How to Create a new user account in CentOS 7/8

How do I create a new user account on CentOS 7/8 Linux server using command-line options? How do I create a new user account with sudo access on CentOS 8 Linux server?

A CentOS Linux user account created to provide security barriers between various apps and other users of the systems. For example, Apache or Nginx server runs as www-data user. Webmasters can upload files using another user called ftp. By separating them, you can improve the security of your system. This page explains how to create, modify, and delete user accounts on a CentOS Linux 7/8 server.

Create a new user account in CentOS Linux 7/8

The procedure is as follows for creating a new user account on CentOS Linux:

Use useradd command to add a new user account on a CentOS 7 or 8.
Run passwd command to set up or change user password.
Delete user account by typing the userdel command in CentOS.
To modify user account use usermod command.
To view user account information use id command.

Important files

Above commands modify the following files to create or delete user accounts:

Do not modify the following files using a text editor such as vim or nano to avoid misconfiguration.

/etc/passwd – The password file contains one line for each user account.
/etc/shadow – Password in encrpted format for the system’s accounts and optional aging (password expiration date) information.
/etc/group – User group information.

Let us see all commands and examples in details.

Display a list of all Linux user account

The /etc/passwd file contains one line for each user account, with seven fields delimited by colons. Type cat command to list users:
cat /etc/passwd

Want to see information about the currently logged-in user? Type id command:

id

id userName

id root

id vivek

Sample outputs:

uid=1000(vivek) gid=1000(vivek) groups=1000(vivek),4(adm),24(cdrom),27(sudo)

Finally, use the ls command to see the owner and group of a file named /etc/hosts:
ls -l /path/to/file ls -l /home/vivek/Documents/resume.pdf ls -l /etc/hosts
Run the ps command/top command to see owner of process:
ps top htop top -u vivek ps -au

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
gdm       1732  0.0  0.0 163872  6516 tty1     Ssl+ 12:34   0:00 /usr/lib/gdm3/gdm-x-session gnome-session --autostart /usr/share/gdm/greeter/autostart
root      1734  0.0  0.2 253836 86628 tty1     Sl+  12:34   0:03 /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/126/gdm/Xauthority -background none -noreset -keeptty -verbose 3
gdm       1825  0.0  0.0 263512 14224 tty1     Sl+  12:34   0:00 /usr/lib/gnome-session/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart
vivek     2128  0.0  0.0 163872  6468 tty2     Ssl+ 12:35   0:00 /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
root      2130  1.5  0.4 307212 138348 tty2    Sl+  12:35   8:38 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3
vivek     5052  0.0  0.0  19752 12936 pts/1    Ss+  12:39   0:06 /usr/bin/ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost y
vivek    24020  0.0  0.0  11144  5732 pts/4    Ss   21:13   0:00 bash
vivek    24961  0.0  0.0  14648  6784 pts/4    S+   21:17   0:00 ssh aws-ls.laws-v-zone-a-www-001
vivek    24995  0.0  0.0  14672  6896 pts/5    S+   21:18   0:00 ssh vivek@do-de.public
vivek    25204  0.0  0.0  11012  5156 pts/2    Ss   21:20   0:00 bash
vivek    25210  0.0  0.1 414796 40568 pts/2    Sl+  21:20   0:00 gpass

See how to “Show All Running Processes in Linux using ps/htop commands” for more information.

Creating a new CentOS user account from the command line

The syntax is:
sudo useradd userName sudo useradd [options] userName

Examples

Create the vivek user account, run:
sudo adduser vivek
Verify it:
id vivek
Or use the grep command as follows:
grep -w '^vivek' /etc/passwd grep -w '^vivek' /etc/group
Finally, set or change the password for vivek user by typing the following passwd command:
sudo passwd vivek
Create new user account in centos linux
A new user account was created. Next, verify it by log in using the ssh command:
ssh vivek@your-centos-8-server-ip

Deleting user account in CentOS Linux 7/8

The syntax is:
sudo userdel {userName} sudo userdel -r {UserName}
The -r option remove home directory and mail spool of given user account. So make a backup if you need user data. Let us delete the vivek user along with all personal data:
sudo userdel -r vivek
Verify that the user vivek is successfully deleted from CentOS server:
id vivek grep -w '^vivek' /etc/passwd grep -w '^vivek' /etc/group
Delete remove user account on CentOS Linux

Advance examples

Let us create a new accout named www-files as follows:
$ sudo useradd -d /home/www-files -m \ -c "Nginx file and sftp user" \ -s /bin/bash www-files $ sudo passwd www-files $ id www-files
Where,

-d /home/www-files : Home directory is /home/www-files of the new account
-m : Create the user’s home directory
-c "Nginx file and sftp user" : Set up GECOS field of the new account (comment)
-s /bin/bash : Set login shell of the new account
www-files : Login/Username

How to modify user accounts

You need to usermod as follows:
usermod [options] {username}
Please note that the user account must exists in order to use usermod. Let us see some common examples.

Set new value of the GECOS field (comment

sudo usermod -c "Vivek Gite" vivek ## verification ## grep -w 'vivek' /etc/passwd

Update home directory location for the user account

Change /home/vivek to /home/ftpvivek, run:
sudo usermod -d /home/ftpvivek -m vivek

Lock the user account

sudo usermod -L vivek

Unlock the user account

sudo usermod -U vivek

Create a Sudo User on CentOS

All members of the wheel group have sudo access. So all you have to do is append user account to the wheel group as follows:
sudo usermod -aG wheel {username} ## ## add vivek user to wheel group for sudo access ## ## sudo usermod -aG wheel vivek id vivek
Next, login as vivek user and test sudo access:
{vivek@my-centos8-box:~ }$ sudo ls /root/ {vivek@my-centos8-box:~ }$ sudo -s {root@my-centos8-box:~ }#
See “Linux Add User To Group” for more info.

