for the user.
  • User ID: Assign a unique user ID (UID) with -u or --uid.

For instance, to create a user johndoe with their own home directory and Bash as their login shell, the command would be:

sudo useradd -m -s /bin/bash johndoe

This command sets up a home directory at /home/johndoe and uses /bin/bash as the default shell. When -m is used, useradd will also populate the home directory with files from /etc/skel, which are skeleton files used to set up a user environment with default settings.

Remember, to modify the system-wide default settings for new user accounts, you can edit the /etc/default/useradd file.


The groupadd command is used to create new groups. Groups in Linux are a key aspect of managing file permissions and user access. They allow you to define a set of users who share certain permissions and access levels.

The basic syntax for creating a new group with groupadd is:

sudo groupadd [options] groupname

Executing this command creates a new group with the specified group name. Similar to user accounts, groups have default settings which are influenced by system configuration, typically defined in /etc/login.defs.

Some commonly used options in the groupadd command include:

  • -g or --gid: This option allows you to specify a unique group ID (GID) for the new group. If not used, the system will assign the next available GID.
  • -r: This option is used to create a system group. System groups are typically used for system accounts rather than regular user accounts.

For example, to create a new group named developers, the command would be sudo groupadd developers. This will create a new group with the next available GID.

If you need to assign a specific GID to the group, for instance, 1005, you would use sudo groupadd -g 1005 developers. This assigns the GID 1005 to the developers group.

The groupadd command is fundamental for organizing users into groups, which is an important part of system administration, particularly for managing permissions and access controls.

To learn more about the detailed options and usage of the groupadd command, you can refer to the manual page by running man groupadd in the terminal. This manual provides in-depth information and examples for the groupadd utility.


The userdel command is a key utility in Linux for deleting user accounts. This command is used by system administrators to remove users from the system, helping to maintain and manage the user base effectively.

The basic command syntax for deleting a user is:

sudo userdel [options] username

When this command is executed, it removes the user's entry from the /etc/passwd and /etc/shadow files, essentially deleting the account from the system. However, it's important to note that by default, userdel does not remove the user's home directory and mail spool.

Some of the options that are frequently used with userdel include:

  • -r: This option is particularly significant because it removes the user's home directory and mail spool along with the user account. This is important for fully cleaning up after the user and ensuring that no unnecessary data is left consuming disk space.

    For example, to delete a user named johndoe and remove their home directory, the command would be sudo userdel -r johndoe.

  • -f: This option forces the removal of the user account, even if the user is still logged in or if there are processes running under this user. It's a more aggressive option and should be used with caution.

The userdel command should be used judiciously as it is irreversible and important data can be lost if not handled properly, especially when using the -r option to remove the home directory.


The groupdel command is designed for deleting groups. It is an essential tool for administrators when managing group accounts, particularly for maintaining a clean and organized system by removing obsolete or unused groups.

The basic syntax for deleting a group is:

sudo groupdel groupname

When you run this command, it removes the specified group from the system. This removal is reflected in the /etc/group file, where the group's record is deleted.

However, it's important to understand the implications and limitations of using groupdel:

  • The command does not delete the group if it is the primary group of any existing user. You must first ensure that no users have the group set as their primary group.
  • The command does not automatically update the group memberships of users who are members of the group being deleted. It's advisable to manually check and update user memberships to other groups as needed.

For instance, if you want to delete a group named developers, you would use the command sudo groupdel developers. This would remove the developers group from the system, provided it is not the primary group of any user.

Using groupdel effectively requires careful planning and verification to ensure that you do not inadvertently affect users who might still need access to the group's resources or permissions.


The usermod command is used to modify a user's account. This command is commonly used by system administrators to update user information, including changing the user's login name, home directory, shell, or group memberships.

The basic syntax for using usermod is:

sudo usermod [options] username

Some of the most significant options available with usermod include:

  • -l (new login name): This option allows you to change the user's login name.
  • -d (home directory) and -m (move content): These options are used together to change the user's home directory and move the contents from the old directory to the new one.
  • -s (login shell): This option lets you change the user's login shell.
  • -g (primary group): It changes the user's primary group.
  • -G (supplementary groups): This option is used to add the user to additional groups. If used with the -a option, it appends the user to the listed groups without removing them from other groups.

For example, to change the login name of a user from johndoe to johnsmith, the command would be:

sudo usermod -l johnsmith johndoe

To change the home directory of a user and move all contents from the old to the new directory, the command could be:

sudo usermod -d /new/home/dir -m username

The usermod command is a tool for managing user accounts, providing flexibility to update various user account properties as requirements evolve. It is an integral part of Linux system administration, offering the capability to adapt user accounts to changing organizational structures and policies.

