Adam the Automator

If you are logged into a Linux machine or plan to work as a Linux administrator machine, it’s crucial to know how to manage users, such as with the Linux delete user command, deluser. As a Linux administrator, you often need to work with various applications and logs that depend on which user you are using and its permissions.

Lucky for you, in this tutorial, you will learn how to manage Linux users by running various commands in day-to-day activity.

Let’s go!

Prerequisites

To follow along with this tutorial, it is necessary to have a remote SSH host. This tutorial uses a Linux distribution, which is Ubuntu 18.04.5 LTS with sudo/administration rights.

Related:How to Set Up OpenSSH on a Windows Server [Complete Guide]

Adding a User in Linux

Before you manage users in Linux, obviously, there must be at least one existing user. So let’s start this tutorial by adding a user to a Linux system.

Related:A Windows Guy in a Linux World: Users and File Permission

1. Connect to your Ubuntu machine via SSH using your favorite SSH client.

You should not use the root user for any activity of the Linux machine because if anything goes wrong, it can corrupt the filesystem or even the operating system.

2. Next, run the useradd command below to add a user (shanky) without a password (--password) to the home directory (-m) of your Linux system. The sudo command runs the command with elevated privileges.

sudo useradd shanky --password -m

3. Now run the id command followed by the user’s name (shanky) to verify if the user is properly added to the system.

id shanky

You’ll see a randomly generated uid, gid, and groups attributes of the user (shanky) like in the image below.

Other than the uid and gid, perhaps you also want to see the home directory of the user you added. If so, run the cat /etc/passwd | grep shanky command below. The /etc/passwd file contains all user accounts’ information, either already or newly created in the system.

Notice the grep command below filters the content of the /etc/passwd file to find lines with the word shanky in them, then pass the result to the cat command to print on the terminal.

cat /etc/passwd | grep shanky

You can see in the screenshot below that a home directory (/home/shanky) exists for the user named shanky, which indicates the user exists.

Modifying the User Account Expiration Date

Now that you have created at least one user, let’s start managing the user, like modifying the user account expiry. The user account expiry is the date when a user account will expire. There are times you need to modify an account expiry for users for a specific purpose, such as the account expired earlier than expected or as per user’s request.

Before modifying the user account’s (shanky) expiry, first, check the current expiry date.

To check the account’s expiry date, run the chage command below. The chage command lists user’s account information and modifies passwords and accounts expiry dates by default. For this example, the -l option is added to list the user’s (shanky) information.

chage shanky -l

You can see below that the account’s expiry date is Jan 01, 1970

Now let’s see a quick example of changing a user account’s expiry.

Run the chage command below to change user’s (shanky) account expiry (-E) to September 01, 2021 (2021-09-01).

chage shanky -E 2021-09-01 # Expiry date format: YYYY-MM-DD

Note that user account expiry is different from password expiry. Password expiry is the date when the current password will no longer work. To modify a user account’s password expiry date instead, replace the -E option with the -M option, then set the maximum days before the password expires. The complete command would be like this: chage shanky -M 30

List the user’s information as you previously did to see the user account’s new expiry date. As you see below, the new account expiry date is set to Sep 01, 2021.

Resetting User’s Password

Earlier, you learned how to modify a user’s account and password expiry option, but it’s also important to learn how to reset a user’s password before it expires. Regularly resetting or changing a user account password helps secure a user’s password from exposing it to attackers. Or due to the most common reason, the user forgot the password.

To reset a user’s password, run the sudo passwd shanky command below. The passwd command alone lets you change a user’s password, but the function changes when you put additional options with it. For example, if you add the -d option, the passwd command deletes the user’s password, like this: sudo passwd -d shanky.

sudo passwd shanky

Enter and confirm the new password in the prompts, as shown below. Once done, you’ll get a message that says passwd: password updated successfully.

Changing Account’s Username

Earlier, you performed lots of activity with an account named “shanky,” which is the account’s username. There are times when you need to change an account’s username, like when they change their name in the organization or as part of account security.

Run the usermod command below to change the account’s (shanky) username to shankyo. The usermod command modifies account files based on the changes you specified when you run the command.

sudo usermod -l shankyo shanky

Now run the id command followed by the user’s name (shankyo) to verify if the username is changed.

id shankyo

Below, you can see that the user’s login name is now set to shankyo.

Managing User Group Membership

Changing a user’s login name is a sensitive task. What if you mistakenly added a user to a group with special permissions? How would you remove the user from that group? Don’t worry; the gpasswd command will do the trick. The gpasswd command lets you administer groups in your Linux system.

Whenever you add a new user (shanky), the system automatically adds that user to a group with the same name (shanky) by default. You previously changed an account’s username from “shanky” to “shankyo,” but that user’s account remains in the “shanky” group. As a result, the user (shankyo) still benefits from the “shanky” group’s permissions.

1. Run the gpasswd command below to remove (-d) the user (shankyo) from the group named shanky.

sudo gpasswd -d shankyo shanky

2. Next, run the groupadd command below to create a group named shankyo in the /etc/group file since the group doesn’t exist yet. The /etc/group file is a text file where groups are defined, one entry per line. The groupadd command creates a new group account based on the values you specified on the command.

groupadd shankyo

3. Finally, run the usermod command below to add the user (-a shankyo) to the group (-G shankyo). And then, run the groups shankyo command to return the group(s) that the user (shankyo) belongs to.

# Adds the user named 'shankyo' to the shankyo group
sudo usermod -a shankyo -G shankyo
# Returns the group(s) that the user named 'shankyo' belongs to
groups shankyo

Removing a User with Linux Delete User

Now you have learned how to add and modify a user’s account, which is good enough to manage a user’s account. But perhaps a user account is not in use anymore or was added by mistake. In that case, the deluser command is what you need. The deluser command removes users and groups from the system according to the options you specify in a command.

Run the deluser command below to delete all files owned (--remove-all-files) by the user account (shankyo) from your Linux system. The command removes the user account’s (shankyo) home directory and mail spool and removes the user from the /etc/passwd and /etc/shadow files. The /etc/shadow file contains information about the system’s account’s password.

sudo deluser --remove-all-files shankyo

Now run the id command, followed by the user’s login name (shankyo), to verify if the user is deleted from the system.

id shankyo

Below, you can see the message that says id: ‘shankyo’: no such user.

Conclusion

In this tutorial, you learned how to add, manage and delete users, one of the many joys of being a Linux system administrator. You’ve also learned how to secure a user account by changing user’s login name and resetting a user’s password.

Now how would kick this newfound knowledge up a notch? Perhaps automating the password reset when a user’s password expires?