User and Group Management Cheat Sheet in Linux
User and Group Management Cheat Sheet in Linux
Master user and group management in Linux with this comprehensive cheat sheet. Learn essential and advanced commands for creating, modifying, and deleting users and groups, managing permissions, configuring account expirations, and working with system accounts. This guide covers everything from basic user setup to advanced group and file management, providing clear, detailed examples to optimize your Linux administration skills.
User Management
| Task | Command | Details |
|---|---|---|
| Create a New User | useradd username |
This creates a new user with the specified username. No home directory or password is created by default. |
| Create User with Home Directory | useradd -m username |
The -m option automatically creates a home directory at /home/username. |
| Set Password for User | passwd username |
After creating the user, use this command to set their password. You will be prompted to enter it twice. |
| Modify User Information (e.g., Name) | usermod -c "Full Name" username |
The -c option allows you to add or modify the user’s comment, which typically stores the full name. |
| Change User’s Shell | usermod -s /bin/bash username |
This changes the user’s login shell to /bin/bash. The shell can be any valid shell like /bin/sh. |
| Change User’s Home Directory | usermod -d /home/new_home -m username |
The -d option specifies a new home directory, and -m moves the current contents to the new location. |
| Add User to Secondary Group | usermod -aG groupname username |
The -aG option appends the user to a secondary group without removing them from their primary group. |
| Check User’s Group Memberships | groups username |
Displays the groups to which the user belongs. The first group listed is the primary group. |
| Delete a User | userdel username |
This removes the user, but leaves the user’s home directory intact. |
| Delete User and Home Directory | userdel -r username |
The -r option deletes the user and their home directory and mail spool. |
| Lock User Account | usermod -L username |
Locks the user account, preventing them from logging in. It works by adding a ! in front of the password hash. |
| Unlock User Account | usermod -U username |
Unlocks the account by removing the ! from the password hash. |
| Set User Account Expiration | usermod -e YYYY-MM-DD username |
Sets an expiration date for the user account in the format YYYY-MM-DD. After this date, the account will be disabled. |
| Remove Account Expiration | usermod -e "" username |
Clears the expiration date, so the account never expires. |
| Switch to Another User | su - username |
Switches to the specified userโs account. The - option ensures you also switch to the user’s environment. |
| Run Command as Another User | su -c "command" username |
Runs a single command as the specified user without fully switching accounts. |
Advanced User Management
| Task | Command | Details |
|---|---|---|
| Force User to Change Password on Next Login | chage -d 0 username |
Forces the user to change their password the next time they log in by setting the last password change date to 0. |
| Set Password Expiry (in days) | chage -M days username |
Sets the maximum number of days before the password expires. For example, chage -M 90 sets a 90-day expiry. |
| List User Account Expiry Information | chage -l username |
Displays detailed information about the password and account expiry for the user. |
| Create a System User (No Login Access) | useradd -r -s /sbin/nologin username |
Creates a system user that does not have shell access (e.g., for running system services). |
| Create a User with Specific UID | useradd -u UID username |
Creates a user with a specified User ID (UID). This is useful for consistency across systems. |
