create and delete user examples in Red Hat and CentOS

In this tutorial we will learn about creating and deleting the user in Red Hat and CentOS.
In this post we will explore the useradd and userdel commands.

Basic command to create user

In Red Hat and CentOS,create a user and set password as per given below command

useradd user-login-name

passwd user-login-name

Now, lets see what happen when you simply use the useradd command in Red Hat and CentOS.
Here I am taking an eg. of creating a user called sharad

[root@localhost ~]# cat /etc/issue
CentOS release 6.4 (Final)
Kernel r on an m

[root@localhost ~]# 
[root@localhost ~]# useradd sharad
[root@localhost ~]# 
[root@localhost ~]# grep sharad /etc/passwd
sharad:x:500:500::/home/sharad:/bin/bash
[root@localhost ~]# 
[root@localhost ~]# grep sharad /etc/group
sharad:x:500:
[root@localhost ~]# 
[root@localhost ~]# id sharad
uid=500(sharad) gid=500(sharad) groups=500(sharad)
[root@localhost ~]# 
[root@localhost ~]# ls -ld /home/sharad/
drwx------ 2 sharad sharad 4096 Jul 17 20:35 /home/sharad/
[root@localhost ~]#
[root@localhost ~]# grep sharad /etc/shadow
sharad:!!:15903:0:99999:7:::
[root@localhost ~]# 


When we create a user by using command “useradd sharad”,the following things are happened

  • Same name of group is created , here new group name is sharad and user called sharad is member of it. Means sharad user is member of group called sharad
  • The user’s home directory of user called sharad is created in /home , see the command ls -ld /home/sharad
  • User sharad got a login shell /bin/bash which you can find by using command grep sharad /etc/passwd
  • In Red Hat and CentOS,when first user is created the uid and gid starts with 500 (uid= user id and gid= group id)
  • We have not set the password for user sharad,hence some content is missing in output of command “grep sharad /etc/shadow”

  • Explore default options of useradd command

    To find default options of useradd,use the below given command

    useradd -D 
    
    OR
    
    cat /etc/default/useradd
    

    See the below reference of output

    [root@localhost ~]# useradd -D
    GROUP=100
    HOME=/home
    INACTIVE=-1
    EXPIRE=
    SHELL=/bin/bash
    SKEL=/etc/skel
    CREATE_MAIL_SPOOL=yes
    [root@localhost ~]#

    [root@localhost ~]# cat /etc/default/useradd
    # useradd defaults file
    GROUP=100
    HOME=/home
    INACTIVE=-1
    EXPIRE=
    SHELL=/bin/bash
    SKEL=/etc/skel
    CREATE_MAIL_SPOOL=yes

    [root@localhost ~]#


  • GROUP: Bydefault this option is not taken by useradd command. To get default group as per useradd -D command, you have to use -n option with useradd command. For eg. useradd -n test
    [root@localhost ~]# useradd -n ravi
    [root@localhost ~]# id ravi
    uid=501(ravi) gid=100(users) groups=100(users)
    [root@localhost ~]# 
    

    Now here Question comes, Why UID and GID was 500 when we created the first user called sharad.
    Answer: It get the value from /etc/login.defs file.

    [root@localhost ~]# grep GID_MIN /etc/login.defs
    GID_MIN			  500
    [root@localhost ~]# grep UID_MIN /etc/login.defs
    UID_MIN			  500
    [root@localhost ~]# 
    
  • HOME: This is the default path prefix for the home directory. The user’s home directory will be created as /home/USER-Login-Name.

    Tip: If you set the value CREATE_HOME no in /etc/login.defs file, the home directory of user will not be created.

  • INACTIVE: The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.If not specified, useradd will use the default inactivity period specified by the INACTIVE variable in /etc/default/useradd, or -1 by default.
  • EXPIRE: The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD
  • SHELL: Users login shell.
  • SKEL: Contents inside skel directory will be copied to the users home directory.

