Though Fedora / Redhat / CentOS comes with several nice options to graphically manage users, there are times where command line administration may be in order.



The command line can do nearly everything the graphical interface can be do using the following commands:
id, useradd, usermod, userdel, groupadd, groupdel, groupmod, passwd


User info

The id command prints information for a certain user.

# id username

Create a user

To create a new user:

# useradd -c "FirstName MiddleName LastName" username
# passwd username

The created user is initially in an inactive state. In order to set the user to an active state, you must use the passwd command.

Useful useradd options include the following:
-c : sets a comment for the user.
-s : is used in order to define the user’s default login shell. If not used, then the system’s default shell becomes the user’s default login shell.
-r : creates a user with UID above 500 (system account)
-d : sets the user’s home directory. If not used, the default home directory is created (/home/username/)
-M : the home directory is not created. This is useful when the directory already exists.

To create a user that does not have the ability to login to a shell, issue the following commands:

# useradd -c "This user cannot login to a shell" -s /sbin/nologin username
# passwd username

Change the user’s password

To change a user’s password:

# passwd username

If it’s used without specifying a username, then the currently logged in user’s password is changed.

Add a user to a group

Usermod is used to modify a user account’s settings. Check the man page for all the available options. One useful use of this command is to add a user to a group:

# usermod -a -G group1 username

The -a option is critical. The user is added to group1 while he continues to be a member of other groups. If it’s not used, then the user is added only to group1 and removed from all other groups.

Remove a user from a group

Removing a user from a group is a bit trickier. Unfortunately, there is no direct command, at least not in Fedora or RHEL, that can do that from command line. At first you need to get a list of groups that your user is a member of:

# id -nG username
group anthergroup group3 ....

Then you need to put all these groups as a comma-separated list to the usermod -G option, except for the group from which you want the user to be removed. So, to remove the user from group2, issue the command:

# usermod -G group1,group3,... username

Lock and Unlock user accounts

Other common usermod uses are to lock and unlock user accounts. To lock out a user:

# usermod -L username

To unlock the user:

# usermod -U username

Delete a user

Userdel is used to delete a user account.

The -r option is used then the user’s home directory and mail spool will be deleted :

# userdel -r username

Create a new group

To create a new group, issue the command:

# groupadd groupname

The -r option can be used to create a group with GID<500 (system).

Change a group’s name

Groupmod can be used to change a group name:

# groupmod -n newgroupname groupname

Delete a group

Groupdel can delete a group:

# groupdel groupname