About the commands
Ubuntu and other Debian based Linux distributions use user friendly wrapper commands called
delgroup (the commands are actually implemented as scripts written in perl).
These commands hide underlying calls to the low level commands
groupdel. You can still use these underlying commands if you wish, but it is recommended that you use the friendlier
(Advanced users can fine tune the operation of
addgroup by editing the configuration file
/etc/adduser.conf as required).
Add a new user
To add a new user use the
adduser command. For example to add a user called tutonics2, run:
sudo adduser tutonics2
Sample output is shown in the screenshot below:
By default, a home directory will be created for the new user. This home directory will be populated as per contents of the
/etc/skel contains all the usual files and dirs you'd expect in a home dir, along with another directory called "Code". Hence all these dirs are created for each new user created with the command line.
Note that you will need to populate
/etc/skel with the files and dirs you require. Also note that the
.bash_logout are already in the default
Create user with specific id
In Ubuntu, the next available user id above 1000 is used by default when a (normal) new user is created (the same is true of the group id).
To override this behaviour and specify the user id to use, use the
--uid option, for example to specify that a user id of 1050 be user, run this command:
sudo adduser --uid 1050 newuser
Specifying the primary group
When you create a new user, they are added to a "primary" group.
Every user has a primary group, which gets used as the basis for the group related permissions when new files are created by that user.
When no group is explicitly specified in the options to the
adduser command, a group with the same name as the new user is created (if it does not already exist) and the new user is added to that new group.
So taking the example above for the new user tutonics2, a new group called tutonics2 is created also.
You can change this behaviour and specify a group id to use with the
--gid option or group name using the
--ingroup option: for example to use group
sudo adduser --gid 100 tutonics2
sudo adduser --ingroup users tutonics2
Deleting a user
To delete a user account, use the
deluser command. To also remove their home directory, include the
sudo deluser --remove-home tutonics2
To keep their home directory and just delete the user account, omit the
sudo deluser tutonics2
Note that if the user had their own group with the same name, that will get deleted also (if there are no other members).
Add a new group
To add a new group you can use
sudo addgroup newgroupname
sudo adduser --group newgroupname
To specify a specific groupid, just add the
--gid option to the former command for example to add using 1234
sudo addgroup -gid 1234 newgroupname
Delete a group
To delete a group, use the
delgroup command; for example to remove a group called
sudo delgroup oldgroup
Add an existing user to a group
To add to an existing user to an existing group, just use
adduser like so:
sudo adduser username existing_group
Remove a user from a group
To remove a user from a group, use simply use the
deluser command like so:
sudo deluser username existing_group
In Ubuntu, anyone in the
sudo group can run any command (as long as they use the
sudo command when required).
To add an existing user to the
sudo group (thus giving them admin permissions) run:
sudo adduser username sudo
In Ubuntu, an "administrator" is usually added to these groups also: adm, lpadmin, and sambashare. To be consistent, add your administrator to these groups by running:
sudo adduser username adm sudo adduser username lpadmin sudo adduser username sambashare
System user vs normal user
A system user is a user created for an application/process/daemon on your system.
For consistency, system users are given a uid below 1000 while normal users are given a uid above 1000.
A system user normally doesn't need to be able to login (so its shell is /bin/false, unless the
--shell option is used to specify one), and most of the time will not even need a home directory.
By giving processes their own user and group, you can control what files they have access to and keep them from being able to write to any file (Having a daemon run as root with access to all files and resources is considered bad practice - It may need to start as root to access a resource, but should then have its permissions lowered by setting its user and group to that of its specified system user).
Add A System User
To add a system user for a daemon/application called myapp_name, run the following command (to avoid creating a homedir, use the option
--no-create-home, If a homedir is required, just leave that option out):
sudo adduser --system --no-create-home myapp_name
By default, a system user will have primary group nogroup to override this, you can specify an existing gid:
sudo adduser --system --no-create-home --gid n myapp_name
To use an existing group name rather than id,
sudo adduser --system --no-create-home myapp_name --ingroup somegroup
Alternatively, you can create a group for that system user using the same name by including the
sudo adduser --system --no-create-home --group myapp_name
Add a system group
To add a new system group called new_sys_group use the command:
addgroup --system new_sys_group
Note that system groups are created with the next available id below 1000. You can override this using the
--gid option, for example to use 6000 as the group id, use:
addgroup --system --gid 6000 new_sys_group
However, for consistency it is advised to stick with the standard convention of having system group ids below 1000.
Delete a system user
You can delete a system user in the same way as a normal user.
Remember to remove the home dir if one exists (by including the
sudo deluser --remove-home myapp
Delete a system group
You can delete a system group in the same way as a normal group
sudo delgroup sysgroup