Linux Change or Rename User Name and UID (user-id)

sudo usermod -l login-name old-name # rename 'vivekg' user to 'vivek' # sudo usermod -l vivek vivekg
See “How to Change a USER and GROUP ID on Linux For All Owned Files” for more info.

Getting help

Use man command or pass the --help as follows:

usermod command

Run:
man 8 usermod usermod --help

Options	Description
`-c` OR `--comment`	COMMENT new value of the GECOS field
`-d` OR `--home`	HOME_DIR new home directory for the user account
`-e` OR `--expiredate`	EXPIRE_DATE set account expiration date to EXPIRE_DATE
`-f` OR `--inactive`	INACTIVE set password inactive after expiration to INACTIVE
`-g` OR `--gid`	GROUP force use GROUP as new primary group
`-G` OR `--groups`	GROUPS new list of supplementary GROUPS
`-a` OR `--append`	append the user to the supplemental GROUPS mentioned by the -G option without removing the user from other groups
`-h` OR `--help`	display this help message and exit
`-l` OR `--login`	NEW_LOGIN new value of the login name
`-L` OR `--lock`	lock the user account
`-m` OR `--move-home`	move contents of the home directory to the new location (use only with -d)
`-o` OR `--non-unique`	allow using duplicate (non-unique) UID
`-p` OR `--password`	PASSWORD use encrypted password for the new password
`-R` OR `--root`	CHROOT_DIR directory to chroot into
`-P` OR `--prefix`	PREFIX_DIR prefix directory where are located the /etc/* files
`-s` OR `--shell`	SHELL new login shell for the user account
`-u` OR `--uid`	UID new UID for the user account
`-U` OR `--unlock`	unlock the user account
`-v` OR `--add-subuids`	FIRST-LAST add range of subordinate uids
`-V` OR `--del-subuids`	FIRST-LAST remove range of subordinate uids
`-w` OR `--add-subgids`	FIRST-LAST add range of subordinate gids
`-W` OR `--del-subgids`	FIRST-LAST remove range of subordinate gids
`-Z` OR `--selinux-user`	SEUSER new SELinux user mapping for the user account

passwd command

Execute:
man 8 passwd passwd --help

Options	Description
`-k` OR `--keep-tokens`	keep non-expired authentication tokens
`-d` OR `--delete`	delete the password for the named account (root only); also removes password lock if any
`-l` OR `--lock`	lock the password for the named account (root only)
`-u` OR `--unlock`	unlock the password for the named account (root only)
`-e` OR `--expire`	expire the password for the named account (root only)
`-f` OR `--force`	force operation
`-x` OR `--maximum=DAYS`	maximum password lifetime (root only)
`-n` OR `--minimum=DAYS`	minimum password lifetime (root only)
`-w` OR `--warning=DAYS`	number of days warning users receives before password expiration (root only)
`-i` OR `--inactive=DAYS`	number of days after password expiration when an account becomes disabled (root only)
`-S` OR `--status`	report password status on the named account (root only)
`--stdin` OR `read`	new tokens from stdin (root only)

useradd command

Type:
man 8 useradd useradd --help

Options	Description
`-b` OR `--base-dir`	BASE_DIR base directory for the home directory of the new account
`-c` OR `--comment`	COMMENT GECOS field of the new account
`-d` OR `--home-dir`	HOME_DIR home directory of the new account
`-D` OR `--defaults`	print or change default useradd configuration
`-e` OR `--expiredate`	EXPIRE_DATE expiration date of the new account
`-f` OR `--inactive`	INACTIVE password inactivity period of the new account
`-g` OR `--gid`	GROUP name or ID of the primary group of the new account
`-G` OR `--groups`	GROUPS list of supplementary groups of the new account
`-h` OR `--help`	display this help message and exit
`-k` OR `--skel`	SKEL_DIR use this alternative skeleton directory
`-K` OR `--key`	KEY=VALUE override /etc/login.defs defaults
`-l` OR `--no-log-init`	do not add the user to the lastlog and faillog databases
`-m` OR `--create-home`	create the user’s home directory
`-M` OR `--no-create-home`	do not create the user’s home directory
`-N` OR `--no-user-group`	do not create a group with the same name as the user
`-o` OR `--non-unique`	allow to create users with duplicate (non-unique) UID
`-p` OR `--password`	PASSWORD encrypted password of the new account
`-r` OR `--system`	create a system account
`-R` OR `--root`	CHROOT_DIR directory to chroot into
`-P` OR `--prefix`	PREFIX_DIR prefix directory where are located the /etc/* files
`-s` OR `--shell`	SHELL login shell of the new account
`-u` OR `--uid`	UID user ID of the new account
`-U` OR `--user-group`	create a group with the same name as the user
`-Z` OR `--selinux-user`	SEUSER use a specific SEUSER for the SELinux user mapping

Conclusion

You learned how to create a new user account and modify or delete user them on CentOS Enterprise Linux 7 or 8. See CentOS/RHEL 8 docs here for more info.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

nixCraft