When using usermod, ensure that the user whose account is being modified is not currently logged in, as this can lead to unpredictable behavior and potential data loss. Additionally, careful consideration should be given to changes that might impact the user's access to files and resources, such as changes in group memberships.


The groupmod command is used to modify group properties. This command is particularly useful when you need to change attributes like the name or Group ID (GID) of an existing group. It's a key tool for administrators in managing and organizing groups effectively.

To modify a group, the basic syntax of the groupmod command is:

sudo groupmod [options] groupname

Key options for groupmod include:

  • -n (new name): This option allows you to rename the group. It's useful when you need to align group names with changes in project names, department names, etc.
  • -g (new GID): This option is used to change the Group ID. This might be necessary in situations where you're standardizing GIDs across multiple systems or avoiding conflicts with newly created groups.

For example, to change the name of a group from developers to devteam, you would use:

sudo groupmod -n devteam developers

And to change the GID of a group named projectgroup to 1002, the command would be:

sudo groupmod -g 1002 projectgroup

It's important to note that changing a group's name or GID can have implications for file permissions and user access. Files and directories that were assigned to the group under its old GID or name may need to be updated to reflect the change.


The id command is a straightforward yet powerful utility used to display user and group information for a specified user, or for the current user if no username is specified. This tool is particularly helpful for system administrators and users to quickly ascertain user and group identities, along with their corresponding IDs.

The basic usage of id is as simple as:

id [username]

When executed without any options or username, id displays the user and group information for the current user. This includes the user ID (UID), the primary group ID (GID), and the IDs of any supplementary groups the user belongs to.

For example, running id without any arguments might produce an output like:

uid=1001(johndoe) gid=1001(johndoe) groups=1001(johndoe),27(sudo)

This output indicates that the user johndoe has a UID of 1001, a primary GID of 1001, and is also a member of the sudo group with the GID of 27.

When you specify a username, id will display the information for that user. For instance, running id alice would show the user and group IDs for the user alice.


The who command provides a list of users currently logged into the system. It's a simple yet essential utility for administrators and users alike to see who is accessing the system at any given time. This information can be particularly useful for monitoring system usage and for security purposes.

Running the who command is straightforward:


This command produces output that typically includes the username, the terminal they are logged into (tty/pts), the date and time they logged in, and in some cases, the IP address from which they are connecting.

For example, the output of who might look like this:

johndoe   pts/0        2024-01-31 12:34 (:
alice     tty2         2024-01-31 08:21

This output indicates that two users are currently logged into the system: johndoe is logged in via a pseudo-terminal session (possibly through SSH), and alice is logged in directly on tty2 (which could be a physical terminal).

The who command can also be used with various options to customize the output. For example:

  • who -q displays only the list of usernames and the total number of users logged in.
  • who -H adds column headers to the output, making it easier to understand.


The w command extends the functionality of the who command by providing more detailed information about the users currently logged into the system. It not only shows who is logged in but also displays what each user is doing, including the load averages for the system. This utility is especially useful for administrators who need to monitor system activity and user processes in real time.

Executing the w command is as simple as typing:


This command outputs several pieces of information for each logged-in user: their login name, the terminal they are connected to, the remote host, login time, idle time, JCPU (the time used by all processes attached to the tty), PCPU (the time used by the current process, named in the WHAT field), and the command line of their current process.

For example, the output might look something like this:

 12:34:56 up 10 days,  3:22,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
johndoe  pts/0     12:34    1:23   0.02s  0.00s sshd: johndoe [priv]
alice    tty2                      08:21    4:02m  0.04s  0.01s -bash

This tells us that johndoe logged in at 12:34 from IP address and is currently running an SSH daemon process, while alice has been logged in since 08:21 directly through tty2 and is currently using the bash shell. The system load averages over the last 1, 5, and 15 minutes are also displayed, indicating the system's overall workload.

The w command is used for assessing system activity, providing a quick overview of what users are doing at any given time, along with useful system load information. This can help in identifying issues, monitoring user activity, or even just seeing if the system is being used actively.

Default Shell

The default shell is the command-line interpreter that is automatically assigned to a user when their account is created. It provides the user with an interface to interact with the operating system through commands. The default shell for most Linux distributions is Bash (Bourne Again SHell), although other shells like Zsh, Fish, and Ksh are also popular among users for their unique features and capabilities.

Setting the Default Shell

When creating a user with the useradd command, the default shell can be specified with the -s option followed by the path to the shell's executable. If not specified, the system uses the default shell specified in the /etc/default/useradd file or the one defined in the /etc/passwd file for the user.

