As a Linux Server Administrator, it’s your job to keep an eye on your users – and in this video, I’ll show you how to add and remove users. Also, I’ll show you how to change the password of your users. In addition, we’ll go over a quick summary of the /etc/passwd and /etc/shadow files.
To add a user, we can use the useradd command:
sudo useradd foxmulder
In that example command, we create the user foxmulder (X-Files reference). So as you can see, adding a new user to the system is a easy task. However, your new user may or may not have their own home directory by default when you run the useradd command. The defaults for the useradd is set in /etc/default/useradd, which can vary from one distribution to another.
To create a user along with a home directory, add the -m option:
sudo useradd -m foxmulder
Also, to remove a user, we can use the userdel command:
sudo userdel foxmulder
By default, the userdel command does not remove the user’s home directory unless you explicitly tell it that you want it to do so. If we add the -r option to the useradd command, the home directory will be removed at the same time the user is removed:
sudo userdel -r foxmulder
Note: Be sure to understand and comply with your company’s data retention policy while removing users, if such a policy exists.
We’ve added a user, but we never added a password for that user. In fact, it didn’t even ask us for a password when we set up that user. We can use the passwd command to set a password for a user. By default, the passwd will give you a chance to change your own password. But if you use it with sudo along with a username, you can change (or set) a password for a different user:
sudo passwd foxmulder
System users are useful for automation, and running processes. You generally wouldn’t want a script or process to run as a normal user, but a system user instead. To create a system user, you can add the -r option to the useradd command:
sudo useradd -r sysuser
It’s a good idea to take a look at the /etc/passwd file, so you can become more familiar with it:cat /etc/passwd
The /etc/passwd file consists of multiple fields, separated by a colon. Each line in this file represents a user on the system. Here’s a sample line from this file:
jay:x:1000:1000:Jay LaCroix:/home/jay:/bin/bash
The first column/field is the username, that’s fairly self-explanatory. The second field (which is typically x) tells us that the password for that user is hashed, and the password is not stored in /etc/passwd. That’s almost always the case nowadays. The third field is the User ID, or “UID” for short. Each user will have their own UID. Normal users are created with a UID of 1000 or above, while system users will generally have a UID less than 1000.
Continuing, the fourth field is the Group ID, or “GID” for short. We’ll be covering the group ID (and groups in general) in another video. After the GID, we have the “Gecos” field, which is used for user information. In my case, it’s set to my first and last name.
After the Gecos field, we have the home directory listed for the user. In my case, the home directory is set to /home/jay. Finally, we have the shell, which is /bin/bash for me.
Finally, let’s take a look at the /etc/shadow file:
sudo cat /etc/shadow
Here’s an example line from this file:
jay:$6$rvf…:0:99999:7:::
The /etc/shadow file stores the hashed password for each user. This file consists of multiple fields/columns. The first column is the username, and the second column includes the hash of that users password. Continuing, the next field refers to the number of days after the UNIX Epoch that the password was last changed. The fourth column tells us how many days must pass before the user is allowed to change their password. The fifth column tells us how many days until a password change is required. The last several columns refer to password expiration as well, but will be covered in a different video in the future.