    See in below reference the newly created user’s home directory and /etc/skel contents are same

    [root@localhost ~]# ls -la /etc/skel/
    total 20
    drwxr-xr-x.  2 root root 4096 May 29 23:17 .
    drwxr-xr-x. 63 root root 4096 Jul 17 21:17 ..
    -rw-r--r--.  1 root root   18 Feb 22 03:05 .bash_logout
    -rw-r--r--.  1 root root  176 Feb 22 03:05 .bash_profile
    -rw-r--r--.  1 root root  124 Feb 22 03:05 .bashrc
    [root@localhost ~]# 
    [root@localhost ~]# ls -la /home/sharad/
    total 20
    drwx------  2 sharad sharad 4096 Jul 17 21:01 .
    drwxr-xr-x. 5 root   root   4096 Jul 17 21:17 ..
    -rw-r--r--  1 sharad sharad   18 Feb 22 03:05 .bash_logout
    -rw-r--r--  1 sharad sharad  176 Feb 22 03:05 .bash_profile
    -rw-r--r--  1 sharad sharad  124 Feb 22 03:05 .bashrc
    [root@localhost ~]# 
    
  • CREATE_MAIL_SPOOL: Here the bydefault value is CREATE_MAIL_SPOOL=yes means mail spool directory will be created.

    Question: Where is the mail spool directory
    Answer: It is mentioned in /etc/login.defs file.

    [root@localhost ~]# grep MAIL_DIR /etc/login.defs |grep spool
    MAIL_DIR	/var/spool/mail
    [root@localhost ~]#
    
  • How to change default value of useradd command

    You can also change the default value of useradd

    Method 1 :
    By using command line

    examples:

    For changing default shell use command useradd -D -s /shell/path

    [root@localhost ~]# useradd -D -s /bin/sh
    You have new mail in /var/spool/mail/root
    [root@localhost ~]# useradd -D
    GROUP=100
    HOME=/home
    INACTIVE=-1
    EXPIRE=
    SHELL=/bin/sh
    SKEL=/etc/skel
    CREATE_MAIL_SPOOL=yes
    [root@localhost ~]# 
    
    


    For Changing Default Home Directory,use command useradd -D -b /new/home_dir/path

    [root@localhost ~]# mkdir /new_home
    [root@localhost ~]# useradd -D -b /new_home
    [root@localhost ~]# 
    [root@localhost ~]# useradd -D
    GROUP=100
    HOME=/new_home
    INACTIVE=-1
    EXPIRE=
    SHELL=/bin/sh
    SKEL=/etc/skel
    CREATE_MAIL_SPOOL=yes
    [root@localhost ~]# 
    
    

    Likewise you can also do other changes.

    Method 2: By editing /etc/default/useradd .

    vi /etc/default/useradd
    
    # useradd defaults file
    GROUP=100
    HOME=/new_home
    INACTIVE=-1
    EXPIRE=
    SHELL=/bin/sh
    SKEL=/etc/skel
    CREATE_MAIL_SPOOL=yes
    

    Using useradd command with many options

    (1) Changing login shell at useradd command. Bydefault the login shell is /bin/bash
    Use -s with useradd command

    [root@localhost ~]# useradd -s /bin/sh testuser
    [root@localhost ~]# 
    [root@localhost ~]# grep testuser /etc/passwd
    testuser:x:502:502::/home/testuser:/bin/sh
    [root@localhost ~]# 
    

    (2) Changing default home directory to other path.
    Use -d option here, useradd -d /Path/username username

    [root@localhost ~]# mkdir /new_home
    [root@localhost ~]# useradd -d /new_home/joe joe
    [root@localhost ~]# ls /new_home/
    joe
    [root@localhost ~]# ls /new_home/joe/
    [root@localhost ~]# ls -ld /new_home/joe/
    drwx------ 2 joe joe 4096 Jul 17 23:04 /new_home/joe/
    [root@localhost ~]# 
    
    

    (3) Changing userid , use -u option here

    [root@localhost ~]# useradd -u 600  john
    [root@localhost ~]# id john
    uid=600(john) gid=600(john) groups=600(john)
    [root@localhost ~]# 
    
    

    (3) Changing group id with useradd command, use -g option.
    Note 1: Group must already exist so that we can use its GID. See below example.
    GID of hr group is 601

    Note 2: hr group has GID 600 . User tester taken bydefault UID 601 also because there was no user exist with this UID. If exist than it would get the different UID as per increment pattern.