An example of setting Bash as the default shell for a new user:

sudo useradd -m -s /bin/bash username

Changing the Default Shell

A user's default shell can be changed after account creation using the chsh (change shell) command. This command updates the entry in the /etc/passwd file for the user.

To change the default shell for a user:

chsh -s /path/to/shell username

For example, to change the default shell to Zsh for a user:

chsh -s /usr/bin/zsh username

Users should have a shell that best suits their preferences and workflow, as it enhances productivity and the overall experience when interacting with the system. The choice of shell can affect scripting, command syntax, and the availability of advanced features like auto-completion, scripting capabilities, and customization options.

Configuration Files

Linux uses a variety of configuration files to manage user accounts, environment settings, and shell behaviors. These files are crucial for the operation of Linux systems, as they dictate how user accounts are created, managed, and removed, along with customizing the user environment and shell experience.


The /etc/passwd file is one of the most important files in Linux systems, as it contains information about the users. It's accessible to all users for reading, which is necessary for various system operations, such as mapping user IDs to usernames. Each line in the file represents a single user account and contains several fields separated by colons (:), which include:

  • Username: It's the name used when logging into the system.
  • Password: In modern systems, this field typically contains an x or an asterisk (*), indicating that the actual encrypted password is stored in the /etc/shadow file, which is accessible only to privileged users.
  • User ID (UID): This is the unique identifier for the user, which is used by the system to identify each user. Standard users typically have UIDs starting from 1000 or 500, depending on the distribution.
  • Group ID (GID): The primary group ID for the user. The system uses this number to determine the primary group of the user.
  • User Info (GECOS): This field is optional and often includes the full name of the user or other information like contact details.
  • Home Directory: The path to the user's home directory, which is the directory where users are placed after logging in.
  • Shell: This field specifies the command interpreter or shell for the user. If empty, it defaults to /bin/sh, though typically it's set to /bin/bash on many Linux distributions.

The below is an example entry for a user called johnjoe:

johndoe:x:1001:1001:John Doe:/home/johndoe:/bin/bash

This example shows a user johndoe whose encrypted password is stored in /etc/shadow, with a UID and GID of 1001. The user's full name is John Doe, their home directory is /home/johndoe, and their default shell is Bash.

Administrators often interact with this file directly or through utilities that manage its entries, such as useradd, usermod, and userdel.


The /etc/group file is used for defining groups, which are collections of users. Groups are used to organize users and to manage file permissions and access controls more efficiently. Like /etc/passwd, this file is readable by all users on the system, allowing for operations that need to translate group IDs (GIDs) to group names.

Each line in the /etc/group file represents a single group and is formatted with fields separated by colons (:), including:

  • Group Name: The name of the group. This is used when setting file permissions or when specifying group ownership of files and directories.
  • Password: This field is usually empty or contains an x. If a password is set, it can be used to allow users who are not members of the group to change their current group to this group with the newgrp command. However, group passwords are rarely used.
  • Group ID (GID): A unique numerical ID assigned to the group. This ID is used internally by the system to represent the group.
  • Group Members: A comma-separated list of usernames who are members of the group. These users are supplementary members of the group, in addition to the primary group specified in the /etc/passwd file for each user.

An example of an entry in the /etc/group file is:


This entry describes a group named developers with a GID of 1002. The users johndoe and alice are members of this group. The password field is marked with an x, indicating that the group password is not stored in this file.

Groups play a crucial role in Linux security and file system management, allowing administrators to assign file permissions to a collective rather than having to manage permissions for individual users. This simplifies the process of managing access controls on shared resources. The /etc/group file is therefore a key component in the configuration and maintenance of Linux systems, serving as the primary source of group information.


The /etc/shadow file is a secure system file that stores encrypted user password information, along with password aging and expiration details. Unlike /etc/passwd, which is readable by all users to allow for operations like username and UID mappings, /etc/shadow is highly sensitive and therefore accessible only to the root user or users with similar privileges. This restriction is important for system security, as it prevents unauthorized users from accessing encrypted passwords and other sensitive information.

Each line in the /etc/shadow file corresponds to a user's password information and is divided into fields separated by colons (:), which include:

  • Username: The name of the user, matching an entry in the /etc/passwd file.
  • Password: The encrypted password for the user. If this field contains an exclamation mark (!) or an asterisk (*), it indicates that the account has been disabled or locked, preventing user login.
  • Last Password Change: The number of days since January 1, 1970, that the password was last changed.
  • Minimum Days: The minimum number of days required between password changes. This is used to enforce password aging policies.
  • Maximum Days: The maximum number of days the password is valid. After this period, the password must be changed.
  • Warning Days: The number of days before password expiration that the user is warned about the need to change the password.
  • Inactive Days: The number of days after password expiration that the account is disabled.
  • Expiration Date: The date on which the account will be disabled. It is expressed as the number of days since January 1, 1970.

