Configuring User's in Linux

In this tutorial we will learn about creating and deleting the user in Red Hat and CentOS.
In this post we will explore the useradd and userdel commands.

Basic command to create user

In Red Hat and CentOS,create a user and set password as per given below command

1 2 3

useradd user-login-name passwd user-login-name

Now, lets see what happen when you simply use the useradd command in Red Hat and CentOS.
Here I am taking an eg. of creating a user called sharad

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

[root@localhost ~]# cat /etc/issue CentOS release 6.4 (Final) Kernel \r on an \m [root@localhost ~]# [root@localhost ~]# useradd sharad [root@localhost ~]# [root@localhost ~]# grep sharad /etc/passwd sharad:x:500:500::/home/sharad:/bin/bash [root@localhost ~]# [root@localhost ~]# grep sharad /etc/group sharad:x:500: [root@localhost ~]# [root@localhost ~]# id sharad uid=500(sharad) gid=500(sharad) groups=500(sharad) [root@localhost ~]# [root@localhost ~]# ls -ld /home/sharad/ drwx------ 2 sharad sharad 4096 Jul 17 20:35 /home/sharad/ [root@localhost ~]# [root@localhost ~]# grep sharad /etc/shadow sharad:!!:15903:0:99999:7::: [root@localhost ~]#

When we create a user by using command “useradd sharad”,the following things are happened

Same name of group is created , here new group name is sharad and user called sharad is member of it. Means sharad user is member of group called sharad

The user’s home directory of user called sharad is created in /home , see the command ls -ld /home/sharad

User sharad got a login shell /bin/bash which you can find by using command grep sharad /etc/passwd

In Red Hat and CentOS,when first user is created the uid and gid starts with 500 (uid= user id and gid= group id)

We have not set the password for user sharad,hence some content is missing in output of command “grep sharad /etc/shadow”

Explore default options of useradd command

To find default options of useradd,use the below given command

1 2 3 4 5

useradd -D OR cat /etc/default/useradd

See the below reference of output

[root@localhost ~]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@localhost ~]#

[root@localhost ~]# cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

[root@localhost ~]#

GROUP: Bydefault this option is not taken by useradd command. To get default group as peruseradd -D command, you have to use -n option with useradd command. For eg. useradd -n test 

1 2 3 4

[root@localhost ~]# useradd -n ravi [root@localhost ~]# id ravi uid=501(ravi) gid=100(users) groups=100(users) [root@localhost ~]#

Now here Question comes, Why UID and GID was 500 when we created the first user called sharad.
Answer: It get the value from /etc/login.defs file.

1 2 3 4 5

[root@localhost ~]# grep GID_MIN /etc/login.defs GID_MIN              500 [root@localhost ~]# grep UID_MIN /etc/login.defs UID_MIN              500 [root@localhost ~]#

HOME: This is the default path prefix for the home directory. The user’s home directory will be created as /home/USER-Login-Name.

Tip: If you set the value CREATE_HOME no in /etc/login.defs file, the home directory of user will not be created.

INACTIVE: The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.If not specified, useradd will use the default inactivity period specified by the INACTIVE variable in /etc/default/useradd, or -1 by default.

EXPIRE: The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD

SHELL: Users login shell.

SKEL: Contents inside skel directory will be copied to the users home directory.

See in below reference the newly created user’s home directory and /etc/skel contents are same

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

[root@localhost ~]# ls -la /etc/skel/ total 20 drwxr-xr-x.  2 root root 4096 May 29 23:17 . drwxr-xr-x. 63 root root 4096 Jul 17 21:17 .. -rw-r--r--.  1 root root   18 Feb 22 03:05 .bash_logout -rw-r--r--.  1 root root  176 Feb 22 03:05 .bash_profile -rw-r--r--.  1 root root  124 Feb 22 03:05 .bashrc [root@localhost ~]# [root@localhost ~]# ls -la /home/sharad/ total 20 drwx------  2 sharad sharad 4096 Jul 17 21:01 . drwxr-xr-x. 5 root   root   4096 Jul 17 21:17 .. -rw-r--r--  1 sharad sharad   18 Feb 22 03:05 .bash_logout -rw-r--r--  1 sharad sharad  176 Feb 22 03:05 .bash_profile -rw-r--r--  1 sharad sharad  124 Feb 22 03:05 .bashrc [root@localhost ~]#

CREATE_MAIL_SPOOL: Here the bydefault value is CREATE_MAIL_SPOOL=yes means mail spool directory will be created.

Question: Where is the mail spool directory
Answer: It is mentioned in /etc/login.defs file.

