How to Create a new user account in CentOS 7/8

last updated in Categories , ,

How do I create a new user account on CentOS 7/8 Linux server using command-line options? How do I create a new user account with sudo access on CentOS 8 Linux server?

A CentOS Linux user account created to provide security barriers between various apps and other users of the systems. For example, Apache or Nginx server runs as www-data user. Webmasters can upload files using another user called ftp. By separating them, you can improve the security of your system. This page explains how to create, modify, and delete user accounts on a CentOS Linux 7/8 server.

Create a new user account in CentOS Linux 7/8

The procedure is as follows for creating a new user account on CentOS Linux:

  1. Use useradd command to add a new user account on a CentOS 7 or 8.
  2. Run passwd command to set up or change user password.
  3. Delete user account by typing the userdel command in CentOS.
  4. To modify user account use usermod command.
  5. To view user account information use id command.

Important files

Above commands modify the following files to create or delete user accounts:

Do not modify the following files using a text editor such as vim or nano to avoid misconfiguration.

Let us see all commands and examples in details.

Display a list of all Linux user account

The /etc/passwd file contains one line for each user account, with seven fields delimited by colons. Type cat command to list users:
cat /etc/passwd

How to List Users in Linux
How to List Users in Linux

Want to see information about the currently logged-in user? Type id command:
id
id userName
id root
id vivek

Sample outputs:

uid=1000(vivek) gid=1000(vivek) groups=1000(vivek),4(adm),24(cdrom),27(sudo)

Finally, use the ls command to see the owner and group of a file named /etc/hosts:
ls -l /path/to/file
ls -l /home/vivek/Documents/resume.pdf
ls -l /etc/hosts

Run the ps command/top command to see owner of process:
ps
top
htop
top -u vivek
ps -au

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
gdm       1732  0.0  0.0 163872  6516 tty1     Ssl+ 12:34   0:00 /usr/lib/gdm3/gdm-x-session gnome-session --autostart /usr/share/gdm/greeter/autostart
root      1734  0.0  0.2 253836 86628 tty1     Sl+  12:34   0:03 /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/126/gdm/Xauthority -background none -noreset -keeptty -verbose 3
gdm       1825  0.0  0.0 263512 14224 tty1     Sl+  12:34   0:00 /usr/lib/gnome-session/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
vivek     2128  0.0  0.0 163872  6468 tty2     Ssl+ 12:35   0:00 /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
root      2130  1.5  0.4 307212 138348 tty2    Sl+  12:35   8:38 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3
vivek     5052  0.0  0.0  19752 12936 pts/1    Ss+  12:39   0:06 /usr/bin/ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost y
vivek    24020  0.0  0.0  11144  5732 pts/4    Ss   21:13   0:00 bash
vivek    24961  0.0  0.0  14648  6784 pts/4    S+   21:17   0:00 ssh aws-ls.laws-v-zone-a-www-001
vivek    24995  0.0  0.0  14672  6896 pts/5    S+   21:18   0:00 ssh vivek@do-de.public
vivek    25204  0.0  0.0  11012  5156 pts/2    Ss   21:20   0:00 bash
vivek    25210  0.0  0.1 414796 40568 pts/2    Sl+  21:20   0:00 gpass

See how to “Show All Running Processes in Linux using ps/htop commands” for more information.

Creating a new CentOS user account from the command line

The syntax is:
sudo useradd userName
sudo useradd [options] userName

Examples

Create the vivek user account, run:
sudo adduser vivek
Verify it:
id vivek
Or use the grep command as follows:
grep -w '^vivek' /etc/passwd
grep -w '^vivek' /etc/group

Finally, set or change the password for vivek user by typing the following passwd command:
sudo passwd vivek
Create new user account in centos linux
A new user account was created. Next, verify it by log in using the ssh command:
ssh vivek@your-centos-8-server-ip

Deleting user account in CentOS Linux 7/8

The syntax is:
sudo userdel {userName}
sudo userdel -r {UserName}

The -r option remove home directory and mail spool of given user account. So make a backup if you need user data. Let us delete the vivek user along with all personal data:
sudo userdel -r vivek
Verify that the user vivek is successfully deleted from CentOS server:
id vivek
grep -w '^vivek' /etc/passwd
grep -w '^vivek' /etc/group

Delete remove user account on CentOS Linux

Advance examples

Let us create a new accout named www-files as follows:
$ sudo useradd -d /home/www-files -m \
-c "Nginx file and sftp user" \
-s /bin/bash www-files
$ sudo passwd www-files
$ id www-files

Where,

  • -d /home/www-files : Home directory is /home/www-files of the new account
  • -m : Create the user’s home directory
  • -c "Nginx file and sftp user" : Set up GECOS field of the new account (comment)
  • -s /bin/bash : Set login shell of the new account
  • www-files : Login/Username

How to modify user accounts

You need to usermod as follows:
usermod [options] {username}
Please note that the user account must exists in order to use usermod. Let us see some common examples.

