Learn how to manage user accounts and groups. We walk through how to add and delete users and groups (normal and system). Find out how to add/remove existing users to/from groups and how to create an admin account.
Ubuntu and other Debian based linux distributions use user friendly wrapper commands called adduser, addgroup, deluser, and delgroup (the commands are actually implemented as scripts written in perl). These commands hide underlying calls to the low level commands useradd, groupadd, userdel, and groupdel. You can still use these underlying commands if you wish, but it is recommended that you use the friendlier adduser, addgroup, deluser, and delgroup commands.
(Advanced users can fine tune the operation of adduser and addgroup by editing the configuration file /etc/adduser.conf as required).
To add a new user use the adduser command. For example to add a user called tutonics2, run:
sudo adduser tutonics2
Sample output is shown in the screenshot below: By default, a home directory will be created for the new user. This home directory will be populated as per contents of the /etc/skel directory. Our /etc/skel contains all the usual files and dirs you'd expect in a home dir, along with another directory called "Code". Hence all these dirs are created for each new user created via command line. Note that you will need to populate /etc/skel with the files and dirs you require. Also note that the .profile, .bashrc, and .bash_logout are already in the default /etc/skel directory.
In Ubuntu, the next available user id above 1000 is used by default when a (normal) new user is created (the same is true of the group id). To override this behaviour and specify the user id to use, use the --uid option, for example to specify that a user id of 1050 be user, run this command:
sudo adduser --uid 1050 newuser
When you create a new user, they are added to a "primary" group. Every user has a primary group, which gets used as the basis for the group related permissions when new files are created by that user. When no group is explicitly specified in the options to the adduser command, a group with the same name as the new user is created (if it does not already exist) and the new user is added to that new group. So taking the example above for the new user tutonics2, a new group called tutonics2 is created also. You can change this behaviour and specify a group id to use via the --gid option or group name using the --ingroup option: e.g. to use group "users"
sudo adduser --gid 100 tutonics2
sudo adduser --ingroup users tutonics2
To delete a user account, use the deluser command. To also remove their home directory, include the --remove-home option:
sudo deluser --remove-home tutonics2
To keep their home directory and just delete the user account, omit the --remove-home:
sudo deluser tutonics2
Note that if the user had their own group with the same name, that will get deleted also (if there are no other members).
To add a new group you can use addgroup (or adduser with --group)
sudo addgroup newgroupname
sudo adduser --group newgroupname
To specify a specific groupid, just add the --gid option to the former command e.g. to add using 1234
sudo addgroup -gid 1234 newgroupname
To delete a group, use the delgroup command, e.g. to remove a group called oldgroup, run:
sudo delgroup oldgroup
To add to an existing user to an existing group, just use adduser like so:
sudo adduser username existing_group
To remove a user from a group, use simply use the deluser command like so:
sudo deluser username existing_group
In Ubuntu, anyone in the sudo group can run any command (as long as they use the sudo command when required). To add an existing user to the "sudo" group (thus giving them admin permissions) run:
sudo adduser username sudo
In Ubuntu, an "administrator" is usually added to these groups also: adm, lpadmin, and sambashare. To be consistent, add your administrator to these groups by running:
sudo adduser username adm sudo adduser username lpadmin sudo adduser username sambashare
A system user is a user created for an application/process/daemon on your system. For consistency, system users are given a uid below 1000 while normal users are given a uid above 1000. A system user normally doesn't need to be able to login (so its shell is /bin/false, unless the --shell option is used to specify one), and most of the time will not even need a home directory.
By giving processes their own user and group, you can control what files they have access to and keep them from being able to write to any file (Having a daemon run as root with access to all files and resources is considered bad practise - It may need to start as root to access a resource, but should then have its permissions lowered by setting its user and group to that of its specified system user).
To add a system user for a daemon/application called myapp_name, run the following command (to avoid creating a homedir, use the option --no-create-home, If a homedir is required, just leave that option out):
sudo adduser --system --no-create-home myapp_name
By default, a system user will have primary group 'nogroup' to override this, you can specify an existing gid:
sudo adduser --system --no-create-home --gid n myapp_name
To use an existing group name rather than id,
sudo adduser --system --no-create-home myapp_name --ingroup somegroup
Alternatively, you can create a group for that system user using the same name by including the --group option.
sudo adduser --system --no-create-home --group myapp_name
To add a new system group called new_sys_group use the command:
addgroup --system new_sys_group
Note that system groups are created with the next available id below 1000. You can override this using the --gid option, for example to use 6000 as the group id, use:
addgroup --system --gid 6000 new_sys_group
However, for consistency it is advised to stick with the standard convention of having system group ids below 1000.
You can delete a system user in the same way as a normal user. Remember to remove the home dir if one exists (by including the --remove-home option):
sudo deluser --remove-home myapp
You can delete a system group in the same way as a normal group
sudo delgroup sysgroup