A CentOS Linux user account created to provide security barriers between various apps and other users of the systems. For example, Apache or Nginx server runs as www-data user. Webmasters can upload files using another user called ftp. By separating them, you can improve the security of your system. This page explains how to create, modify, and delete user accounts on a CentOS Linux 7/8 server.
Create a new user account in CentOS Linux 7/8
The procedure is as follows for creating a new user account on CentOS Linux:
- Use useradd command to add a new user account on a CentOS 7 or 8.
- Run passwd command to set up or change user password.
- Delete user account by typing the userdel command in CentOS.
- To modify user account use usermod command.
- To view user account information use id command.
Important files
Above commands modify the following files to create or delete user accounts:
Do not modify the following files using a text editor such as vim or nano to avoid misconfiguration.
- /etc/passwd – The password file contains one line for each user account.
- /etc/shadow – Password in encrpted format for the system’s accounts and optional aging (password expiration date) information.
- /etc/group – User group information.
Let us see all commands and examples in details.
Display a list of all Linux user account
The /etc/passwd file contains one line for each user account, with seven fields delimited by colons. Type cat command to list users:
cat /etc/passwd
id
id userName
id root
id vivek
Sample outputs:
uid=1000(vivek) gid=1000(vivek) groups=1000(vivek),4(adm),24(cdrom),27(sudo)
Finally, use the ls command to see the owner and group of a file named /etc/hosts:
ls -l /path/to/file
ls -l /home/vivek/Documents/resume.pdf
ls -l /etc/hosts
Run the ps command/top command to see owner of process:
ps
top
htop
top -u vivek
ps -au
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND gdm 1732 0.0 0.0 163872 6516 tty1 Ssl+ 12:34 0:00 /usr/lib/gdm3/gdm-x-session gnome-session --autostart /usr/share/gdm/greeter/autostart root 1734 0.0 0.2 253836 86628 tty1 Sl+ 12:34 0:03 /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/126/gdm/Xauthority -background none -noreset -keeptty -verbose 3 gdm 1825 0.0 0.0 263512 14224 tty1 Sl+ 12:34 0:00 /usr/lib/gnome-session/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart vivek 2128 0.0 0.0 163872 6468 tty2 Ssl+ 12:35 0:00 /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu root 2130 1.5 0.4 307212 138348 tty2 Sl+ 12:35 8:38 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3 vivek 5052 0.0 0.0 19752 12936 pts/1 Ss+ 12:39 0:06 /usr/bin/ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost y vivek 24020 0.0 0.0 11144 5732 pts/4 Ss 21:13 0:00 bash vivek 24961 0.0 0.0 14648 6784 pts/4 S+ 21:17 0:00 ssh aws-ls.laws-v-zone-a-www-001 vivek 24995 0.0 0.0 14672 6896 pts/5 S+ 21:18 0:00 ssh vivek@do-de.public vivek 25204 0.0 0.0 11012 5156 pts/2 Ss 21:20 0:00 bash vivek 25210 0.0 0.1 414796 40568 pts/2 Sl+ 21:20 0:00 gpass
See how to “Show All Running Processes in Linux using ps/htop commands” for more information.
Creating a new CentOS user account from the command line
The syntax is:
sudo useradd userName
sudo useradd [options] userName
Examples
Create the vivek user account, run:
sudo adduser vivek
Verify it:
id vivek
Or use the grep command as follows:
grep -w '^vivek' /etc/passwd
grep -w '^vivek' /etc/group
Finally, set or change the password for vivek user by typing the following passwd command:
sudo passwd vivek
A new user account was created. Next, verify it by log in using the ssh command:
ssh vivek@your-centos-8-server-ip
Deleting user account in CentOS Linux 7/8
The syntax is:
sudo userdel {userName}
sudo userdel -r {UserName}
The -r option remove home directory and mail spool of given user account. So make a backup if you need user data. Let us delete the vivek user along with all personal data:
sudo userdel -r vivek
Verify that the user vivek is successfully deleted from CentOS server:
id vivek
grep -w '^vivek' /etc/passwd
grep -w '^vivek' /etc/group
Advance examples
Let us create a new accout named www-files as follows:
$ sudo useradd -d /home/www-files -m \
-c "Nginx file and sftp user" \
-s /bin/bash www-files
$ sudo passwd www-files
$ id www-files
Where,
- -d /home/www-files : Home directory is /home/www-files of the new account
- -m : Create the user’s home directory
- -c "Nginx file and sftp user" : Set up GECOS field of the new account (comment)
- -s /bin/bash : Set login shell of the new account
- www-files : Login/Username
How to modify user accounts
You need to usermod as follows:
usermod [options] {username}
Please note that the user account must exists in order to use usermod. Let us see some common examples.