1 2 3

[root@localhost ~]# grep MAIL_DIR /etc/login.defs |grep spool MAIL_DIR    /var/spool/mail [root@localhost ~]#

How to change default value of useradd command

You can also change the default value of useradd

Method 1 : By using command line

examples:

For changing default shell use command useradd -D -s /shell/path

1 2 3 4 5 6 7 8 9 10 11

[root@localhost ~]# useradd -D -s /bin/sh You have new mail in /var/spool/mail/root [root@localhost ~]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [root@localhost ~]#

For Changing Default Home Directory,use command useradd -D -b /new/home_dir/path

1 2 3 4 5 6 7 8 9 10 11 12

[root@localhost ~]# mkdir /new_home [root@localhost ~]# useradd -D -b /new_home [root@localhost ~]# [root@localhost ~]# useradd -D GROUP=100 HOME=/new_home INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [root@localhost ~]#

Likewise you can also do other changes.

Method 2: By editing /etc/default/useradd .

1 2 3 4 5 6 7 8 9 10

vi /etc/default/useradd # useradd defaults file GROUP=100 HOME=/new_home INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=yes

Using useradd command with many options

(1) Changing login shell at useradd command. Bydefault the login shell is /bin/bash
Use -s with useradd command

1 2 3 4 5

[root@localhost ~]# useradd -s /bin/sh testuser [root@localhost ~]# [root@localhost ~]# grep testuser /etc/passwd testuser:x:502:502::/home/testuser:/bin/sh [root@localhost ~]#

(2) Changing default home directory to other path.
Use -d option here, useradd -d /Path/username username

1 2 3 4 5 6 7 8

[root@localhost ~]# mkdir /new_home [root@localhost ~]# useradd -d /new_home/joe joe [root@localhost ~]# ls /new_home/ joe [root@localhost ~]# ls /new_home/joe/ [root@localhost ~]# ls -ld /new_home/joe/ drwx------ 2 joe joe 4096 Jul 17 23:04 /new_home/joe/ [root@localhost ~]#

(3) Changing userid , use -u option here

1 2 3 4

[root@localhost ~]# useradd -u 600  john [root@localhost ~]# id john uid=600(john) gid=600(john) groups=600(john) [root@localhost ~]#

(3) Changing group id with useradd command, use -g option.
Note 1: Group must already exist so that we can use its GID. See below example.
GID of hr group is 601

Note 2: hr group has GID 600 . User tester taken bydefault UID 601 also because there was no user exist with this UID. If exist than it would get the different UID as per increment pattern.

1 2 3 4 5 6 7 8 9 10 11 12

[root@localhost ~]# groupadd hr [root@localhost ~]# [root@localhost ~]# grep hr /etc/group hr:x:601: [root@localhost ~]# useradd -u 550 -g 601 roger [root@localhost ~]# id roger uid=550(roger) gid=601(hr) groups=601(hr) [root@localhost ~]# [root@localhost ~]# useradd -g 601 tester [root@localhost ~]# id tester uid=601(tester) gid=601(hr) groups=601(hr) [root@localhost ~]#

(4) You can use available options in single line. Here I have added -c for GECOS or comment
See below example

1 2 3 4 5

[root@localhost ~]# useradd -c "linux system admin" -u 700 -g 601 -s /bin/sh -d /new_home/sharadchhetri sharadchhetri[root@localhost ~]# id sharadchhetri uid=700(sharadchhetri) gid=601(hr) groups=601(hr) [root@localhost ~]# grep sharadchhetri /etc/passwd sharadchhetri:x:700:601:linux system admin:/new_home/sharadchhetri:/bin/sh [root@localhost ~]#

(5) Set password in single line with -p option. But here you have to get encrypt passwd.

useradd -p #$#@encrypted@#$ username

see below example how you will do. Here I will use the password PaaSS2ord

Get encrypted password by using command openssl

1 2 3 4 5 6

[root@localhost ~]# openssl passwd -crypt Password: Verifying - Password: Warning: truncating password to 8 characters gYqytYyfGxwII [root@localhost ~]#

after using openssl command we get the encrypted value of PaaSS2ord as gYqytYyfGxwII
Now use this value with -p option

1	[root@localhost ~]# useradd -p 'gYqytYyfGxwII' testred

You can check by login user testred using the password PaaSS2ord

Below given are options which you can use with useradd command

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

[root@localhost ~]# useradd --help Usage: useradd [options] LOGIN Options:   -b, --base-dir BASE_DIR       base directory for the home directory of the                                 new account   -c, --comment COMMENT         GECOS field of the new account   -d, --home-dir HOME_DIR       home directory of the new account   -D, --defaults                print or change default useradd configuration   -e, --expiredate EXPIRE_DATE  expiration date of the new account   -f, --inactive INACTIVE       password inactivity period of the new account   -g, --gid GROUP               name or ID of the primary group of the new                                 account   -G, --groups GROUPS           list of supplementary groups of the new                                 account   -h, --help                    display this help message and exit   -k, --skel SKEL_DIR           use this alternative skeleton directory   -K, --key KEY=VALUE           override /etc/login.defs defaults   -l, --no-log-init             do not add the user to the lastlog and                                 faillog databases   -m, --create-home             create the user's home directory   -M, --no-create-home          do not create the user's home directory   -N, --no-user-group           do not create a group with the same name as                                 the user   -o, --non-unique              allow to create users with duplicate                                 (non-unique) UID   -p, --password PASSWORD       encrypted password of the new account   -r, --system                  create a system account   -s, --shell SHELL             login shell of the new account   -u, --uid UID                 user ID of the new account   -U, --user-group              create a group with the same name as the user   -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping [root@localhost ~]#

