CentOS/RedHat : create and delete user in Red Hat and CentOS

create and delete user in Red Hat and CentOS

create and delete user examples in Red Hat and CentOS

In this tutorial we will learn about creating and deleting the user in Red Hat and CentOS.
In this post we will explore the useradd and userdel commands.

Basic command to create user

In Red Hat and CentOS,create a user and set password as per given below command

1 2 3

useradd user-login-name   passwd user-login-name

Now, lets see what happen when you simply use the useradd command in Red Hat and CentOS.
Here I am taking an eg. of creating a user called sharad

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

[root@localhost ~]# cat /etc/issue CentOS release 6.4 (Final) Kernel \r on an \m   [root@localhost ~]# [root@localhost ~]# useradd sharad [root@localhost ~]# [root@localhost ~]# grep sharad /etc/passwd sharad:x:500:500::/home/sharad:/bin/bash [root@localhost ~]# [root@localhost ~]# grep sharad /etc/group sharad:x:500: [root@localhost ~]# [root@localhost ~]# id sharad uid=500(sharad) gid=500(sharad) groups=500(sharad) [root@localhost ~]# [root@localhost ~]# ls -ld /home/sharad/ drwx------ 2 sharad sharad 4096 Jul 17 20:35 /home/sharad/ [root@localhost ~]# [root@localhost ~]# grep sharad /etc/shadow sharad:!!:15903:0:99999:7::: [root@localhost ~]#

When we create a user by using command “useradd sharad”,the following things are happened

Same name of group is created , here new group name is sharad and user called sharad is member of it. Means sharad user is member of group called sharad

The user’s home directory of user called sharad is created in /home , see the command ls -ld /home/sharad

User sharad got a login shell /bin/bash which you can find by using command grep sharad /etc/passwd

In Red Hat and CentOS,when first user is created the uid and gid starts with 500 (uid= user id and gid= group id)

We have not set the password for user sharad,hence some content is missing in output of command “grep sharad /etc/shadow”

Explore default options of useradd command

To find default options of useradd,use the below given command

1 2 3 4 5

useradd -D   OR   cat /etc/default/useradd

See the below reference of output

[root@localhost ~]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@localhost ~]#

[root@localhost ~]# cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

[root@localhost ~]#

GROUP: Bydefault this option is not taken by useradd command. To get default group as per useradd -Dcommand, you have to use -n option with useradd command. For eg. useradd -n test 

1 2 3 4

[root@localhost ~]# useradd -n ravi [root@localhost ~]# id ravi uid=501(ravi) gid=100(users) groups=100(users) [root@localhost ~]#

Now here Question comes, Why UID and GID was 500 when we created the first user called sharad.
Answer: It get the value from /etc/login.defs file.

1 2 3 4 5

[root@localhost ~]# grep GID_MIN /etc/login.defs GID_MIN              500 [root@localhost ~]# grep UID_MIN /etc/login.defs UID_MIN              500 [root@localhost ~]#

HOME: This is the default path prefix for the home directory. The user’s home directory will be created as /home/USER-Login-Name.

Tip: If you set the value CREATE_HOME no in /etc/login.defs file, the home directory of user will not be created.

INACTIVE: The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.If not specified, useradd will use the default inactivity period specified by the INACTIVE variable in /etc/default/useradd, or -1 by default.

EXPIRE: The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD

SHELL: Users login shell.

SKEL: Contents inside skel directory will be copied to the users home directory.

See in below reference the newly created user’s home directory and /etc/skel contents are same

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

[root@localhost ~]# ls -la /etc/skel/ total 20 drwxr-xr-x.  2 root root 4096 May 29 23:17 . drwxr-xr-x. 63 root root 4096 Jul 17 21:17 .. -rw-r--r--.  1 root root   18 Feb 22 03:05 .bash_logout -rw-r--r--.  1 root root  176 Feb 22 03:05 .bash_profile -rw-r--r--.  1 root root  124 Feb 22 03:05 .bashrc [root@localhost ~]# [root@localhost ~]# ls -la /home/sharad/ total 20 drwx------  2 sharad sharad 4096 Jul 17 21:01 . drwxr-xr-x. 5 root   root   4096 Jul 17 21:17 .. -rw-r--r--  1 sharad sharad   18 Feb 22 03:05 .bash_logout -rw-r--r--  1 sharad sharad  176 Feb 22 03:05 .bash_profile -rw-r--r--  1 sharad sharad  124 Feb 22 03:05 .bashrc [root@localhost ~]#

CREATE_MAIL_SPOOL: Here the bydefault value is CREATE_MAIL_SPOOL=yes means mail spool directory will be created.

