Linux-Ubuntu | Users
  1. References
  2. Who is logged in (users)
  3. Add a new user (useradd)
  4. Change the user account (usermod)
  5. Delete the user account (userdel)
  6. Hide a user from the login screen
  7. Enable/Disable remote SSH login to a specific user
  1. References
    See this page for more details about user management:
    https://help.ubuntu.com/lts/serverguide/user-management.html
  2. Who is logged in (users)
    Print the user who is currently logged in:
    $ users
mtitek admin
  3. Add a new user (useradd)
    Use the useradd command to add a new user (man useradd):
    Usage: useradd [options] USER

Options:
  -b, --base-dir BASE_DIR       base directory for the home directory of the new account (default "/home")
  -d, --home-dir HOME_DIR       home directory of the new account  (default: "/{BASE_DIR}/{USER}")
  -m, --create-home             create the user's home directory
  -G, --groups GROUPS           list of supplementary groups of the new account
  -s, --shell SHELL             login shell of the new account (/bin/false to stop SSH logins)
  -c, --comment COMMENT         comment
  -e, --expiredate EXPIRE_DATE  expiration date of the new account
  -f, --inactive INACTIVE       password inactivity period of the new account
  -D, --defaults                print or change default useradd configuration

    The command useradd affects two files "/etc/passwd" and "/etc/group".
    Here's how data is structured in these files:
    • /etc/passwd
      $ cat /etc/passwd | grep mtitek
mtitek:x:1000:1000:mtitek:/home/mtitek:/bin/bash

      Where:
      • mtitek: user name.
      • x: Placeholder for password. The password is obtained from the "/etc/shadow" file.
      • 1000: User ID.
      • 1000: Group ID.
      • mtitek: Comment.
      • /home/mtitek: Home directory.
      • /bin/bash: User shell.

    • /etc/group
      $ cat /etc/group | grep mtitek
mtitek:x:1000:mtitek

      Where:
      • mtitek: group name.
      • x: Placeholder for password information. The password is obtained from the "/etc/gshadow" file.
      • 1000: Group ID.
      • mtitek: Commas separated list of users that belong to the group.

    Examples:
    • Print default useradd configuration (defaults are configured in /etc/default/useradd):
      $ useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no

    • Create a user named "mtitek1" with a default group named "mtitek1".
      $ sudo useradd mtitek1

$ cat /etc/passwd | grep mtitek1
mtitek1:x:1003:1004::/home/mtitek1:/bin/sh

$ cat /etc/group | grep mtitek1
mtitek1:x:1004:

    • Create a user named "mtitek1" with a default group named "mtitek1".
      + create the home directory "/home/mtitek1".
      + set the "/bin/bash" as the default shell for the user.
      $ sudo useradd -m -s /bin/bash mtitek1

$ cat /etc/passwd | grep mtitek1
mtitek1:x:1003:1004::/home/mtitek1:/bin/bash

$ cat /etc/group | grep mtitek1
mtitek1:x:1004:

    • Create a user named "mtitek1" with a default group named "mtitek1".
      + create the home directory "/home/mtitek1".
      + assign the user to group "group1" and "group2".
      + set the "/bin/bash" as the default shell for the user.
      $ sudo useradd -m -G group1,group2 -s /bin/bash mtitek1

$ cat /etc/passwd | grep mtitek1
mtitek1:x:1003:1004::/home/mtitek1:/bin/bash

$ cat /etc/group | grep mtitek1
mtitek1:x:1004:
group1:x:1001:mtitek1
group2:x:1002:mtitek1

    • Create a user named "mtitek1" with a default group named "mtitek1".
      + set the base home directory to "/mtitek1_home_dir".
      + create the base home directory "/mtitek1_home_dir".
      $ sudo useradd -m -d /mtitek1_home_dir mtitek1

$ cat /etc/passwd | grep mtitek1
mtitek1:x:1003:1004::/mtitek1_home_dir:/bin/sh

$ cat /etc/group | grep mtitek1
mtitek1:x:1004:

$ ls -al /mtitek1_home_dir
drwxr-xr-x  4 mtitek1 mtitek1 4096 Nov 27 12:51 .
drwxr-xr-x 26 root root 4096 Nov 27 12:51 ..
-rw-r--r--  2 mtitek1 mtitek1 4096 Nov 27 12:51 .profile
-rw-r--r--  2 mtitek1 mtitek1 4096 Nov 27 12:51 .bashrc
-rw-r--r--  2 mtitek1 mtitek1 4096 Nov 27 12:51 .bash_logout

    • Create a user named "mtitek1" with a default group named "mtitek1".
      + set the base directory to "/user_base_dir".
      + create the base home directory "/user_base_dir/mtitek1".
      $ sudo mkdir /user_base_dir
$ sudo useradd -m -b /user_base_dir mtitek1

$ cat /etc/passwd | grep mtitek1
mtitek1:x:1003:1004::/user_base_dir/mtitek1:/bin/sh

$ cat /etc/group | grep mtitek1
mtitek1:x:1004:

$ ls -al /user_base_dir
drwxr-xr-x  4 root root 4096 Nov 27 12:51 .
drwxr-xr-x 26 root root 4096 Nov 27 12:51 ..
drwxr-xr-x  2 mtitek1 mtitek1 4096 Nov 27 12:51 mtitek1

$ ls -al /user_base_dir/mtitek1
drwxr-xr-x  4 mtitek1 mtitek1 4096 Nov 27 12:51 .
drwxr-xr-x 26 root root 4096 Nov 27 12:51 ..
-rw-r--r--  2 mtitek1 mtitek1 4096 Nov 27 12:51 .profile
-rw-r--r--  2 mtitek1 mtitek1 4096 Nov 27 12:51 .bashrc
-rw-r--r--  2 mtitek1 mtitek1 4096 Nov 27 12:51 .bash_logout
  4. Change the user account (usermod)
    Update the account information of the user (man usermod):
    Usage: usermod [options] USER

Options:
  -d, --home HOME_DIR           new home directory for the user account
  -s, --shell SHELL             new login shell for the user account
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups
  -c, --comment COMMENT         comment
  -L, --lock                    lock the user account
  -U, --unlock                  unlock the user account
  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE       set password inactive after expiration to INACTIVE

    Examples:
    • Change the user home directory and the user shell:
      $ sudo usermod --home /home/mtitek1_new_home_directory/ --shell /bin/bash mtitek1

    • Restrict the user from accessing his account:
      $ sudo usermod --shell /usr/sbin/nologin mtitek1
  5. Delete the user account (userdel)
    Delete a user (man userdel):
    Usage: userdel [options] USER

Options:
  -r, --remove  remove home directory and mail spool
  -f, --force   force removal of files, even if not owned by user

    Examples:
    • Delete the user "mtitek1":
      $ sudo userdel -r mtitek1
userdel: mtitek1 mail spool (/var/mail/mtitek1) not found
userdel: mtitek1 home directory (/home/mtitek1) not found
  6. Hide a user from the login screen
    You need to configure AccountsService.
    To hide a user named "admin1", create a file named "/var/lib/AccountsService/users/admin1" and add the following.
    $ sudo vi /var/lib/AccountsService/users/admin1
[User]
SystemAccount=true
  7. Enable/Disable remote SSH login to a specific user
    You may need to edit file "/etc/ssh/sshd_config" and do one the following: 
    $ sudo vi /etc/ssh/sshd_config
# permit root login: yes/no
PermitRootLogin no

# allow some users
AllowUsers user2

# deny some users
DenyUsers user1

    Reload SSH configs: 
    $ sudo /etc/init.d/ssh reload
© 2025  mtitek