Sign In
Sign In

User Management in Linux

User Management in Linux
Hostman Team
Technical writer
Linux
11.07.2024
Reading time: 9 min

Modern operating systems (including Windows, Unix/Linux, and macOS) are multi-user. This means that multiple users can be created and managed separately without interfering with other users or programs. You can also edit users: change their names, groups they belong to, etc. In this article, we will discuss user management in Linux using the Ubuntu distribution.

This user management guide will work for any cloud server or virtual machine with a pre-installed Linux operating system.

In this article, we use Ubuntu version 22.04, but you can use any other distribution, including Debian, CentOS, etc.

All commands are executed from the root account. Regular users cannot create, delete, or modify user and group information without sudo privileges.

Where User Information is Stored

In Linux systems, whether a user was created manually or as a result of installing some software, their information is stored in the /etc/passwd file. To show all users of a Linux system, run:

cat /etc/passwd

The structure of the passwd file is as follows:

username:password:user_id:group_id:additional_info:home_directory_path:shell_path

For example:

gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin

Explanation of the fields in the passwd file:

  • Username — used, for example, for SSH login or when adding to a specific user group. The username length can be 1 to 32 characters.

  • Password — in modern Linux distributions, passwords are not stored in plain text. Instead, one of the following symbols is used:

    • x — means the password is stored in encrypted form with "salt" (a random set of characters added to the password hash to complicate the password-cracking process). The encrypted password itself is stored in the /etc/shadow file.

    • * — means the user does not have permissions to log into the operating system.

    • The user account does not have a password if neither of these symbols is present.

  • User ID (UID) — each created user in a Linux system is assigned a unique number (identifier) in the form of a positive number.

    • The number 0 always belongs to the root user. Numbers from 1 to 9 and from 10 to 499 are reserved and allocated only for pseudo-users (users created with the installation of certain programs, such as PostgreSQL or Nginx). For regular users, numbers usually start from 500 or 1000. The user ID can be changed (except for the root user).

  • Group ID (GID) — when a user is created, a group with the same name is also created. Groups allow you to assign permissions to objects in the system (files, directories, etc.) to several users at once. A user must be in at least one group. Like users, groups are assigned unique numerical IDs.

  • Additional Information — you can add additional information for users, such as full name, address, phone number.

  • Home Directory Path — each user in the Linux system has their own home directory. By default, it is located in the /home directory, but you can choose another one, such as /var or /bin. For example, when installing PostgreSQL, a user named postgres is automatically created, with a home directory at /var/lib/postgresql.

  • Shell Path and Login Prohibition — a user may have a command shell for executing commands (usually bash or sh). ALso, you can prohibit a user from logging into the server by using /bin/false or /usr/sbin/nologin.

Creating Users with useradd

To create users in Linux systems, you can use a low-level utility called useradd.

For example, to create a user named hostman:

useradd hostman

If we look at the contents of the /etc/passwd file, at the end of the list we will see information about the created user:

cat /etc/passwd

Powershell E0u Ag Ejult

However, it is important to note that by default, i.e., without using options, useradd does NOT create a password or home directory for the user. Although there is a corresponding value in the /etc/passwd file, the utility merely reserves the home directory for the user.

To set a password for the user, run the passwd command. Let's set a password for our user hostman:

passwd hostman

Powershell Z La D H0i6 N8

You will need to enter the password twice. 

Note that setting a password is mandatory. Without it, the new user will not be able to log in.

When using the useradd command, you can set a password during the user creation stage using the -p option, but the password must be pre-encrypted. The openssl utility (present by default in most Linux distributions) can be used for this. Let's create a user named new-user and set the password StrongPassword123$ for them:

useradd -m -p $(openssl passwd -1 StrongPassword123$) new-user

Check the /etc/passwd file:

cat /etc/passwd

Powershell 2h Kj B5v O Qn

You can see that new-user exists and has a password, which is indicated by the symbol x.

It is not a recommended method for password setting because the password is entered in plain text and is available in the command history.

Although useradd only creates users, the utility has options for setting the user's home directory and login shell.

To create a user and set their home directory, use the -m and -d keys, followed by the full path to the intended directory:

useradd -m -d /home/hostman hostman

If you do not specify the directory manually, the user's home directory will be created in the /home directory.

