Linux · User Management

Linux · Lesson 4

User Management

Create and manage users in Linux securely. Password policies and profiles. Understanding RBAC and role based access. Real world administration scenarios.

Goal of this lesson

User management is one of the most important responsibilities of a Linux administrator. In this lesson you will learn how to create, manage, verify and secure user accounts directly from the command line.

Every process, file and service in Linux runs under a user or group identity. Understanding users and permissions is therefore essential before moving to advanced administration topics.

Core Linux user-management concepts

Users & identities

Each Linux account has a UID, primary group, home directory and login shell that define ownership and access.

/etc/passwd & /etc/shadow

Linux stores public account information in passwd and encrypted passwords inside the protected shadow file.

Groups & permissions

Groups simplify access control by allowing multiple users to share permissions for files and directories.

Step-by-step Linux user-management commands

Practice the following commands carefully in your Linux lab VM. These examples demonstrate real administrative workflows used in enterprise Linux servers.

1. Check the currently logged-in user

Always confirm which account you are using before performing administration tasks.

terminal — bash
linux-lab
[root@linux ~]# whoami
root
 
[root@linux ~]# id
uid=0(root) gid=0(root) groups=0(root)

2. View user entries in /etc/passwd

The /etc/passwd file stores basic user account information and login details.

terminal — bash
linux-lab
[root@linux ~]# tail -5 /etc/passwd
daemon:x:2:2:daemon:/sbin:/sbin/nologin
bin:x:1:1:bin:/bin:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
oracle:x:1001:1001:Oracle User:/home/oracle:/bin/bash
devuser:x:1100:1100:Development User:/home/devuser:/bin/bash

3. Create a new user account

Use useradd to create a user along with a home directory and default shell.

terminal — bash
linux-lab
[root@linux ~]# useradd -m appuser
 
[root@linux ~]# passwd appuser
Changing password for user appuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

4. Create a user with custom UID, group & shell

Administrators often assign custom IDs or shells for application users.

terminal — bash
linux-lab
[root@linux ~]# useradd -u 1101 -g developers -m -s /bin/bash appuser
 
[root@linux ~]# passwd appuser
Changing password for user appuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

5. Verify the new account

Check the user identity, passwd entry and home directory permissions.

terminal — bash
linux-lab
[root@linux ~]# id appuser
uid=1101(appuser) gid=1002(developers) groups=1002(developers)
 
[root@linux ~]# getent passwd appuser
appuser:x:1101:1002::/home/appuser:/bin/bash
 
[root@linux ~]# ls -ld /home/appuser
drwx------. 2 appuser developers 62 Jan 11 10:15 /home/appuser

6. Switch to another user

Use su - to test login access and verify the user environment.

terminal — bash
linux-lab
[root@linux ~]# su - appuser
 
[appuser@linux ~]$ pwd
/home/appuser
 
[appuser@linux ~]$ echo "Linux user-management lab is ready"
Linux user-management lab is ready

7. Lock or delete user accounts

Linux allows administrators to lock accounts temporarily or remove them permanently.

terminal — bash
linux-lab
[root@linux ~]# passwd -l appuser
Locking password for user appuser.
passwd: Success
 
[root@linux ~]# userdel -r olduser
 
# -r removes the user's home directory and mail spool

Best practices for Linux administrators

Security practices

  • Avoid direct root login whenever possible.
  • Use sudo for administrative access instead of sharing the root password.
  • Assign strong passwords and enforce password policies.

Account lifecycle management

  • Disable unused accounts regularly.
  • Lock accounts temporarily instead of deleting them immediately.
  • Archive important user data before removing accounts permanently.

Important commands covered

User inspection commands

  • whoami → display current user
  • id username → display UID, GID and groups
  • getent passwd username → verify user entry
  • tail /etc/passwd → inspect local accounts

User creation & management

  • useradd -m username → create user with home directory
  • passwd username → assign or change password
  • usermod -aG group username → add user to supplementary group
  • userdel -r username → remove user and home directory

Account security

  • passwd -l username → lock account
  • passwd -u username → unlock account
  • chage -l username → check password aging policy
  • sudo -l → verify sudo privileges

Switching users

  • su - username → switch to another user
  • exit → return to previous session
  • groups username → display group memberships
  • lastlog → check login history

Practice task – build your own Linux users

  • Create two users named devuser and opsuser.
  • Create a group called developers and add both users to it.
  • Log in as each user using su - and create test files inside their home directories.
  • Lock one account and verify that login access is denied.

In the next lesson, you will learn Linux group management and file permissions in greater detail.