Linux Cheat Sheet: Users & Groups

Or, the quick bookmark for configuring local users

March 5, 2018

This is the first in a series of posts that is meant to dump some personal notes that I've kept for quite some time. Most of the information found below can be gathered by simply typing in the command listed followed by a --help or preceded with the man or info command. The real challenge, most of the time, is in remembering the command or file name and location. Both of those things as well as explanations and examples are listed below.

1. The /etc/passwd file

This file contains all user accounts on the system. Below is an example of an entry in /etc/passwd.

 1  2   3    4      5             6        7
leo:x:1005:1005:Leo Chavez,,,:/home/leo:/bin/bash
  1. Pieces are separated by colons. leo is the username.
  2. x is the password placeholder. If no password is set, a ! will appear instead.
  3. The first 1005 is the UID (user ID).
  4. The second 1005 is the GID (group ID).
  5. Leo Chavez is the full name of the user.
  6. /home/leo is the location of the home directory.
  7. /bin/bash is the location of the user's default terminal.

2. The /etc/shadow file

This file contains all users and hashed passwords, but cannot be read by normal users. By default, root will have read/write access and the shadow group will have read access. Therefore, to see this file, you'll have to elevate your privileges with sudo or su to root.

 1   2    3                4                     5   6   7   8    9
leo:$6$7iU2.3kT$c/brL1Ydgicae.LkNKYsoAMq1.2J71:17594:0:99999:7::17897:
  1. leo is the username
  2. $6$ represents the hashing algorithm SHA512. $5$ (SHA256) is also common.
  3. This is the salt which is used to strengthen passwords.
  4. This long string is the hashed and salted password, but has been shortened.
  5. 17594 represents the number of days after Jan 1, 1970 that the password was changed.
  6. 0 is how many days a user must wait before changing their password again.
  7. 99999 is how many days a user can keep their password before being forced to change it.
  8. 7 is the amount of days prior to the forced password change a user is warned.
  9. 17897 is the number of days from Jan 1, 1970 until account expiry

3. The /etc/group file

This file contains a list of all groups on the system.

     1     2  3   4
sambashare:x:127:leo
  1. sambashare is the group name.
  2. Not normally used, but a group password would be here.
  3. 127 is the group ID.
  4. Users in the group, separated by commas.

/etc/gshadow would be the group version of /etc/shadow.

4. The useradd command

The useradd command will create users as well as define their home folder location, set an account expiration date and define the default shell.

5. The passwd command

The passwd command will set the password for yourself when used alone passwd or of another use when the user is defined passwd leo. This is typically done as root or with sudo. This must be done before the new user can log in.

6. The userdel command

The userdel leo command will remove a user from the system, but leave the files behind. To remove the files as well, use userdel -r leo

7. The groupadd command

The groupadd command will add new groups to the system. Adding the group Sales can be done with groupadd Sales.

8. The usermod command

The usermod command will make modifications to users like group associations and home directory changes.

9. The groups and id commands

The groups command will show which groups the current user is assigned to. To find out this info about another user, add the username groups nate. The id command will show similar information as well as User ID and any Group ID associated with the users or groups. id nate will show ID information about Nate.