| Add a User to Multiple Groups | usermod -aG group1,group2 username |
Adds the user to multiple groups without affecting their other group memberships. |
| Temporarily Lock User (No Password Changes) | passwd -l username |
Locks the user’s password, preventing them from changing it or logging in. |
| Unlock User Temporarily Locked by Password | passwd -u username |
Unlocks the password after a temporary lock, allowing the user to log in again. |
Group Management
| Task | Command | Details |
|---|---|---|
| Create a Group | groupadd groupname |
Creates a new group with the specified name. |
| Delete a Group | groupdel groupname |
Deletes the group. Any files that belong to the group remain, but the group no longer exists. |
| Add User to Group | usermod -aG groupname username |
Adds the user to the specified group without removing them from other groups. |
| Remove User from Group | gpasswd -d username groupname |
Removes the user from the specified group. |
| List All Groups | cat /etc/group |
Displays all the groups on the system, along with their group ID (GID) and members. |
| Change Group Ownership of Directory | chown :groupname /path/to/directory |
Changes the group ownership of a file or directory. This is useful for managing file access permissions. |
Advanced Group Management
| Task | Command | Details |
|---|---|---|
| Create a Group with Specific GID | groupadd -g GID groupname |
Creates a new group with the specified Group ID (GID). This is useful for controlling group ID consistency. |
| Add a Group as Primary for a User | usermod -g groupname username |
Changes the primary group for the user to the specified group. The primary group is used for file ownership by default. |
| Add Administrator Rights to a Group | Edit /etc/sudoers and add: groupname ALL=(ALL) ALL |
Grants administrative privileges to a group by editing the /etc/sudoers file. |
| Manage Group Memberships (gpasswd) | gpasswd -a username groupname (add), gpasswd -d username groupname (remove) |
Adds or removes a user from a group using the gpasswd command. |
Listing and Managing System Accounts
| Task | Command | Details |
|---|---|---|
| List All User Accounts | cat /etc/passwd |
Displays all user accounts, their UID, GID, home directories, and shells. |
| List All Groups | cat /etc/group |
Lists all system groups and their corresponding GIDs. |
| List All Active User Sessions | who |
Displays all active user sessions and their login details. |
| List Userโs Home Directory and UID/GID | id username |
Shows the user’s UID, GID, and groups they belong to. |
| List All System Users | getent passwd |
Filters out system and standard users. Useful for identifying service accounts. |
Filesystem Permissions Related to Users/Groups
| Task | Command | Details |
|---|---|---|
| Change File/Directory Ownership | chown username:groupname /path/to/file |
Changes the ownership of a file or directory to the specified user and group. |
| Change Group Ownership Only | chown :groupname /path/to/file |
Changes only the group ownership of a file or directory. |
| Change File/Directory Permissions | chmod 755 /path/to/file |
Modifies the file or directory permissions. For example, 755 gives full permissions to the owner and read-execute to others. |
| Set Default Group for New Files in Directory | chmod g+s /path/to/directory |
Sets the setgid bit on a directory so that new files inherit the group’s ownership. |

Cybersecurity Architect | Cloud-Native Defense | AI/ML Security | DevSecOps
๐๐ข๐ญ๐ก ๐๐+ ๐ฒ๐๐๐ซ๐ฌ ๐จ๐ ๐๐ฑ๐ฉ๐๐ซ๐ญ๐ข๐ฌ๐ ๐ข๐ง ๐๐ฒ๐๐๐ซ๐ฌ๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ ๐๐ง๐ ๐๐ฅ๐จ๐ฎ๐-๐ง๐๐ญ๐ข๐ฏ๐ ๐๐๐๐๐ง๐ฌ๐, ๐ ๐๐ซ๐๐ก๐ข๐ญ๐๐๐ญ ๐ซ๐๐ฌ๐ข๐ฅ๐ข๐๐ง๐ญ ๐๐ข๐ ๐ข๐ญ๐๐ฅ ๐๐๐จ๐ฌ๐ฒ๐ฌ๐ญ๐๐ฆ๐ฌ ๐๐ฒ ๐ข๐ง๐ญ๐๐ ๐ซ๐๐ญ๐ข๐ง๐ ๐๐๐ซ๐จ ๐๐ซ๐ฎ๐ฌ๐ญ, ๐ญ๐ก๐ซ๐๐๐ญ ๐ข๐ง๐ญ๐๐ฅ๐ฅ๐ข๐ ๐๐ง๐๐, ๐๐ง๐ ๐ฉ๐ซ๐จ๐๐๐ญ๐ข๐ฏ๐ ๐ซ๐ข๐ฌ๐ค ๐ฆ๐ข๐ญ๐ข๐ ๐๐ญ๐ข๐จ๐ง ๐ข๐ง๐ญ๐จ ๐๐ฏ๐๐ซ๐ฒ ๐ฅ๐๐ฒ๐๐ซ ๐จ๐ ๐ข๐ง๐๐ซ๐๐ฌ๐ญ๐ซ๐ฎ๐๐ญ๐ฎ๐ซ๐.
