Master Linux User & Group Management: UID, GID, Commands Explained

Linux User Management

1. User/Group Overview

Linux is a multi‑user, multitasking OS where each process belongs to a specific user. To use system resources you must have a regular user account created by the superuser. Superusers can monitor users and set permissions to ensure security.

Each user belongs to one or more groups, allowing centralized management of permissions.

3.1.1 User identifiers: UID and GID

Each user has a unique UID, similar to an ID card number.

The

id

command shows the current user’s UID, GID and group list.

# id
uid=0(root) gid=0(root) groups=0(root) ...

The

ll

command lists file owners.

# ll /home
... (listing) ...

Use

ps aux | less

to view processes.

# ps aux | less
USER   PID %CPU %MEM ... COMMAND
root    1  0.0 0.1 ... /usr/lib/systemd/systemd
...

After installing Apache,

ps aux

shows the httpd process owner.

# yum -y install httpd
# systemctl start httpd
# ps aux | grep httpd
root 43382 0.0 ... grep --color=auto httpd

3.1.2 User and group files

User names and encrypted passwords are stored in

/etc/passwd

and

/etc/shadow

. Each line in

/etc/passwd

has seven fields: username, password placeholder, UID, primary GID, comment, home directory, login shell.

# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
...

The

/etc/shadow

file contains nine fields, including the encrypted password, last change date, minimum and maximum age, etc.

# cat /etc/shadow
root:$6$...$...:19655:0:99999:7:::
...

UID 0 is privileged, 1‑499 are system users, 500+ are regular users (CentOS 6+).

3.1.3 Types of users

1. Superuser (root) – has UID 0 and can execute any command.

2. Regular user – UID usually starts at 1000; can run limited commands.

3. Service (program) user – non‑login accounts used by daemons, UID 1‑999.

3.2 Managing users and groups

3.2.1 Creating users and groups

Use

useradd

to create a user.

# useradd qf1
# grep qf1 /etc/passwd /etc/group
/etc/passwd:qf1:x:1015:1015:/home/qf1:/bin/bash
/etc/group:qf1:x:1015:

Common

useradd

options:

-d Specify home directory

-u Specify UID

-g Specify primary GID

-G Specify supplementary groups

-s Specify login shell

Use

groupadd

to create a group and

useradd -G

to add a user to existing groups.

# groupadd hh
# groupadd hhh
# useradd qf2 -G hh
# useradd qf3 -G hh,hhh
# id qf2
uid=1016(qf2) gid=1016(qf2) groups=1016(qf2),2006(hh)
# id qf3
uid=1017(qf3) gid=1017(qf3) groups=1017(qf3),2006(hh),2007(hhh)

Specify a GID with

groupadd -g

.

# groupadd hhhh -g 1802
# grep hhhh /etc/group
hhhh:x:1802:

3.2.2 Deleting users and groups

Remove a user with

userdel

. Use

-r

to also delete the home directory and mail spool.

# userdel qf4
# userdel -r qf3

Remove a group with

groupdel

(cannot delete a group that is still the primary group of a user).

# groupdel hhhh

3.2.3 Changing user passwords

Any user can change their own password with

passwd

. Only root can change another user’s password without the old password.

# passwd qf1

3.2.4 Secure users

Set a user’s login shell to

/sbin/nologin

to create a non‑login (secure) account.

# useradd qf8 -s /sbin/nologin
# tail -2 /etc/passwd
qf2:x:1016:1016:/home/qf2:/bin/bash
qf8:x:1017:1017:/home/qf8:/sbin/nologin

3.2.5 Configuration files

/etc/login.defs

and

/etc/default/useradd

define defaults for

useradd

, such as password aging and default shell.

# /etc/login.defs excerpt
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7
ENCRYPT_METHOD  SHA512

# /etc/default/useradd excerpt
GROUP=100
HOME=/home
SHELL=/bin/bash
CREATE_MAIL_SPOOL=yes

3.2.6 su and sudo

Use

su

to switch users;

sudo

allows users in the

wheel

group to execute commands as root after entering their password.

# su -
Password:
# su none
# useradd qf9 -G wheel
# sudo useradd qf10

3.3 Chapter summary

This chapter covered the meaning of UID/GID, the role of a user’s shell, and how to add, delete, modify, and query users and groups; how to edit

/etc/passwd

and

/etc/shadow

; default configurations for

useradd

; and how to switch identities with

su

and elevate privileges with

sudo

.