User and Group Management in Linux: Securely Control Access and Permissions
Linux is a multi-user operating system, designed from the ground up to allow multiple users to access and operate on the same machine—whether locally or remotely. Whether you’re setting up a development environment or managing a secure production server, understanding how to manage users and groups is a foundational system administration skill.
In this guide, we’ll explore the key commands and files involved in user and group management. You’ll learn how to create, modify, and remove users and groups, control permissions, and enforce basic security practices using the sudoers
file and system configuration files.
Why User and Group Management Matters
User and group management ensures:
-
Secure and organized access to system resources
-
Controlled permissions for files, directories, and commands
-
Proper isolation between users on multi-user systems
-
Reduced risk of accidental or malicious actions
Poor user management can lead to serious security vulnerabilities and data leaks—especially on servers.
👤 Creating and Managing Users
🔹 useradd
– Create a New User
sudo useradd username
To create a home directory and specify shell:
sudo useradd -m -s /bin/bash newuser
🔹 Set a Password for the New User
sudo passwd newuser
This prompts for the new password and encrypts it for storage.
🔹 usermod
– Modify Existing Users
Change a username:
sudo usermod -l newname oldname
Add a user to a group:
sudo usermod -aG groupname username
🔹 deluser
– Delete a User
sudo deluser username
To remove their home directory as well:
sudo deluser --remove-home username
👥 Creating and Managing Groups
Groups allow multiple users to share the same set of permissions.
🔹 groupadd
– Create a Group
sudo groupadd developers
🔹 Add User to Group
sudo usermod -aG developers alice
You can also manually add users to groups via /etc/group
.
🔹 delgroup
– Remove a Group
sudo delgroup developers
Removing a group doesn’t delete its users—just their association with the group.
🗂️ Understanding Key System Files
📄 /etc/passwd
Contains user account information in a colon-separated format:
username:x:UID:GID:comment:home_directory:shell
Example:
john:x:1001:1001:John Doe:/home/john:/bin/bash
-
UID
= User ID -
GID
= Group ID
📄 /etc/group
Stores group information:
groupname:x:GID:members
Example:
developers:x:1002:alice,bob
Use cat
, less
, or grep
to inspect:
cat /etc/passwd
grep developers /etc/group
🛡️ Granting and Restricting Permissions with sudo
🔐 Add a User to sudo
sudo usermod -aG sudo username
This allows them to run administrative commands.
⚙️ Editing the sudoers
File Safely
Always use:
sudo visudo
You can add a rule like:
alice ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart apache2
This gives Alice permission to restart Apache without a password, but nothing more.
Be careful—misconfiguring sudoers
can lock you out of administrative privileges.
Real-World Use Cases
✅ 1. Set Up a New Developer Account
sudo useradd -m -s /bin/bash dev1
sudo passwd dev1
sudo usermod -aG developers dev1
✅ 2. Grant a User Limited Admin Access
sudo usermod -aG sudo devops
Use visudo
to limit which commands they can run.
✅ 3. Remove Old User Accounts Safely
sudo deluser --remove-home olduser
This helps maintain a clean and secure system.
✅ 4. Share Project Files with a Team Group
sudo groupadd projectteam
sudo usermod -aG projectteam alice
sudo usermod -aG projectteam bob
chown -R :projectteam /srv/project
chmod -R 770 /srv/project
This ensures only project team members can access the files.
Click here to check out other -> Guides about Linux