To set the user's shell, use the -s option, followed by the shell:

useradd -s /usr/bin/bash hostman

Creating Users with adduser

In the previous section, we used the useradd utility to create users. However, the useradd manual for Debian-based systems advises using adduser instead of useradd.

The adduser command, like useradd, creates users in the system but works at a higher level and is interactive. Technically, adduser is a Perl script that uses useradd to create users.

When using adduser, you specify the username, and the utility will automatically:

  • create a group with the same name for the user,
  • create a home directory in the /home directory,
  • prompt for a password,
  • fill in information such as full name (Full Name), room number (Room Number), work phone (Work Phone), home phone (Home Phone), and any other information you consider necessary (Other). If you do not want to fill in this information, just press Enter until you reach the final question: "Is the information correct?". You need to enter Y (yes) or n (no).

In the screenshot, you can see how we created a user named testuser using the adduser utility:

Powershell Gq1 Bsgi F1s

Using adduser significantly simplifies creating new users, as you do not have to use additional commands and options.

Deleting Users

To delete a user on Linux, use the userdel command. Let's delete a user named test1:

userdel test1

By default, the userdel command does not delete the user's home directory. To delete both the user and their home directory, use the -r key:

userdel -r test1

There is another way to delete a user account on Linux — using the deluser command. The deluser utility is available only in Debian-based distributions. To delete the user testuser using deluser, execute the following command:

deluser testuser

Powershell Oxhucf E1 Ko

Just like when using the userdel command, the deluser command does not delete the user's home directory and the user's directory in /var/mail where email messages are stored. To delete these directories when deleting the user, use the --remove-home option:

deluser --remove-home testuser

Managing User Passwords

As mentioned earlier, modern Linux distributions do not store passwords in plain text. Instead, the system stores only their hash functions. The hash functions are stored in a separate text file called /etc/shadow:

Powershell 4e5 S1 L Xl Mk

The structure of the shadow file is as follows:

username:encrypted_password:last_password_change_date:minimum_days_between_password_changes:maximum_days_before_password_change:days_before_password_expiry:days_after_password_expiry_until_account_is_disabled:account_expiry_date

For example:

hostman:$y$j9T$csuJ6HDxYMO4UA0WABfwj1$dZOda.QqT7XS/1Ut3UJIVIG3kJTzMli/Rn0Ku/Vwdv/:19912:0:99999:7:::

Explanation of the fields in the shadow file:

  • Username is the username for which the password is stored.

  • Password is the encrypted password in hash function form. The hash function used to create the password is indicated by symbols such as $y$, $1$, $2y$, etc.

  • Last Password Change Date is the number of days since the last password change, calculated from January 1, 1970.

  • Minimum Days Between Password Changes is the minimum number of days between password changes.

  • Maximum Days Before Password Change is the maximum number of days before the user must change the password.

  • Days Before Password Expiry is the number of days before the password expires, and the system starts notifying the user that the password needs to be changed.

  • Days After Password Expiry Until Account is Disabled is the number of days after the password expires until the account is disabled.

  • Account Expiry Date is the date the account will be disabled, counted in days from January 1, 1970.

To change a user's password, use the passwd command. The root user can change the password for any user, but a regular user can only change their own password.

For example, to change the password for the user hostman, run the command as the root user:

passwd hostman

Enter the new password for the user twice, and the password will be updated.

To force the user to change their password at the next login, use the passwd command with the -e key:

passwd -e hostman

This command sets the password expiration date to the current date, so the user will be prompted to change their password the next time they log in.

Managing User Groups

Groups in Linux are necessary for organizing users. Each user must be in at least one group. When you create a user, a group with the same name is created by default.

To view all groups in the system, use the getent command:

getent group

It will show the content of the /etc/group file. The structure of the file is as follows:

group_name:password:group_id:group_members

For example:

hostman:x:1001:

Explanation of the fields in the group file:

  • Group Name — the name of the group.

  • Password — the group password, usually indicated by the symbol x, meaning the password is stored in encrypted form.

  • Group ID — the unique identifier of the group.

