User Management

• List users currently logged in: who, w
• List all existing user accounts w/properties: passwd -Sa (as root)
• To add a new user, use the useradd command:

# useradd -m -G {additional_groups} -s {login_shell} {username}

-m/--create-home the user's home directory is created as /home/username.

-G/--groups a comma separated list of supplementary groups which the user is also a member of.

-s/--shell a path to the user's login shell.

Quickref

System config files:

• /etc/login.defs
• /etc/default/useradd
• nologin
• /etc/nologin
• /etc/nologin.txt

User management:

• useradd
• userdel
• usermod

Password and ageing:

• passwd
• chage

Group management:

• groupadd
• groupdel
• groupmod

Example adding a user

Add a new user creating it's home directory and otherwise using all defaults:

# useradd -m archie
# passwd archie

Add a new administrative user with sudo powers:

# useradd -m -G wheel archie
# passwd archie

Source: https://wiki.archlinux.org/title/Users_and_groups#User_management

useradd and login.defs

The useradd command picks up default values from /etc/default/useradd and /etc/login.defs.

useradd defaults:

[root@server1 ~]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

login defaults:

[root@server1 ~]# grep -v ^# /etc/login.defs | grep -v ^$
MAIL_DIR    /var/spool/mail
UMASK       022
HOME_MODE   0700
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_WARN_AGE   7
UID_MIN                  1000
UID_MAX                 60000
SYS_UID_MIN               201
SYS_UID_MAX               999
SUB_UID_MIN        100000
SUB_UID_MAX     600100000
SUB_UID_COUNT           65536
GID_MIN                  1000
GID_MAX                 60000
SYS_GID_MIN               201
SYS_GID_MAX               999
SUB_GID_MIN        100000
SUB_GID_MAX     600100000
SUB_GID_COUNT           65536
ENCRYPT_METHOD SHA512
USERGROUPS_ENAB yes
CREATE_HOME yes
HMAC_CRYPTO_ALGO SHA512

No-Login User Account

The /usr/sbin/nologin (or /sbin/nologin) shell is a special purpose shell for accounts that don't require a login or shouldn't be able to login to the system.

[root@server1 ~]# grep nologin /etc/passwd | head
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
...

Example:

[root@server1 ~]# useradd -s /sbin/nologin user4
[root@server1 ~]# echo user1234 | passwd --stdin user4
Changing password for user user4.
passwd: all authentication tokens updated successfully.
[root@server1 ~]# grep user4 /etc/passwd
user4:x:1011:1011::/home/user4:/sbin/nologin
[root@server1 ~]# su - user4
This account is currently not available.

Local User Auth Files

List of local user auth files and their backups.

[root@server1 ~]# ll /etc/{passwd,group,shadow,gshadow}*
-rw-r--r--. 1 root root  881 Feb 23 15:59 /etc/group
-rw-r--r--. 1 root root  873 Feb 23 15:59 /etc/group-
----------. 1 root root  710 Feb 23 15:59 /etc/gshadow
----------. 1 root root  702 Feb 23 15:59 /etc/gshadow-
-rw-r--r--. 1 root root 2203 Feb 23 15:57 /etc/passwd
-rw-r--r--. 1 root root 2158 Feb 23 15:57 /etc/passwd-
----------. 1 root root 1402 Feb 23 15:58 /etc/shadow
----------. 1 root root 1164 Feb 23 15:57 /etc/shadow-

References

• Arch: Users and groups
• RHEL: Linux User Account Management