Sure, managing users and groups on a Linux system is Linux 101. Not even that, it’s Linux pre-school. But maybe this roundup of tips and tricks will show you something useful you didn’t already know.
View UID, GID, Group
The id
command shows a user’s UID, GID, and group assignments:
$ id carla
uid=1000(carla) gid=1000(carla) groups=1000(carla),
4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),
113(lpadmin),128(sambashare),999(docker)
Use the -u
flag to show only the UID, -g
for GID only, and -gn
to display the user’s primary group name.
Find All User Files
Use the find
command to list all files belonging to a user. This example searches only /home
, and records the results in a text file. You might want to search the entire filesystem, especially when you’re listing the files of a user that you are planning to remove from the system:
# find /home -uid 1001 | tee 1001-files.txt
You may search by -gid
as well, to find files per group ownership.
Transfer File Ownership
You can transfer ownership of all the files belonging to one user to another user, perhaps a system user that you created especially for this purpose. This example changes ownership of all the files in a user’s home directory:
# chown -R newuser:newuser /home/username
The sure way to find and change ownership on all of a user’s files is to use find
again, and search your entire filesystem. This may take a long time:
# find / -uid 1003 -exec chown -v 1010:1010 {} ;
You may use the user and group name if you prefer: chown -v newuser:newuser
.
You may perform this same operation by -gid
as well.
Adding and Removing Users
There is a lot of cruft in the Linux user management commands, and so we have useradd, userdel, usermod, groupadd, groupdel, groupmod, adduser
, and addgroup
.
adduser and addgroup
exist on Debian and Debian derivatives such as Ubuntu. adduser
and addgroup
are Perl wrappers for useradd
and groupadd
. adduser
walks you through a wizard for creating a new user. adduser
and addgroup
get their default settings from /etc/adduser.conf
.
adduser
is on Red Hat/CentOS/Fedora, but it is only a symlink to useradd
, so it behaves like useradd
.
useradd, userdel, usermod, groupadd, groupdel
, and groupmod
are present on all Linux distributions. Defaults for useradd
are in /etc/default/useradd
, or view them with useradd -D
.
There is a funny quirk with useradd
. Back in the olden days, it defaulted to putting all users into the same group, users (100)
, which meant that all users’ files were visible to all users. Then Red Hat created the “User Private Group” modification, which put every user into their own personal group, and nobody else could access their files without permission. There were raging flamewars over which way was the right way. Ah, the good old days, when the smallest change guaranteed months of fighting.
I’m sure you know all this, but let’s review adding and removing users anyway. adduser
walks you through all the steps:
# adduser newbie
Adding user `newbie' ...
Adding new group `newbie' (1009) ...
Adding new user `newbie' (1007) with group `newbie' ...
Creating home directory `/home/newbie' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for newbie
Enter the new value, or press ENTER for the default
Full Name []: newbie user
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
/etc/skel
is a nice little convenience; just put any files you want copied into all new users’ home directories in it.
useradd makes you do more:
# useradd -m -s /bin/bash -c User_Six,,,, user6
That creates the user’s home directory, assigns a login shell, and uses the comment field for the full name. This is how it looks in /etc/passwd:
user6:x:1010:1012:User_Six,,,,:/home/user6:/bin/bash
The commas are optional, and distros differ: Ubuntu uses four commas, and CentOS 7 doesn’t use any. The commas separate the GECOS fields. GECOS is a holdover from the very olden days and stands for “General Electric Comprehensive Operating System.” You can see what each field is for in the adduser
output, though you can use them for anything you want.
deluser
has several useful options for removing users. You can delete the user without deleting their files:
# deluser user7
Or remove all files on the system that belong to them:
# deluser user7 --remove-all-files
Backup the files in their home directory to /$user.tar.bz2
:
# deluser user7 --backup
Or use --backup-to
to select your backup directory.
userdel
has an additional useful option, and that is --selinux-user
to remove the user’s SELinux mappings.
Find and Slay User Processes
When you remove a user from your system, you should look for any stray processes they may have left behind:
$ ps U 1010
Or search by username:
$ ps U username
Then kill their leftover processes in the usual way, # kill [process number]
. Or try the slay
command, which finds and kills all processes belonging to a user, saving you the trouble of hunting down all of them. Use the -clean
option to make clean shutdowns:
# slay -clean username
slay: Whoa, I have the power supreme.
slay
has four modes, which you set in /etc/slay_mode
: nice, normal, mean, and butthead.
Please refer to the fine man pages for these commands to learn about all of their options; yes, the man pages, because consulting the authoritative reference is a lot faster than testing bad answers from a Web search.
Advance your career in Linux System Administration. Check out the Essentials of System Administration course from The Linux Foundation.