My journey began in network security (firewalls, IDS/IPS) and evolved through Linux/Windows hardening, IAM, and DevSecOpsโbridging security with agile development. Today, I specialize in securing multi-cloud (AWS/Azure/GCP) environments.
๐๐ฌ ๐ ๐ญ๐ซ๐ฎ๐ฌ๐ญ๐๐ ๐๐๐ฏ๐ข๐ฌ๐จ๐ซ, ๐ ๐ก๐๐ฅ๐ฉ ๐จ๐ซ๐ ๐๐ง๐ข๐ณ๐๐ญ๐ข๐จ๐ง๐ฌ:
โ๏ธ Align security investments with business objectives (reducing TCO while maximizing cyber ROI).
โ๏ธ Prioritize risks executives care aboutโtranslating technical vulnerabilities into financial/operational impact.
โ๏ธ Optimize team workflows by merging DevSecOps agility with governance rigorโno more “security vs. speed” trade-offs.
๐๐จ๐ซ๐ ๐๐ญ๐ซ๐๐ง๐ ๐ญ๐ก๐ฌ & ๐๐ข๐๐๐๐ซ๐๐ง๐ญ๐ข๐๐ญ๐ข๐จ๐ง:
๐๐ฏ๐ฅ-๐ต๐ฐ-๐ฆ๐ฏ๐ฅ ๐ด๐ฆ๐ค๐ถ๐ณ๐ช๐ต๐บ ๐ข๐ณ๐ค๐ฉ๐ช๐ต๐ฆ๐ค๐ต๐ถ๐ณ๐ฆโ๐ง๐ณ๐ฐ๐ฎ ๐ฏ๐ฆ๐ต๐ธ๐ฐ๐ณ๐ฌ ๐ฉ๐ข๐ณ๐ฅ๐ฆ๐ฏ๐ช๐ฏ๐จ ๐ต๐ฐ ๐๐-๐ฅ๐ณ๐ช๐ท๐ฆ๐ฏ ๐ต๐ฉ๐ณ๐ฆ๐ข๐ต ๐ฅ๐ฆ๐ต๐ฆ๐ค๐ต๐ช๐ฐ๐ฏ.
๐๐ฎ๐ฅ๐ญ๐ข-๐๐ฅ๐จ๐ฎ๐ ๐๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ: Deep expertise in AWS/Azure/GCP security tools (Kubernetes, CSPM, CWPP).
๐๐ก๐ซ๐๐๐ญ ๐๐ง๐ญ๐๐ฅ๐ฅ๐ข๐ ๐๐ง๐๐ & ๐ ๐จ๐ซ๐๐ง๐ฌ๐ข๐๐ฌ: Proactive hunting, incident response, and post-breach analysis.
๐๐๐ซ๐จ ๐๐ซ๐ฎ๐ฌ๐ญ & ๐๐๐: Architecting least-privilege access, PKI, and micro-segmentation.
๐๐/๐๐ ๐๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ: Securing LLMs, MLOps pipelines, and data lakes against adversarial attacks.
๐๐๐๐๐ง๐ญ ๐๐จ๐ง๐ฌ๐ฎ๐ฅ๐ญ๐ข๐ง๐ ๐๐ซ๐จ๐ฃ๐๐๐ญ๐ฌ โ ๐๐ ๐๐ง๐ญ๐ข๐ ๐๐ & ๐๐ ๐๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ:
โ๏ธ Led security architecture for a GenAIโpowered Agentic AI system (autonomous taskโplanning agents using LangChain & AutoGPT). Designed guardrails against prompt injection, toolโcalling abuse, and data exfiltration via agentโtoโagent communication. Result: Zero security breaches across 10k+ agentic transactions.
โ๏ธ Advised a fintech firm on AI supply chain security โ hardened their LLM fineโtuning pipeline (Hugging Face + AWS SageMaker) against model poisoning and backdoor attacks. Implemented realโtime anomaly detection for model inputs using statistical outlier scoring.
Letโs connect and discuss the future of secure, intelligent infrastructure.