  • Group Members — the list of users who are members of the group.

To create a group, you can use groupadd. Let’s create a group named group1:

groupadd group1

Groups can be renamed using groupmod. This way we rename group1 to newgrp:

groupmod -n newgrp group1

To add a user to a group in Linux, use the usermod command with the -aG option, where -a means "append" and -G specifies the group:

usermod -aG sudo hostman

To add several users at once, you can use:

gpasswd -M user1,user2 newgrp

To check a user’s group, use the groups command and the username, for example:

groups hostman

Powershell Qs Qi Tf S6 Ai

To remove a user from a group, use the gpasswd command with the -d option:

gpasswd -d hostman sudo

Powershell Mvrbw Q08 Tk

Another option is to use deluser which can also delete users from groups. For example, to remove user1 from nwgrp:

deluser user1 newgrp

Conclusion

Managing users and groups in Linux is a fundamental task for system administrators. This article covered the basic commands and utilities for creating, deleting, and managing users and groups in a Linux system. Understanding these concepts and tools is essential for maintaining a secure and efficient operating environment.

Linux
11.07.2024
Reading time: 9 min

Similar

Linux

How to Create a Text File in Linux Terminal

In Linux, you can access and edit text files using a text editor that is designed to work with plain text. These files are not specifically coded or formatted. Linux allows one to create a file in numerous ways. The fastest is, probably, Linux Command Line or Terminal. For all users—especially server administrators—who must rapidly generate text files, scripts, or configuration files for their work, this is a very important ability. Let's proceed to the guide on four standard techniques for creating a text file on the terminal. Prerequisites for File Creation in Linux Ensure these prerequisites are met before generating files in a Linux environment using the command-line interface: Access to a Functional Linux System: You must either have a Linux-based operating system installed on your computer or secure access to a Linux server via SSH (Secure Shell) protocol. Operational Terminal Interface: Confirm that your terminal application is accessible and fully operational. The terminal serves as your primary gateway to executing commands. Adequate User Permissions: Verify you can create files within the chosen directory. You may need to use sudo (for directories with access restrictions) to escalate privileges. Fundamental Commands Proficiency: You must get familiar with essential commands, such as touch for file creation, echo for printing text, cat for viewing file contents, and text editors like nano, vim, or vi for editing files directly. Text Editing Utilities: Ensure your system includes text editing tools: nano for command line simplicity, vim for advanced configurations, or graphical options like gedit for user-friendly navigation. Directory Management Expertise: Develop familiarity with directory navigation commands like cd for changing the working directory and ls for listing directory contents. This knowledge streamlines your workflow and avoids potential errors. Using the touch Command Generally, we use the touch command to create empty files and change timestamps. It will create an empty file if it doesn't exist already.  To create a text file in the current directory with the touch command: Open your terminal emulator. Type the command: touch filename.txt Change "filename" to your desired name. The timestamps for access and modification will be updated without changes in file content if the file exists already. Otherwise, an empty file is created with a given name.  Press Enter—if it is successful, there will be no output. Use the ls command to list the directory content and verify file creation. Using the echo Command Redirection The echo command is widely used to display text on the terminal. But its capabilities go beyond that; it may also be used to write content to a file or create an empty file. For this, combine the echo command with double redirect symbols (you can also use a single >) and the desired filename. A text file can be created by redirecting the output of the echo command to a file. See how it works: Open your terminal emulator. Type the command: echo “Your text content here” > filename.txt Replace the text in double quotations (do not delete them) with yours to add it to the file.  After you press Enter, your text will be added to the file filename.txt. It will overwrite an existing file, if there is one. Otherwise, it will just create a new one. Press Enter. To verify that the file has been created and contains the desired content, use cat command to display the content.  Using the cat Command Redirection In Linux, the cat command is mostly used to concatenate and show file contents. It can, however, also be used to generate a text document by redirecting the standard output of cat to a file. Open your terminal emulator. Type the following command: cat > filename.txt Replace filename.txt with the name for your text file. This command instructs cat to receive input rom the terminal and to redirect it into the filename.txt. Press Enter. The terminal will be waiting for input.  Enter the text you want in the file. Press Enter after each line. Press Ctrl + D when you are done. This signals the end of input to the cat and saves the content.  