Managing Local User Accounts
useradd command creates users
useradd username sets reasonable defaults for all fields in /etc/passwd when run without options. The useradd command does not set any valid password by default, and the user cannot log in until a password is set.
Note: useradd is a low level utility which is used for adding users. On Debian like operating systems, administrators should use adduser(8) instead because useradd command won’t create ‘/home/username’ directory in Debian but adduser command will
usermod command modifies existing users
usermod –help will display the basic options that can be used to modify an account. Some common options include:
-c, –comment COMMENT – Add a value, such as a full name, to the GECOS field.
-g, –gid GROUP – Specify the primary group for the user account.
-G, –groups GROUPS – Specify a list of supplementary groups for the user account.
-a, –append – Used with the -G option to append the user to the
supplemental groups mentioned without removing the user
from other groups.
-d, –home HOME_DIR – Specify a new home directory for the user account.
-m, –move-home – Move a user home directory to a new location. Must be used with the -d option.
-s, –shell SHELL – is used to specify a new login shell.
-L, –lock – an account can be locked with this option.
-U, -unlock – an account can be unlocked with this option
Upon ‘usermod‘ command execution in terminal, the following files are used and affected.
/etc/passwd – User account information.
/etc/shadow – Secure account information.
/etc/group – Group account information.
/etc/gshadow – Secure group account information.
/etc/login.defs – Shadow password suite configuration.
usermod [options] username
usermod -d /home/newdirectory user1
Modifies the home directory for the user1 account, changing it to /home/newdirectory.
userdel command deletes users
userdel username will remove the user from the file /etc/passwd, but it does not delete user home directory by default.
· userdel -r username removes the user and the user’s home directory.
userdel -r user1
This command will delete user named user1 with all the files owned by the user.
Note: When we remove a user with userdel without specifying -r option, then the system will not remove user files and have then as owned by an unassigned user ID number. This can also happen in another case when files exist outside the home directory of deleted user. This situation will lead to information leakage and security issues.
passwd command sets passwords
passwd username can be used to either set the user’s initial password or change that user’s password.
The root user can set a password to any value. A message will be displayed if the password does not meet the minimum recommended criteria, but is followed by a prompt to retype the new password and all tokens are updated successfully.
This command will change the password for user1 account