User and Group Management Cheat Sheet in Linux
Master user and group management in Linux with this comprehensive cheat sheet. Learn essential and advanced commands for creating, modifying, and deleting users and groups, managing permissions, configuring account expirations, and working with system accounts. This guide covers everything from basic user setup to advanced group and file management, providing clear, detailed examples to optimize your Linux administration skills.
User Management
| Task | Command | Details |
|---|---|---|
| Create a New User | useradd username |
This creates a new user with the specified username. No home directory or password is created by default. |
| Create User with Home Directory | useradd -m username |
The -m option automatically creates a home directory at /home/username. |
| Set Password for User | passwd username |
After creating the user, use this command to set their password. You will be prompted to enter it twice. |
| Modify User Information (e.g., Name) | usermod -c "Full Name" username |
The -c option allows you to add or modify the user’s comment, which typically stores the full name. |
| Change User’s Shell | usermod -s /bin/bash username |
This changes the user’s login shell to /bin/bash. The shell can be any valid shell like /bin/sh. |
| Change User’s Home Directory | usermod -d /home/new_home -m username |
The -d option specifies a new home directory, and -m moves the current contents to the new location. |
| Add User to Secondary Group | usermod -aG groupname username |
The -aG option appends the user to a secondary group without removing them from their primary group. |
| Check User’s Group Memberships | groups username |
Displays the groups to which the user belongs. The first group listed is the primary group. |
| Delete a User | userdel username |
This removes the user, but leaves the user’s home directory intact. |
| Delete User and Home Directory | userdel -r username |
The -r option deletes the user and their home directory and mail spool. |
| Lock User Account | usermod -L username |
Locks the user account, preventing them from logging in. It works by adding a ! in front of the password hash. |
| Unlock User Account | usermod -U username |
Unlocks the account by removing the ! from the password hash. |
| Set User Account Expiration | usermod -e YYYY-MM-DD username |
Sets an expiration date for the user account in the format YYYY-MM-DD. After this date, the account will be disabled. |
| Remove Account Expiration | usermod -e "" username |
Clears the expiration date, so the account never expires. |
| Switch to Another User | su - username |
Switches to the specified user’s account. The - option ensures you also switch to the user’s environment. |
| Run Command as Another User | su -c "command" username |
Runs a single command as the specified user without fully switching accounts. |
Advanced User Management
| Task | Command | Details |
|---|---|---|
| Force User to Change Password on Next Login | chage -d 0 username |
Forces the user to change their password the next time they log in by setting the last password change date to 0. |
| Set Password Expiry (in days) | chage -M days username |
Sets the maximum number of days before the password expires. For example, chage -M 90 sets a 90-day expiry. |
| List User Account Expiry Information | chage -l username |
Displays detailed information about the password and account expiry for the user. |
| Create a System User (No Login Access) | useradd -r -s /sbin/nologin username |
Creates a system user that does not have shell access (e.g., for running system services). |
| Create a User with Specific UID | useradd -u UID username |
Creates a user with a specified User ID (UID). This is useful for consistency across systems. |
| Add a User to Multiple Groups | usermod -aG group1,group2 username |
Adds the user to multiple groups without affecting their other group memberships. |
| Temporarily Lock User (No Password Changes) | passwd -l username |
Locks the user’s password, preventing them from changing it or logging in. |
| Unlock User Temporarily Locked by Password | passwd -u username |
Unlocks the password after a temporary lock, allowing the user to log in again. |
Group Management
| Task | Command | Details |
|---|---|---|
| Create a Group | groupadd groupname |
Creates a new group with the specified name. |
| Delete a Group | groupdel groupname |
Deletes the group. Any files that belong to the group remain, but the group no longer exists. |
| Add User to Group | usermod -aG groupname username |
Adds the user to the specified group without removing them from other groups. |
| Remove User from Group | gpasswd -d username groupname |
Removes the user from the specified group. |
| List All Groups | cat /etc/group |
Displays all the groups on the system, along with their group ID (GID) and members. |
| Change Group Ownership of Directory | chown :groupname /path/to/directory |
Changes the group ownership of a file or directory. This is useful for managing file access permissions. |
Advanced Group Management
| Task | Command | Details |
|---|---|---|
| Create a Group with Specific GID | groupadd -g GID groupname |
Creates a new group with the specified Group ID (GID). This is useful for controlling group ID consistency. |
| Add a Group as Primary for a User | usermod -g groupname username |
Changes the primary group for the user to the specified group. The primary group is used for file ownership by default. |
| Add Administrator Rights to a Group | Edit /etc/sudoers and add: groupname ALL=(ALL) ALL |
Grants administrative privileges to a group by editing the /etc/sudoers file. |
| Manage Group Memberships (gpasswd) | gpasswd -a username groupname (add), gpasswd -d username groupname (remove) |
Adds or removes a user from a group using the gpasswd command. |
Listing and Managing System Accounts
| Task | Command | Details |
|---|---|---|
| List All User Accounts | cat /etc/passwd |
Displays all user accounts, their UID, GID, home directories, and shells. |
| List All Groups | cat /etc/group |
Lists all system groups and their corresponding GIDs. |
| List All Active User Sessions | who |
Displays all active user sessions and their login details. |
| List User’s Home Directory and UID/GID | id username |
Shows the user’s UID, GID, and groups they belong to. |
| List All System Users | getent passwd |
Filters out system and standard users. Useful for identifying service accounts. |
Filesystem Permissions Related to Users/Groups
| Task | Command | Details |
|---|---|---|
| Change File/Directory Ownership | chown username:groupname /path/to/file |
Changes the ownership of a file or directory to the specified user and group. |
| Change Group Ownership Only | chown :groupname /path/to/file |
Changes only the group ownership of a file or directory. |
| Change File/Directory Permissions | chmod 755 /path/to/file |
Modifies the file or directory permissions. For example, 755 gives full permissions to the owner and read-execute to others. |
| Set Default Group for New Files in Directory | chmod g+s /path/to/directory |
Sets the setgid bit on a directory so that new files inherit the group’s ownership. |