Run the cat command to check that the file has been created and contains the desired content. Start using Hostman efficient S3 storage Using printf for Advanced File Creation The printf utility is a powerful alternative to echo, offering enhanced formatting options for structuring text. It allows users to create files with precisely formatted content. Open the terminal. Use printf to define the text layout, incorporating formatting elements like newlines (\n) or tabs (\t). Redirect the output to a file using the > operator. Example: printf "First Line\nSecond Line\nIndented\tThird Line\n" >  formatted_file.txt Run the cat command to inspect the file's content and ensure the formatting matches expectations. Append Without Overwriting: To add content to an existing file without overwriting its current data, replace > with the append operator >>: printf "Additional content here.\n" >> formatted_file.txt Using a Text Dditor You can also create new files in linux text editors. There is always at least one integrated command-line text editor in your Linux distribution. But you can choose and install a different one according to your preferences, for example, Vim, Nano, or Emacs. Each of them has its own features and advantages. Vim vim, which stands for "Vi IMproved," is a very flexible and adaptable text editor. It is well-known for its modal editing, which allows for distinct modes for various functions like text entry, navigation, and editing. It allows split windows, multiple buffers, syntax highlighting, and a large selection of plugins for extra features. To create a text file using vim, follow the steps below: Open vim, with the desired filename as an argument. Press i to switch to Insert mode. Start typing and editing the filename.txt.  To save and exit, press Esc to ensure that command mode is running. Type: wq (write and quit) and press Enter. Nano nano is ideal for short adjustments and straightforward text files because it is lightweight and requires little setup. It provides support for basic text manipulation functions, search and replace, and syntax highlighting. To create a text file using nano, follow the steps below:  Run nano with the desired filename as an argument. It will open a new buffer for editing the file filename.txt. Start typing and editing the filename.txt.  To save and exit, press Ctrl + O to write the file, confirm the filename, and then press Ctrl + X to exit Nano. Emacs emacs is a powerful and flexible text editor that supports syntax highlighting, multiple buffers, split windows, and integration with external tools and programming languages. To create a text file using emacs, follow the steps below:  Open emacs, with the desired filename as an argument. Start typing and editing the filename.txt.  To save and exit, press Ctrl + X, followed by Ctrl + S to save the file, and then Ctrl + X, followed by Ctrl + C to exit Emacs. Note: If a message states that "VIM command not found", "nano command not found" or "emacs command not found" in Linux, it typically means that the vim, nano or emacs text editor is not installed on the system, or it's not included in the PATH environment variable, which is a list of directories where the operating system looks for executable files. To resolve this, install the text editor first using the command:  apt-get install vim apt-get install nano  apt-get install emacs Gedit An intuitive text editor that supports working with plain text and has syntax highlighting for programming languages. A straightforward graphical interface makes it usable for various tasks, from quick edits to complex document preparation. Open the Gedit Application: Launch Gedit either through the applications menu or by executing the following command in the terminal: gedit example.txt Gedit will create a new file if the specified one does not exist. Input Your Text: Type or paste your desired content into the editor. Save the File: Save your work with Ctrl + S or select File > Save. If creating a new file, specify a filename and a location. Verify: Return to the terminal and confirm the file exists with the ls command or review its content with cat. Linux File Creation Recommendations Ensure you have sufficient permissions to create files in the target directory. If they are insufficient, consider working in a directory where you have full rights (or elevate privileges with sudo). Check if a file with the identical name is already present before using the > operator, as the command will overwrite existing content. To prevent data loss, opt for the append operator >>. Familiarize yourself with the printf, echo, and text editors like vim or nano. These tools will help you reduce errors when working with files in Linux, as well as boost productivity. Use printf for creating files requiring structured content, such as configuration files or scripts with precise formatting needs. Conclusion Now you have acquainted yourself with the fundamental skill of creating a file in Linux using the terminal! Using the Linux command line, several fast and efficient methods exist to create and manage text files. Apply several techniques to meet a different requirement using the touch, echo, cat, printf commands, or text editors like vim, nano, gedit, or emacs. Users can select the method that sufficiently meets their requirements, such as creating empty files, appending text, or significantly modifying material. In summary, any of these methods enable Linux users to easily and quickly handle text files straight from the command line. Hostman offers a reliable managed Linux VPS for your projects.
21 April 2025 · 8 min to read
Linux