Set new value of the GECOS field (comment
sudo usermod -c "Vivek Gite" vivek
## verification ##
grep -w 'vivek' /etc/passwd
Update home directory location for the user account
Change /home/vivek to /home/ftpvivek, run:
sudo usermod -d /home/ftpvivek -m vivek
Lock the user account
sudo usermod -L vivek
Unlock the user account
sudo usermod -U vivek
Create a Sudo User on CentOS
All members of the wheel group have sudo access. So all you have to do is append user account to the wheel group as follows:
sudo usermod -aG wheel {username}
##
## add vivek user to wheel group for sudo access ##
##
sudo usermod -aG wheel vivek
id vivek
Next, login as vivek user and test sudo access:
{vivek@my-centos8-box:~ }$ sudo ls /root/
{vivek@my-centos8-box:~ }$ sudo -s
{root@my-centos8-box:~ }#
See “Linux Add User To Group” for more info.
Linux Change or Rename User Name and UID (user-id)
sudo usermod -l login-name old-name
# rename 'vivekg' user to 'vivek' #
sudo usermod -l vivek vivekg
See “How to Change a USER and GROUP ID on Linux For All Owned Files” for more info.
Getting help
Use man command or pass the --help as follows:
usermod command
Run:
man 8 usermod
usermod --help
Options | Description |
---|---|
-c OR --comment | COMMENT new value of the GECOS field |
-d OR --home | HOME_DIR new home directory for the user account |
-e OR --expiredate | EXPIRE_DATE set account expiration date to EXPIRE_DATE |
-f OR --inactive | INACTIVE set password inactive after expiration to INACTIVE |
-g OR --gid | GROUP force use GROUP as new primary group |
-G OR --groups | GROUPS new list of supplementary GROUPS |
-a OR --append | append the user to the supplemental GROUPS mentioned by the -G option without removing the user from other groups |
-h OR --help | display this help message and exit |
-l OR --login | NEW_LOGIN new value of the login name |
-L OR --lock | lock the user account |
-m OR --move-home | move contents of the home directory to the new location (use only with -d) |
-o OR --non-unique | allow using duplicate (non-unique) UID |
-p OR --password | PASSWORD use encrypted password for the new password |
-R OR --root | CHROOT_DIR directory to chroot into |
-P OR --prefix | PREFIX_DIR prefix directory where are located the /etc/* files |
-s OR --shell | SHELL new login shell for the user account |
-u OR --uid | UID new UID for the user account |
-U OR --unlock | unlock the user account |
-v OR --add-subuids | FIRST-LAST add range of subordinate uids |
-V OR --del-subuids | FIRST-LAST remove range of subordinate uids |
-w OR --add-subgids | FIRST-LAST add range of subordinate gids |
-W OR --del-subgids | FIRST-LAST remove range of subordinate gids |
-Z OR --selinux-user | SEUSER new SELinux user mapping for the user account |
passwd command
Execute:
man 8 passwd
passwd --help
Options | Description |
---|---|
-k OR --keep-tokens | keep non-expired authentication tokens |
-d OR --delete | delete the password for the named account (root only); also removes password lock if any |
-l OR --lock | lock the password for the named account (root only) |
-u OR --unlock | unlock the password for the named account (root only) |
-e OR --expire | expire the password for the named account (root only) |
-f OR --force | force operation |
-x OR --maximum=DAYS | maximum password lifetime (root only) |
-n OR --minimum=DAYS | minimum password lifetime (root only) |
-w OR --warning=DAYS | number of days warning users receives before password expiration (root only) |
-i OR --inactive=DAYS | number of days after password expiration when an account becomes disabled (root only) |
-S OR --status | report password status on the named account (root only) |
--stdin OR read | new tokens from stdin (root only) |
useradd command
Type:
man 8 useradd
useradd --help
Options | Description |
---|---|
-b OR --base-dir | BASE_DIR base directory for the home directory of the new account |
-c OR --comment | COMMENT GECOS field of the new account |
-d OR --home-dir | HOME_DIR home directory of the new account |
-D OR --defaults | print or change default useradd configuration |
-e OR --expiredate | EXPIRE_DATE expiration date of the new account |
-f OR --inactive | INACTIVE password inactivity period of the new account |
-g OR --gid | GROUP name or ID of the primary group of the new account |
-G OR --groups | GROUPS list of supplementary groups of the new account |
-h OR --help | display this help message and exit |
-k OR --skel | SKEL_DIR use this alternative skeleton directory |
-K OR --key | KEY=VALUE override /etc/login.defs defaults |
-l OR --no-log-init | do not add the user to the lastlog and faillog databases |
-m OR --create-home | create the user’s home directory |
-M OR --no-create-home | do not create the user’s home directory |
-N OR --no-user-group | do not create a group with the same name as the user |
-o OR --non-unique | allow to create users with duplicate (non-unique) UID |
-p OR --password | PASSWORD encrypted password of the new account |
-r OR --system | create a system account |
-R OR --root | CHROOT_DIR directory to chroot into |
-P OR --prefix | PREFIX_DIR prefix directory where are located the /etc/* files |
-s OR --shell | SHELL login shell of the new account |
-u OR --uid | UID user ID of the new account |
-U OR --user-group | create a group with the same name as the user |
-Z OR --selinux-user | SEUSER use a specific SEUSER for the SELinux user mapping |
Conclusion
You learned how to create a new user account and modify or delete user them on CentOS Enterprise Linux 7 or 8. See CentOS/RHEL 8 docs here for more info.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 1 comment... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Comments on this entry are closed.
Have a question or comment? Post it on the forum thread here.