Creating a new user and modifying its privileges in Linux
In this post, you will learn:
- Simple way to create a new user in Linux.
- Universal way to create a new user in Linux.
- New user’s system privileges
- Setting password and account expiration
- How to delete a user
If you use Linux with a graphical desktop environment like Ubuntu, for example, you can add or remove new users through its Settings. But this is simplified and I have to say a limited way to do that. The right way is to use the command line. And it is the only way if you work with a server Linux system. Below, you will learn all you need to know about how to create, delete, and modify users in the Linux command line.
Simple way to create a new user in Linux.
Many Linux systems have a user-friendly command to add a new user. The command is adduser. You type this command and the username of a new user.
sudo adduser username
The command will prompt you to create a user password, full name, and some additional information which can be skipped if you want.
And that’s it. The new user is created. This command also creates a home directory for new user (/home/username
)
However, if you also need to grant this user the administrative privileges, you need to add it to the sudo group:
sudo adduser username sudo
Now, this new user will be able to execute the administrative commands with sudo
.
This was the simplest way to create a new user in Linux. The adduser
command is available in many Linux ditros, but in fact, it is a more user-friendly type of the command useradd
, which is more advanced. Below, I would like to show you how to use this more advanced command too.
Universal way to create a new user in Linux.
If adduser
is not available in your distro or you want to have little more control over the new user. You need to use the command useradd
. I know the names are similar and easy to mix. But try to remember that useradd
is a more important command. Basically, adduser
just points to useradd
.
To create a new user with the default options, run:
sudo useradd username
To check what default options were used to create a user, run:
sudo useradd -D
These are the default rules on my Debian VPS (they may differ for your system. ):
You can change these options and use some more. To see all available options of the useradd
command, check its help:
Based on these options, a more complete command would be:
sudo useradd -g users -G sudo -s /bin/bash -m -c "Full name" username
Finally, you need to set a password for this user with passwd.
sudo passwd username
New user’s system privileges
As you have seen I added a new user to the sudo group and granted it administrative privileges. This is what I did on my server and this what you would want to do if you are an admin of the system. But if you create a user on your Linux system for someone else, you probably do not want them to have administrative privileges. So, do not add them to the sudo group.
Setting password and account expiration
If you are a system administrator and you have many uses in your system, besides not including them in the sudo group, you may also want to enhance the security of your system by the expiration time on the passwords and accounts of these new users.
You can do this with the command chage
. Note, it is without n
. The command is short of change age.
You can see all the available options of this command:
To check if there are any limitations set on a user, run:
sudo chage -l username
Usually, there are no expiration dates by default. But you can set some limits with the command chage
:
sudo chage -M 90 -W 30 -E 2020-06-07 username
The above command will set a password expiration date to 90 days and warning about the need to update the password to 30 days before the expiration. And the account will expire on June 6, 2020.
You can see that if you check the status of the user:
You can also do some manipulation with users using the command usermod
. But I have to skip it because this post will be too long.
How to delete a user
Finally, to delete a user, run this command:
sudo userdel -r username
If you also want to remove the home directory of this user, add option -r. But be careful, because it will remove all the data of this user:
sudo userdel -r username
Summary
- To create a new user in Linux, you can use the user-friendly command
adduser
or the universal commanduseradd
. The latter is available in all Linux distros. - New users do not have administrative privileges by default, to grant them such privileges, add them to the sudo group.
- To set time limits on password and account of a user, use the command
chage
. - To delete a user, use the command
userdel
Comments
Ansheeda
how to just give useradd privilage to the new user using sudo command? (only useradd privilage, not other eg: goupadd privilage)
Svengali
Question I have is, how do I create an ID if the system says I do not have right to create? I am a sysadmin and in the right group but tells me I cannot use /usr/sbin/useradd.
juergen
How can I create an account for somebody else without sending passwords around the net?
I thought of creating an account with locked password and putting the public ssh key into the authorized_keys. In that case the user can login, but never change his password, as the change requires the current, non-existent password.
If the /etc/shadow field for password creation time is set to 0, the user is forced to set his password on first login but still asked for the current, non-existent one.
best Juergen
Svengali
sudo /usr/bin/chage -d 0 ID but will still require the orginal password before change.
Svengali8
sudo /usr/bin/chage -d 0 ID
Ian Hector
Hey! Thank you for sharing the valuable information. I found this article very useful. Good work! I have read another article on TOP 8 LINUX CLOUD SERVERS. Please do check it out; it will be helpful.
Abdul
very concise and straight to the point. Bravo Guys.