Linux Users

Linux Users

In Linux, users are defined in the /etc/passwd file, and their passwords are stored in the /etc/shadow file.

[!NOTE] Note At one time, this file stored the hashed passwords of every user on the system. However, this responsibility has been moved to a separate file for security reasons.

View Users

Every user on a Linux system, whether created as an account for a real human being or associated with a particular service or system function, is stored in a file called /etc/passwd.

The /etc/passwd file contains information about the users on the system. Each line describes a distinct user.

Have a look by using the less command, so you can scroll through the entire file:

less /etc/passwd

Each line is broken up into fields. These fields are delimited by the colon (:) character.



You will probably see a number of other users whose usage seems at least somewhat clear. For instance, user www-data is configured as the owner of web server processes.


How to Read the /etc/passwd File

On this example...


The fields of information are separated by a colon (:) character. There are 7 fields on each line in a typical Linux /etc/passwd file (Source):

  1. root: Account username
  2. x: Placeholder for password information. The password is obtained from the /etc/shadow file.
  3. 0: User ID. Each user has a unique ID that identifies them on the system. The root user is always referenced by user ID 0.
  4. 0: Group ID. Each group has a unique group ID. Each user has a "primary" group that is used as the group by default. Again, the root group's ID is always 0.
  5. root: Comment field. This field can be used to describe the user or user's function. This can be anything from contact information for the user, to descriptions of the service the account was made for.
  6. /root: Home directory. For regular users, this would usually be /home/<username>. For root, this is /root.
  7. /bin/bash: User shell. This field contains the shell that will be spawned or the command that will be run when the user logs in.

How to Read the /etc/shadow File

On this example...


The fields of information are separated by a colon (:) character. (Source):

  1. daemon: Account username
  2. *: Salt and hashed password. An asterisk signifies that this account cannot be used to log in.
  3. 15455: Last password change. This value is measured in days from the Unix "epoch", which is January 1, 1970.
  4. 0: Days until password change permitted. 0 in this field means there are no restrictions.
  5. 99999: Days until password change required. 99999 means that there is no limit to how long the current password is valid.
  6. 7: Days of warning prior to expiration. If there is a password change requirement, this will warn the user to change their password this many days in advance.
  7. [blank]:The last three fields are used to denote days before the account is made inactive, days since the Epoch when the account expires. The last field is unused.

[!NOTE] Note The asterisk (*) value in the second field on some of the above lines means that the account cannot log in. This is mainly used for services and is intended behavior.

View Currently Logged In Users

Run (Source):




Adding a User

To create a new user (requires root access):

adduser <username>

You will asked for details of the user.

Deleting a User

To delete a user (requires root access) (Source):

deluser <username>

To also delete the user's home directory (Source):

deluser --remove-home <username>

Changing User's Password

To change your user's password (Source):


To change another user's password (requires sudo) (Source):

passwd <username>

See Groups

To see a your user's groups (Source):


To see another user groups (Source):

groups <username>

[!NOTE] Note From man groups: Primary and supplementary groups for a process are normally inherited from its parent and are usually unchanged since login. This means that if you change the group database after logging in, groups will not reflect your changes within your existing login session. Running groups with a list of users causes the user and group database to be consulted afresh, and so will give a different result.

There are other ways of seeing the groups of a user, explained here, by Cyberciti.

Add a User to a Group

To add a user to a group (requires root access) (Source):

usermod -aG <group-name> <username>

Grant a User Sudo Access

To grant a user sudo access, one would usually add the user to the sudo group (requires root access) (Source):

usermod -aG sudo <username>

To specify explicit privileges for a user, one should edit the /etc/sudoers file. The only recommended way of editing this file is the visudo command, because it locks the file against multiple simultaneous edits and performs a validation check on its contents before overwriting the file. This helps to prevent a situation where you misconfigure sudo and cannot fix the problem because you have lost sudo privileges.

[!NOTE] Note Traditionally, visudo opened /etc/sudoers in the vi editor, which can be confusing for inexperienced users. By default on new Ubuntu installations, visudo will use the nano text editor, which provides a more convenient and accessible text editing experience. (Source)

Run (Source):


Duplicate this line and replace the root with the new username:

root    ALL=(ALL:ALL) ALL
<username>    ALL=(ALL:ALL) ALL