Set new value of the GECOS field (comment

sudo usermod -c "Vivek Gite" vivek
## verification ##
grep -w 'vivek' /etc/passwd

Update home directory location for the user account

Change /home/vivek to /home/ftpvivek, run:
sudo usermod -d /home/ftpvivek -m vivek

Lock the user account

sudo usermod -L vivek

Unlock the user account

sudo usermod -U vivek

Create a Sudo User on CentOS

All members of the wheel group have sudo access. So all you have to do is append user account to the wheel group as follows:
sudo usermod -aG wheel {username}
##
## add vivek user to wheel group for sudo access ##
##
sudo usermod -aG wheel vivek
id vivek

Next, login as vivek user and test sudo access:
{vivek@my-centos8-box:~ }$ sudo ls /root/
{vivek@my-centos8-box:~ }$ sudo -s
{root@my-centos8-box:~ }#

See “Linux Add User To Group” for more info.

Linux Change or Rename User Name and UID (user-id)

sudo usermod -l login-name old-name
# rename 'vivekg' user to 'vivek' #
sudo usermod -l vivek vivekg

See “How to Change a USER and GROUP ID on Linux For All Owned Files” for more info.

Getting help

Use man command or pass the --help as follows:

usermod command

Run:
man 8 usermod
usermod --help

OptionsDescription
-c OR --comment COMMENT new value of the GECOS field
-d OR --home HOME_DIR new home directory for the user account
-e OR --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f OR --inactive INACTIVE set password inactive after expiration to INACTIVE
-g OR --gid GROUP force use GROUP as new primary group
-G OR --groups GROUPS new list of supplementary GROUPS
-a OR --append append the user to the supplemental GROUPS mentioned by the -G option without removing the user from other groups
-h OR --help display this help message and exit
-l OR --login NEW_LOGIN new value of the login name
-L OR --lock lock the user account
-m OR --move-home move contents of the home directory to the new location (use only with -d)
-o OR --non-unique allow using duplicate (non-unique) UID
-p OR --password PASSWORD use encrypted password for the new password
-R OR --root CHROOT_DIR directory to chroot into
-P OR --prefix PREFIX_DIR prefix directory where are located the /etc/* files
-s OR --shell SHELL new login shell for the user account
-u OR --uid UID new UID for the user account
-U OR --unlock unlock the user account
-v OR --add-subuids FIRST-LAST add range of subordinate uids
-V OR --del-subuids FIRST-LAST remove range of subordinate uids
-w OR --add-subgids FIRST-LAST add range of subordinate gids
-W OR --del-subgids FIRST-LAST remove range of subordinate gids
-Z OR --selinux-user SEUSER new SELinux user mapping for the user account

passwd command

Execute:
man 8 passwd
passwd --help

OptionsDescription
-k OR --keep-tokens keep non-expired authentication tokens
-d OR --delete delete the password for the named account (root only); also removes password lock if any
-l OR --lock lock the password for the named account (root only)
-u OR --unlock unlock the password for the named account (root only)
-e OR --expire expire the password for the named account (root only)
-f OR --force force operation
-x OR --maximum=DAYS maximum password lifetime (root only)
-n OR --minimum=DAYS minimum password lifetime (root only)
-w OR --warning=DAYS number of days warning users receives before password expiration (root only)
-i OR --inactive=DAYS number of days after password expiration when an account becomes disabled (root only)
-S OR --status report password status on the named account (root only)
--stdin OR read new tokens from stdin (root only)

useradd command

Type:
man 8 useradd
useradd --help

OptionsDescription
-b OR --base-dir BASE_DIR base directory for the home directory of the new account
-c OR --comment COMMENT GECOS field of the new account
-d OR --home-dir HOME_DIR home directory of the new account
-D OR --defaults print or change default useradd configuration
-e OR --expiredate EXPIRE_DATE expiration date of the new account
-f OR --inactive INACTIVE password inactivity period of the new account
-g OR --gid GROUP name or ID of the primary group of the new account
-G OR --groups GROUPS list of supplementary groups of the new account
-h OR --help display this help message and exit
-k OR --skel SKEL_DIR use this alternative skeleton directory
-K OR --key KEY=VALUE override /etc/login.defs defaults
-l OR --no-log-init do not add the user to the lastlog and faillog databases
-m OR --create-home create the user’s home directory
-M OR --no-create-home do not create the user’s home directory
-N OR --no-user-group do not create a group with the same name as the user
-o OR --non-unique allow to create users with duplicate (non-unique) UID
-p OR --password PASSWORD encrypted password of the new account
-r OR --system create a system account
-R OR --root CHROOT_DIR directory to chroot into
-P OR --prefix PREFIX_DIR prefix directory where are located the /etc/* files
-s OR --shell SHELL login shell of the new account
-u OR --uid UID user ID of the new account
-U OR --user-group create a group with the same name as the user
-Z OR --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping

Conclusion

You learned how to create a new user account and modify or delete user them on CentOS Enterprise Linux 7 or 8. See CentOS/RHEL 8 docs here for more info.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Start the discussion at www.nixcraft.com

Historical Comment Archive