Tutonics

User account & group management with the command line

active-directory

Learn how to manage user accounts and groups. We walk through how to add and delete users and groups (normal and system). Find out how to add and remove existing users to and from groups and how to create an admin account.

Reading time:
5 min
Tags:

About the commands

Ubuntu and other Debian based Linux distributions use user friendly wrapper commands called adduser, addgroup, deluser, and delgroup (the commands are actually implemented as scripts written in perl).

These commands hide underlying calls to the low level commands useradd, groupadd, userdel, and groupdel. You can still use these underlying commands if you wish, but it is recommended that you use the friendlier adduser, addgroup, deluser, and delgroup commands.

(Advanced users can fine tune the operation of adduser and addgroup by editing the configuration file /etc/adduser.conf as required).

Add a new user

To add a new user use the adduser command. For example to add a user called tutonics2, run:

sudo adduser tutonics2

Sample output is shown in the screenshot below:

adduser

By default, a home directory will be created for the new user. This home directory will be populated as per contents of the /etc/skel directory.

Our /etc/skel contains all the usual files and dirs you'd expect in a home dir, along with another directory called "Code". Hence all these dirs are created for each new user created with the command line.

Note that you will need to populate /etc/skel with the files and dirs you require. Also note that the .profile, .bashrc, and .bash_logout are already in the default /etc/skel directory.

Create user with specific id

In Ubuntu, the next available user id above 1000 is used by default when a (normal) new user is created (the same is true of the group id).

To override this behaviour and specify the user id to use, use the --uid option, for example to specify that a user id of 1050 be user, run this command:

sudo adduser --uid 1050 newuser

Specifying the primary group

When you create a new user, they are added to a "primary" group.

Every user has a primary group, which gets used as the basis for the group related permissions when new files are created by that user.

When no group is explicitly specified in the options to the adduser command, a group with the same name as the new user is created (if it does not already exist) and the new user is added to that new group.

So taking the example above for the new user tutonics2, a new group called tutonics2 is created also.

You can change this behaviour and specify a group id to use with the --gid option or group name using the --ingroup option: for example to use group users

sudo adduser --gid 100 tutonics2

or

sudo adduser --ingroup users tutonics2

Deleting a user

To delete a user account, use the deluser command. To also remove their home directory, include the --remove-home option:

sudo deluser --remove-home tutonics2

To keep their home directory and just delete the user account, omit the --remove-home:

sudo deluser tutonics2

Note that if the user had their own group with the same name, that will get deleted also (if there are no other members).

Add a new group

To add a new group you can use addgroup (or adduser with --group)

sudo addgroup newgroupname

or

sudo adduser --group newgroupname

To specify a specific groupid, just add the --gid option to the former command for example to add using 1234

sudo addgroup -gid 1234 newgroupname

Delete a group

To delete a group, use the delgroup command; for example to remove a group called oldgroup, run:

sudo delgroup oldgroup

Add an existing user to a group

To add to an existing user to an existing group, just use adduser like so:

sudo adduser username existing_group

Remove a user from a group

To remove a user from a group, use simply use the deluser command like so:

sudo deluser username existing_group

Administrator accounts

In Ubuntu, anyone in the sudo group can run any command (as long as they use the sudo command when required).

To add an existing user to the sudo group (thus giving them admin permissions) run:

sudo adduser username sudo

In Ubuntu, an "administrator" is usually added to these groups also: adm, lpadmin, and sambashare. To be consistent, add your administrator to these groups by running:

sudo adduser username adm
sudo adduser username lpadmin
sudo adduser username sambashare

System user vs normal user

A system user is a user created for an application/process/daemon on your system.

For consistency, system users are given a uid below 1000 while normal users are given a uid above 1000.

A system user normally doesn't need to be able to login (so its shell is /bin/false, unless the --shell option is used to specify one), and most of the time will not even need a home directory.

By giving processes their own user and group, you can control what files they have access to and keep them from being able to write to any file (Having a daemon run as root with access to all files and resources is considered bad practice - It may need to start as root to access a resource, but should then have its permissions lowered by setting its user and group to that of its specified system user).

Add A System User

To add a system user for a daemon/application called myapp_name, run the following command (to avoid creating a homedir, use the option --no-create-home, If a homedir is required, just leave that option out):

sudo adduser --system --no-create-home myapp_name

By default, a system user will have primary group nogroup to override this, you can specify an existing gid:

sudo adduser --system --no-create-home --gid n myapp_name

To use an existing group name rather than id,

sudo adduser --system --no-create-home myapp_name --ingroup somegroup

Alternatively, you can create a group for that system user using the same name by including the --group option.

sudo adduser --system --no-create-home --group myapp_name

Add a system group

To add a new system group called new_sys_group use the command:

addgroup --system new_sys_group

Note that system groups are created with the next available id below 1000. You can override this using the --gid option, for example to use 6000 as the group id, use:

addgroup --system --gid 6000 new_sys_group

However, for consistency it is advised to stick with the standard convention of having system group ids below 1000.

Delete a system user

You can delete a system user in the same way as a normal user.

Remember to remove the home dir if one exists (by including the --remove-home option):

sudo deluser --remove-home myapp

Delete a system group

You can delete a system group in the same way as a normal group

sudo delgroup sysgroup

Thank you for reading this article.
Please share if you liked it.