Installing and Configuring Grafana

Working with any IT project becomes much easier when the administrator has a wide range of metrics and monitoring data at their fingertips. It's even better when the data is presented in a clear and visual format. This is where tools like Grafana come in — an open-source solution designed to gather information from various sources and consolidate it into visual reports. Grafana supports multiple platforms — Windows, macOS, Linux (including popular distributions like Debian, Ubuntu, CentOS, Fedora, OpenSuse, or RedHat). It can work with databases such as SQLite, MySQL, and PostgreSQL. With so many options, administrators rarely need to adapt the solution to their environment. In this tutorial, we'll go over how to install Grafana, configure it, and work with dashboards. Installing Grafana on CentOS Stream When ordering a Linux VPS, users can install any Linux operating system. Usually, this is one of the common distributions like CentOS or Ubuntu. For this example, we'll assume the OS is already installed and ready for Grafana and other utility programs. Let's import the GPG keys: wget -q -O gpg.key https://rpm.grafana.com/gpg.key sudo rpm --import gpg.key Create a new official repository configuration: sudo nano /etc/yum.repos.d/grafana.repo Add the following content to the file: [grafana] name=grafana baseurl=https://rpm.grafana.com repo_gpgcheck=1 enabled=1 gpgcheck=1 gpgkey=https://rpm.grafana.com/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt Install the application: sudo dnf install grafana Enable autostart and launch Grafana: sudo systemctl enable grafana-server sudo systemctl start grafana-server Check the status to ensure Grafana is running: sudo systemctl status grafana-server You should see a message confirming that the service is loaded and active. This step is especially useful if someone previously worked with the server or installed a custom Linux build with bundled utilities. Installing Grafana on Ubuntu The process is similar: we install Grafana from the official repository after preparing the system to trust the source. Run these commands: wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add - sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main" sudo apt update sudo apt install grafana sudo systemctl enable grafana-server sudo systemctl start grafana-server sudo systemctl status grafana-server Firewall Configuration for Grafana By default, Grafana uses port 3000. Here's how to open it in different firewalls. For iptables: Add the rule: sudo iptables -A INPUT -p tcp --dport 3000 -m state --state NEW -j ACCEPT Save the rules so they persist after reboot: sudo service iptables save Restart iptables to apply changes: sudo systemctl restart iptables For firewalld: firewall-cmd --zone=public --add-port=3000/tcp --permanent systemctl reload firewalld Default Login and Password Grafana uses the default login/password: Username: admin Password: admin If forgotten, reset it with: grafana-cli admin reset-admin-password --homepath "/usr/share/grafana" new_password Data Sources and Plugin Installation Grafana supports numerous data sources: Prometheus, Graphite, OpenTSDB, InfluxDB, and more. It also allows plugin installations to enhance functionality. For example, to install the Zabbix plugin, run: grafana-cli plugins install alexanderzobnin-zabbix-app systemctl restart grafana-server After restart, go to Configuration > Plugins and find Zabbix. After you enable it, you can configure it under Data Sources. This same process applies to other plugins like Grafana PostgreSQL or Grafana Elasticsearch. Working with Grafana Dashboards The core of Grafana is dashboards — sets of panels that visually display data. Users can create their own dashboards by clicking New Dashboard and selecting panel types. Dashboard Types: Graph – multiple metrics in one panel. Stat – single metric graph. Gauge – speedometer-style display. Bar Gauge – vertical bar graph. Table – table with multiple metrics. Text – freeform text. Heatmap – heatmap display. Alert List – list of Grafana alerts. Dashboard List – list of favorite dashboards. You can also display logs from external sources using Grafana Logs, and export/import dashboards for reuse. For advanced control, refer to the official documentation. You can directly edit the grafana.ini file to change: Default ports Log storage paths Proxy settings User access controls Feature toggles Conclusion Grafana is a powerful and flexible monitoring solution. To fully unlock its potential, experiment with dashboards, try manual config via grafana.ini, and explore third-party plugins. As an actively developed project, Grafana remains one of the top data visualization and monitoring tools.
17 April 2025 · 4 min to read
Linux

