Skip to content

Click on each book below to review & buy on Amazon.

As an Amazon Associate, I earn from qualifying purchases.

RHCSA - Manage Users & Groups: Create, Delete, & Modify Local User Accounts

/etc/passwd File

The /etc/passwd file is a plain text file that contains a line for each user account on the system. Each line consists of several fields separated by colons (:), representing different attributes of the user account.

The fields in the /etc/passwd file are as follows:

  • Username: This field contains the username associated with the account. It is used to identify the user.
  • Password: Historically, this field stored the encrypted password for the user. However, modern Linux systems store the password hashes in a separate file, such as /etc/shadow, for security reasons. In the /etc/passwd file, this field is typically represented by a placeholder, such as x or *.
  • User ID (UID): The UID field stores a unique numeric identifier for the user. Each user on the system must have a distinct UID. The UID 0 is reserved for the root user.
  • Group ID (GID): This field specifies the primary group ID for the user. It identifies the group to which the user belongs.
  • User Information: The User Information field usually contains additional information about the user, such as the full name, job title, or contact details. However, this field is not standardized and can vary across systems.
  • Home Directory: This field indicates the user's home directory, where they typically store their personal files.
  • Default Shell: The Default Shell field specifies the default command-line interpreter (shell) for the user. It determines the user's command-line environment and behavior.

/etc/login.defs File

The settings specified in the /etc/login.defs file are used during user account creation and password-related operations. When a new user account is created, the system checks /etc/login.defs for default values to assign to attributes such as password expiration, minimum and maximum UID and GID, and more.

Here are some common settings and their explanations:

  • PASS_MAX_DAYS: This setting determines the maximum number of days a password is valid before it must be changed. It helps enforce password expiration policies and enhances security.
  • PASS_MIN_DAYS: Specifies the minimum number of days that must pass before a user can change their password again. It helps prevent users from frequently changing their passwords.
  • PASS_WARN_AGE: Sets the number of days before the password expiration when users receive a warning message. It helps remind users to change their passwords before they expire.
  • LOGIN_RETRIES: Determines the maximum number of login retries permitted before an account is locked. It helps prevent brute-force attacks by locking out accounts after repeated failed login attempts.
  • LOGIN_TIMEOUT: Defines the duration (in seconds) for which the system waits for user input during the login process. If no input is received within this time frame, the login attempt is terminated.
  • UID_MIN and UID_MAX: These settings define the range of UIDs (user IDs) that are allocated for regular user accounts. The UID_MIN setting specifies the minimum UID, while UID_MAX specifies the maximum UID.
  • GID_MIN and GID_MAX: Similar to UID_MIN and UID_MAX, these settings define the range of GIDs (group IDs) allocated for regular groups.

/etc/skel Directory

The /etc/skel directory, short for "skeleton", serves as a blueprint for new user accounts. When a user account is created, the contents of the /etc/skel directory are automatically copied to the user's home directory, providing a set of default files and configurations.

/etc/shells File

The /etc/shells file contains a list of available shells, such as /bin/bash, /bin/sh, /bin/zsh, etc that are available for setting as a users default shell.

Creating Local User Accounts

The useradd command is used to create a new user account on the system. It allows system administrators to add users and set various attributes for the newly created account, such as the user's home directory, default shell, user ID (UID), group ID (GID), supplementary groups, and more.

The below table shows some of the most common options to use with the useradd command. These options can be chained together to really customize the users settings:

Option Description
-d, --home Specifies the user's home directory.
-m, --create-home Creates the user's home directory if it doesn't exist.
-s, --shell Sets the default shell for the user.
-u, --uid Sets the user ID (UID) for the account.
-g, --gid Sets the primary group ID (GID) for the account.
-G, --groups Sets additional supplementary groups for the account.

The below exercise will get you creating a user.

Create user user1111:

Create a user named user1111 with the following attributes:

  • Home directory: -d /home/user1111
  • Default shell: -s /bin/bash
  • User ID (UID): -u 1111
  • Create home directory if it doesn't exist: -m
sudo useradd -m -d /home/user1111 -s /bin/bash -u 1111 user1111

Confirm the user was created with expected settings:

id user1111
getent passwd user1111

Output of both commands should show the user ID, primary group, supplementary groups, home directory and shell:

$ id user1111
uid=1111(user1111) gid=1111(user1111) groups=1111(user1111)

$ getent passwd user1111
user1111:x:1111:1111::/home/user1111:/bin/bash

Modifying Local User Accounts

The usermod command is used to modify existing user accounts on the system. It allows system administrators to change various attributes of a user account, such as the user's home directory, default shell, user ID (UID), group ID (GID), supplementary groups, and more.

The table below outlines some commonly used options with the usermod command. These options can be combined to tailor the user's settings:

Option Description
-d, --home Change the user's home directory.
-m, --move-home Move the content of the user's home directory to the new location.
-s, --shell Change the default shell for the user.
-u, --uid Change the user ID (UID) for the account.
-g, --gid Change the primary group ID (GID) for the account.
-G, --groups Change additional supplementary groups for the account.
-a, --append Append user to supplementary groups (used with -G).

Below is an example exercise demonstrating the use of usermod to modify an existing user.

Modify user user1111:

Modify the user named user1111 with updated attributes:

  • Home directory: -m -d /home/user2222
  • Default shell: -s /bin/sh
  • User ID (UID): -u 2222
sudo usermod -m -d /home/user2222 -s /bin/sh -u 2222 user1111

Confirm the user's updated settings:

id user1111
getent passwd user1111

Both commands' output should display the updated user ID, primary group, supplementary groups, home directory, and shell:

$ id user1111
uid=2222(user1111) gid=1111(user1111) groups=1111(user1111)

$ getent passwd user1111
user1111:x:2222:1111::/home/user2222:/bin/sh

Deleting Local User Accounts

The userdel command is used to delete user accounts from the system. It allows system administrators to remove user accounts along with their associated files and settings.

The table below outlines the primary option used with the userdel command:

Option Description
-r, --remove Remove the user's home directory and mail spool.

Here's an example exercise demonstrating the use of userdel to delete an existing user.

Delete user user1111:

Delete the user named user1111 including the removal of their home directory and mail spool:

sudo userdel -r user1111

Confirm the user's deletion:

id user1111

The command should return an error indicating that the user doesn't exist:

id: ‘user1111’: no such user

Support DTV Linux

Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.

NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.