    [root@localhost ~]# groupadd hr
    [root@localhost ~]# 
    [root@localhost ~]# grep hr /etc/group
    hr:x:601:
    [root@localhost ~]# useradd -u 550 -g 601 roger
    [root@localhost ~]# id roger
    uid=550(roger) gid=601(hr) groups=601(hr)
    [root@localhost ~]# 
    [root@localhost ~]# useradd -g 601 tester
    [root@localhost ~]# id tester
    uid=601(tester) gid=601(hr) groups=601(hr)
    [root@localhost ~]#
    

    (4) You can use available options in single line. Here I have added -c for GECOS or comment
    See below example

    [root@localhost ~]# useradd -c "linux system admin" -u 700 -g 601 -s /bin/sh -d /new_home/sharadchhetri sharadchhetri[root@localhost ~]# id sharadchhetri
    uid=700(sharadchhetri) gid=601(hr) groups=601(hr)
    [root@localhost ~]# grep sharadchhetri /etc/passwd
    sharadchhetri:x:700:601:linux system admin:/new_home/sharadchhetri:/bin/sh
    [root@localhost ~]# 
    
    

    (5) Set password in single line with -p option. But here you have to get encrypt passwd.

    useradd -p #$#@encrypted@#$ username

    see below example how you will do. Here I will use the password PaaSS2ord

    Get encrypted password by using command openssl

    [root@localhost ~]# openssl passwd -crypt
    Password: 
    Verifying - Password: 
    Warning: truncating password to 8 characters
    gYqytYyfGxwII
    [root@localhost ~]# 
    

    after using openssl command we get the encrypted value of PaaSS2ord as gYqytYyfGxwII
    Now use this value with -p option

    [root@localhost ~]# useradd -p 'gYqytYyfGxwII' testred
    

    You can check by login user testred using the password PaaSS2ord

    Below given are options which you can use with useradd command

    [root@localhost ~]# useradd --help
    Usage: useradd [options] LOGIN
    
    Options:
      -b, --base-dir BASE_DIR       base directory for the home directory of the
                                    new account
      -c, --comment COMMENT         GECOS field of the new account
      -d, --home-dir HOME_DIR       home directory of the new account
      -D, --defaults                print or change default useradd configuration
      -e, --expiredate EXPIRE_DATE  expiration date of the new account
      -f, --inactive INACTIVE       password inactivity period of the new account
      -g, --gid GROUP               name or ID of the primary group of the new
                                    account
      -G, --groups GROUPS           list of supplementary groups of the new
                                    account
      -h, --help                    display this help message and exit
      -k, --skel SKEL_DIR           use this alternative skeleton directory
      -K, --key KEY=VALUE           override /etc/login.defs defaults
      -l, --no-log-init             do not add the user to the lastlog and
                                    faillog databases
      -m, --create-home             create the user's home directory
      -M, --no-create-home          do not create the user's home directory
      -N, --no-user-group           do not create a group with the same name as
                                    the user
      -o, --non-unique              allow to create users with duplicate
                                    (non-unique) UID
      -p, --password PASSWORD       encrypted password of the new account
      -r, --system                  create a system account
      -s, --shell SHELL             login shell of the new account
      -u, --uid UID                 user ID of the new account
      -U, --user-group              create a group with the same name as the user
      -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
    
    [root@localhost ~]# 
    
    

    Delete User in Red hat and CentOS

    (1) To delete the user ,use below given command

    userdel username
    

    Note: The above command will not remove user’s home directory and mail spool

    (2) Delete user with its home directory and mail spool. Use option -r

    userdel -r username
    

    Other options which you can also use

    [root@localhost ~]# userdel --help
    Usage: userdel [options] LOGIN
    
    Options:
      -f, --force                   force removal of files,
                                    even if not owned by user
      -h, --help                    display this help message and exit
      -r, --remove                  remove home directory and mail spool
      -Z, --selinux-user            remove SELinux user from SELinux user mapping
    
    [root@localhost ~]# 
    

    Read Some More Articles

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.