How to Copy Files over SSH

The SSH (Secure Shell) protocol is a network protocol for remote command-line management of operating systems, widely considered the standard for remote access to *nix machines. It allows secure login to a server, remote command execution, file management (creating, deleting, copying, etc.), and more. Most cloud and hosting providers require SSH to access their services. In this article, we’ll look at how to copy files over SSH on both Windows and Linux systems. How SSH Works SSH can securely transmit any data (audio, video, application protocol data) through an encrypted communication channel. Unlike outdated and insecure protocols like Telnet and rlogin, SSH ensures data confidentiality and authenticity — essential for internet communications. Here’s how a secure connection between a client and server is established: TCP Connection Setup: By default, the server listens on port 22. Both sides share a list of supported algorithms (compression, encryption, key exchange) and agree on which to use. Authentication: To prevent impersonation, both parties verify each other's identities using asymmetric encryption (public/private key pairs). First, the server is authenticated. On the first connection, the client sees a warning with server details. Trusted server keys are stored in /home/<username>/.ssh/known_hosts. Key Generation: Once the server is verified, both sides generate a symmetric key to encrypt all data exchanged. User Authentication: This is done using either a password or a client-sent public key stored in /home/<username>/.ssh/authorized_keys on the server. The most popular implementation on Linux is OpenSSH, which comes pre-installed on most distributions (Ubuntu, Debian, RHEL-based, etc.). Clients like PuTTY or MobaXterm are used on Windows. Since Windows 10 and Server 2019, OpenSSH tools are also available natively. You can learn more about working with SSH in our tutorial. File Copying via SSH Two main utilities for copying files over SSH in Linux are scp and sftp. Both come with OpenSSH. SSH supports two protocol versions: 1 and 2. OpenSSH supports both, but version 1 is rarely used. Autocompletion Setup To enable Tab-based autocompletion when using scp, set up public key authentication: Generate a key pair: ssh-keygen You’ll see output like: Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): By default, your keys (id_rsa for private and id_rsa.pub for public) are saved to ~/.ssh/. Now copy the public key to the remote machine: ssh-copy-id [username]@[ip-address] After entering the user's password, you’ll see a message confirming the key was added. Secure Copy (SCP) For small data transfers (e.g., service configs), scp is best. Copy from local to remote: scp test.txt user@192.168.1.29:/home/user/ Copy multiple files: scp test1.txt test2.txt user@192.168.1.29:/home/user/ Copy from remote to local: scp user@192.168.1.29:/home/user/test.txt ~/ Copy directories: scp -r testdir user@192.168.1.29:/home/user/ Remote-to-remote copy: scp gendo@192.168.1.25:/home/gendo/test.txt user@192.168.1.29:/home/user/ Secure FTP (SFTP) SFTP is another utility included in OpenSSH. As of OpenSSH 9.0, scp now uses SFTP by default instead of the old SCP/RCP protocol. Unlike classic FTP, sftp transmits encrypted data over a secure tunnel. It does not require a separate FTP server. Example usage: sftp misato@192.168.1.29 sftp> ls sftp> lcd testdir/ sftp> get test.txt sftp> bye Graphical file managers like Midnight Commander and Nautilus use sftp. In Nautilus, the remote server appears like a local folder, e.g., user@ip. Copying Files Over SSH on Windows Use the pscp command-line tool from PuTTY to copy files on Windows. Copy to server: pscp C:\server\test.txt misato@192.168.1.29:/home/misato/ Copy from server: pscp misato@192.168.1.29:/home/misato/test.txt C:\file.txt List files on remote server: pscp -ls user@192.168.1.29:/home/misato Use quotes for paths with spaces: pscp "C:\dir\bad file name.txt" misato@192.168.1.29:/home/misato/ To get help, run: pscp Conclusion We’ve covered how to copy files to and from a server using the secure SSH protocol. If you work with cloud servers, understanding SSH is essential — it’s the standard method for remote access to *nix machines and a vital part of everyday DevOps and system administration.
14 April 2025 · 4 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support