The below is an example entry in the /etc/shadow file:


This entry shows information for the user johndoe. Following the username are the encrypted password, the last password change date, minimum and maximum days for password change, warning days, with inactive and expiration fields being blank meaning they are not applied to this account.


The /etc/profile file serves as a global configuration script that initializes the environment settings for all login shells. This script is executed whenever a user logs into the system using a login shell, setting environment variables and executing scripts that apply system-wide. It lays the foundation for the user's environment, including path settings, environment variables, and other configurations that affect the shell's behavior for every user.

/etc/profile typically contains commands to set the PATH environment variable, define shell options, and set up environment variables that control the behavior of the shell and other programs. It might also include commands to run scripts located in other directories, such as /etc/profile.d/, where additional environment settings and startup scripts can be placed to be executed for all users.

Administrators can edit /etc/profile to change the environment for all users although it is recommended to create custom scripts in /etc/profile.d/. Changes to this file will only take effect for new login sessions. For individual user customizations, users can modify their own .bash_profile, .bash_login, or .profile files in their home directories, which are read after /etc/profile during the login process.


The /etc/skel directory is a template directory that contains default configuration files. When a new user account is created with the useradd command, the system automatically copies the contents of /etc/skel to the new user's home directory. This process ensures that all new users have a standard set of configuration files, such as shell configuration scripts and environment settings.

Files commonly found in /etc/skel include:

  • .bash_profile: Sets environment variables and executes commands at login.
  • .bashrc: Contains commands that are executed by the Bash shell for interactive shell sessions.
  • .bash_logout: Executes commands when a user logs out of a Bash session.

The presence of these files in a user's home directory allows for personal customization of the shell environment. Users can modify these files to change their shell prompt, set up aliases, define environment variables, and customize their shell environment in other ways.

The below is an example of what the contents of /etc/skel might look like:

├── .bash_logout
├── .bashrc
└── .profile

Administrators can modify the contents of /etc/skel to change the default environment settings and configurations for new users. For instance, adding aliases, functions, or other shell settings to the .bashrc file in /etc/skel will propagate those settings to every new user account created afterward.

.bash_profile and .bashrc

.bash_profile and .bashrc are configuration files used by the Bash shell. They allow users to customize their shell environment. While both files serve similar purposes, they are used in different contexts.


The .bash_profile file is executed for login shells. This means it runs whenever a user logs into the system from a terminal or via SSH. It's typically used to execute commands that should only run once at the beginning of a login session, such as setting environment variables and running startup scripts.

The below is an example entry in a .bash_profile file:

# Set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then

# Ensure that the .bashrc is executed
if [ -f "$HOME/.bashrc" ]; then
   source $HOME/.bashrc

This example adds a private bin directory to the PATH if it exists and sources the .bashrc file to ensure that its configurations are applied in login shells.


The .bashrc file, on the other hand, is executed for interactive non-login shells, such as opening a new terminal window in a graphical environment. It's used for configuring the shell session, defining aliases, setting environment variables that should be updated every time a new shell session is started, and more.

The below is an example entry in a .bashrc file:

# Alias definitions.
alias ll='ls -l'
alias la='ls -A'
alias l='ls -CF'

# Set Bash prompt.
PS1='[\u@\h \W]\$ '

# Enable color support of ls and grep
if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'

    # Add color for grep
    alias grep='grep --color=auto'
    alias fgrep='fgrep --color=auto'
    alias egrep='egrep --color=auto'

This .bashrc example defines several useful aliases for common commands, sets a custom Bash prompt, and enables color support for the ls and grep commands.

While .bash_profile is specific to login sessions and .bashrc is for interactive sessions, it's common practice to source .bashrc from .bash_profile to ensure that the shell environment is consistent across different types of sessions. This arrangement allows users to centralize most of their customizations in .bashrc, keeping their shell configuration organized and manageable.


The utilities discussed in this guide, such as useradd, groupadd, userdel, groupdel, usermod, groupmod, id, who, w, and the configuration files like /etc/passwd, /etc/group, /etc/shadow, /etc/profile, /etc/skel, .bash_profile, and .bashrc, are integral to managing Linux systems. They provide system administrators with the necessary tools to efficiently manage user accounts, groups, and environmental settings, ensuring that the system is secure, organized, and tailored to meet the needs of its users.

Support DTV Linux

Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.

NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.