Coding With Fun
Home Docker Django Node.js Articles Python pip guide FAQ Policy

UNIX user management

May 23, 2021 UNIX Getting started

Table of contents

1. User management

2. Manage users and groups

3. Create a group

4. Modify the group

5. Delete a group

6. Create an account

7. Modify an account

8. Delete an account

User management

In a UNIX system, there are three types of accounts:

  • Root account: This is also known as a superuser, and such users have complete and unconstrained control over the system. S uper users can run any command without any restrictions. Such users should assume the task of being a system administrator.
  • System accounts: System accounts are provided for the needs of specific components of the operating system, such as mail accounts and sshd accounts. These accounts are usually set up to meet the needs of specific functions on the system, and any modifications made to them may negatively affect the system.
  • User accounts: User accounts provide interactive access to users and groups of users of the system. These accounts are typically assigned to ordinary users, usually with limited access to critical system files and directories.

UNIX supports the concept of Group Account, which is logically a group of many accounts. E ach account may be part of any group account. UNIX groups play an important role in processing file permissions and process management.

Manage users and groups

The following are three main user management files:

  • /etc/passwd: This file holds user account and password information. This file contains most of the account information on the UNIX system.
  • /etc/shadow: This file contains the encrypted password for the account. Not all systems support this file.
  • /etc/group: This file contains group information for each account.
  • /etc/gshadow: This file contains security group account information.

Use the cat command to check all of the above files.

Most UNIX systems can create and manage accounts and groups using the following commands:

Command Describe
useradd Add an account to the system.
usermod Modify the account properties.
userdel Delete the account from the system.
groupadd Add groups to the system.
groupmod Modify the group properties.
groupdel Remove the group from the system.

You can use Manpage help to see the full syntax of each command mentioned here.

Create a group

You need to create a group before you can create any accounts, or you will have to use an existing group in the system. You'll find a list of all the groups in the /etc/groups file.

All default groups are specific groups of system accounts and are not recommended for regular accounts. So here's the syntax for creating a new group account: 

     groupadd [-g gid [-o]] [-r] [-f] groupname

Detailed parameters are listed below:

Options Describe
-g GID The value of the group ID.
-o This option allows you to add a non-unique GID to the group.
-r This flag indicates that a system account is added to the group.
-f If the specified group already exists, this option results in a successful exit. When -g is included, select a different (unique) GID if the specified GID already exists.
groupname Create a real group name.

If you do not specify any parameters, the system will use the default values.

The following example creates a developer group using the default values, which are accepted by most administrators. 

    $ groupadd developers

Modify the group

Modify a group to use the groupmod syntax: 

    $ groupmod -n new_modified_group_name old_group_name

Change the developers_2 of the group to developer, for example: 

    $ groupmod -n developer developer_2

The following describes how to change the GID of the developer to 545: 

    $ groupmod -g 545 developer

Delete a group

To delete an existing group, all you need is the groupdel command and group name. For example, to delete a developer group, the command is: 

    $ groupdel developer

This simply deletes the group and does not involve any group-related files. These files can still be accessed by their owners.

Create an account

Let's see how to create a new account on a UNIX system. Here's the syntax used to create a user account: 

    useradd -d homedir -g groupname -m -s shell -u userid accountname

Detailed parameters are listed below:

Options Describe
-d homedir The home directory of the specified account.
-g groupname Specify the group account to which the account belongs.
-m If it does not exist, the home directory is created.
-s shell Specify the default shell for the account.
-u userid You can specify a user ID for your account.
accountname Create a real account name

If you do not specify any parameters, the system will use the default values. The userad command modifies /etc/passwd /etc/shadow /etc/group file, and creates a home directory.

The following example creates an account: mcmohd, the home /home/mcmohd and the group is developers. Assign korn shells to this user. 

    $ useradd -d /home/mcmohd -g developers -s /bin/ksh mcmohd

Before the above command is executed, you must make sure that you have created the developers group using the groupad command.

After you create an account, you can use the passwd command to set its password, as follows: 

    $ passwd mcmohd20
    Changing password for user mcmohd20.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.

When you enter the passwd account name, it changes the password by assuming that you are a super user. Otherwise, you can only use this command to change your password, not the password for the specified account.

Modify an account

The usermod command allows you to change an existing account from the command line. It uses the same parameters as the useradd command, plus -l parameter, to allow the account name to be changed.

For example, changing the account name mcmohd to mcmohd20 and changing the home directory accordingly requires the following command: 

    $ usermod -d /home/mcmohd20 -m -l mcmohd mcmohd20

Delete an account

The userdel command can be used to delete existing users. This is a very dangerous command and must be used with care.

This command has only one parameter or option available: .r is used to delete the account's home directory and mail file.

For example, deleting an account mcmohd20 requires the following command: 

    $ userdel -r mcmohd20

If you want to keep its home directory for backup purposes, omit -r option. You can delete the home directory at a later time as needed.


Related

Unix Shell has built-in mathematical functions

UNIX Shell array

UNIX common commands

UNIX file management

UNIX regular expressions and SEDs

UNIX utility

UNIX user management

UNIX Shell Replacement

UNIX Shell Loop Control

UNIX Shell Loop