Delete User in Red hat and CentOS

(1) To delete the user ,use below given command

1	userdel username

Note: The above command will not remove user’s home directory and mail spool

(2) Delete user with its home directory and mail spool. Use option -r

1	userdel -r username

Other options which you can also use

1 2 3 4 5 6 7 8 9 10 11

[root@localhost ~]# userdel --help Usage: userdel [options] LOGIN Options:   -f, --force                   force removal of files,                                 even if not owned by user   -h, --help                    display this help message and exit   -r, --remove                  remove home directory and mail spool   -Z, --selinux-user            remove SELinux user from SELinux user mapping [root@localhost ~

Examples:-

Example 1: Linux useradd Command — Create User With Default Configurations

This is a fundamental low level tool for user creation. To create user with default configurations use useradd as shown below.

Syntax: # useradd LOGIN-NAME

While creating users as mentioned above, all the default options will be taken except group id. To view the default options give the following command with the option -D.

$ useradd -D
GROUP=1001
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no

• GROUP: This is the only option which will not be taken as default. Because if you don’t specify -n option a group with same name as the user will be created and the user will be added to that group. To avoid that and to make the user as the member of the default group you need to give the option -n.
• HOME: This is the default path prefix for the home directory. Now the home directory will be created as /home/USERNAME.
• INACTIVE: -1 by default disables the feature of disabling the account once the user password has expired. To change this behavior you need to give a positive number which means if the password gets expired after the given number of days the user account will be disabled.
• EXPIRE: The date on which the user account will be disabled.
• SHELL: Users login shell.
• SKEL: Contents of the skel directory will be copied to the users home directory.
• CREATE_MAIL_SPOOL: According to the value creates or does not create the mail spool.

Example 1: Creating user with all the default options, and with his own group.

Following example creates user ramesh with group ramesh. Use Linux passwd command to change the password for the user immediately after user creation.

# useradd ramesh

# passwd ramesh
Changing password for user ramesh.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

# grep ramesh /etc/passwd
ramesh:x:500:500::/home/ramesh:/bin/bash

# grep ramesh /etc/group
ramesh:x:500:
[Note: default useradd command created ramesh as username and group]

Example 2: Creating an user with all the default options, and with the default group.

# useradd -n sathiya

# grep sathiya /etc/passwd
sathiya:x:511:100::/home/sathiya:/bin/bash

# grep sathiya /etc/group
[Note: No rows returned, as group sathiya was not created]

# grep 100 /etc/group
users:x:100:
[Note: useradd -n command created user sathiya with default group id 100]

# passwd sathiya
Changing password for user sathiya.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[Note: Always set the password immediately after user creation]

Example 3: Editing the default options used by useradd.

The following example shows how to change the default shell from /bin/bash to /bin/ksh during user creation.

Syntax: # useradd -D --shell=<SHELLNAME>

# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
[Note: The default shell is /bin/bash]

# useradd -D -s /bin/ksh

# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/ksh
SKEL=/etc/skel
[Note: Now the default shell changed to /bin/ksh]

# adduser priya

# grep priya /etc/passwd
priya:x:512:512::/home/priya:/bin/ksh
[Note: New users are getting created with /bin/ksh]

# useradd -D -s /bin/bash
[Note: Set it back to /bin/bash, as the above is only for testing purpose]

Method 2: Linux useradd Command — Create Users With Custom Configurations

Instead of accepting the default values (for example, group, shell etc.) that is given by the useradd command as shown in the above method, you can specify custom values in the command line as parameters to the useradd command.

Syntax: # useradd -s <SHELL> -m -d <HomeDir> -g <Group> UserName

• -s SHELL : Login shell for the user.
• -m : Create user’s home directory if it does not exist.
• -d HomeDir : Home directory of the user.
• -g Group : Group name or number of the user.
• UserName : Login id of the user.

Example 4: Crate Linux User with Custom Configurations Using useradd Command

The following example creates an account (lebron) with home directory /home/king, default shell as /bin/csh and with comment “LeBron James”.

# useradd -s /bin/csh -m -d /home/king -c "LeBron James" -g root lebron 

# grep lebron /etc/passwd
lebron:x:513:0:LeBron James:/home/king:/bin/csh

Note: You can give the password using -p option, which should be encrypted password. Or you can use the passwd command to change the password of the user.