Question: Where is the mail spool directory
Answer: It is mentioned in /etc/login.defs file.

1 2 3

[root@localhost ~]# grep MAIL_DIR /etc/login.defs |grep spool MAIL_DIR    /var/spool/mail [root@localhost ~]#

How to change default value of useradd command

You can also change the default value of useradd

Method 1 : By using command line

examples:

For changing default shell use command useradd -D -s /shell/path

1 2 3 4 5 6 7 8 9 10 11

[root@localhost ~]# useradd -D -s /bin/sh You have new mail in /var/spool/mail/root [root@localhost ~]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [root@localhost ~]#

For Changing Default Home Directory,use command useradd -D -b /new/home_dir/path

1 2 3 4 5 6 7 8 9 10 11 12

[root@localhost ~]# mkdir /new_home [root@localhost ~]# useradd -D -b /new_home [root@localhost ~]# [root@localhost ~]# useradd -D GROUP=100 HOME=/new_home INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [root@localhost ~]#

Likewise you can also do other changes.

Method 2: By editing /etc/default/useradd .

1 2 3 4 5 6 7 8 9 10

vi /etc/default/useradd   # useradd defaults file GROUP=100 HOME=/new_home INACTIVE=-1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=yes

Using useradd command with many options

(1) Changing login shell at useradd command. Bydefault the login shell is /bin/bash
Use -s with useradd command

1 2 3 4 5

[root@localhost ~]# useradd -s /bin/sh testuser [root@localhost ~]# [root@localhost ~]# grep testuser /etc/passwd testuser:x:502:502::/home/testuser:/bin/sh [root@localhost ~]#

(2) Changing default home directory to other path.
Use -d option here, useradd -d /Path/username username

1 2 3 4 5 6 7 8

[root@localhost ~]# mkdir /new_home [root@localhost ~]# useradd -d /new_home/joe joe [root@localhost ~]# ls /new_home/ joe [root@localhost ~]# ls /new_home/joe/ [root@localhost ~]# ls -ld /new_home/joe/ drwx------ 2 joe joe 4096 Jul 17 23:04 /new_home/joe/ [root@localhost ~]#

(3) Changing userid , use -u option here

1 2 3 4

[root@localhost ~]# useradd -u 600  john [root@localhost ~]# id john uid=600(john) gid=600(john) groups=600(john) [root@localhost ~]#

(3) Changing group id with useradd command, use -g option.
Note 1: Group must already exist so that we can use its GID. See below example.
GID of hr group is 601

Note 2: hr group has GID 600 . User tester taken bydefault UID 601 also because there was no user exist with this UID. If exist than it would get the different UID as per increment pattern.

1 2 3 4 5 6 7 8 9 10 11 12

[root@localhost ~]# groupadd hr [root@localhost ~]# [root@localhost ~]# grep hr /etc/group hr:x:601: [root@localhost ~]# useradd -u 550 -g 601 roger [root@localhost ~]# id roger uid=550(roger) gid=601(hr) groups=601(hr) [root@localhost ~]# [root@localhost ~]# useradd -g 601 tester [root@localhost ~]# id tester uid=601(tester) gid=601(hr) groups=601(hr) [root@localhost ~]#

(4) You can use available options in single line. Here I have added -c for GECOS or comment
See below example

1 2 3 4 5

[root@localhost ~]# useradd -c "linux system admin" -u 700 -g 601 -s /bin/sh -d /new_home/sharadchhetri sharadchhetri[root@localhost ~]# id sharadchhetri uid=700(sharadchhetri) gid=601(hr) groups=601(hr) [root@localhost ~]# grep sharadchhetri /etc/passwd sharadchhetri:x:700:601:linux system admin:/new_home/sharadchhetri:/bin/sh [root@localhost ~]#

(5) Set password in single line with -p option. But here you have to get encrypt passwd.

useradd -p #$#@encrypted@#$ username

see below example how you will do. Here I will use the password PaaSS2ord

Get encrypted password by using command openssl

1 2 3 4 5 6

[root@localhost ~]# openssl passwd -crypt Password: Verifying - Password: Warning: truncating password to 8 characters gYqytYyfGxwII [root@localhost ~]#

after using openssl command we get the encrypted value of PaaSS2ord as gYqytYyfGxwII
Now use this value with -p option

1	[root@localhost ~]# useradd -p 'gYqytYyfGxwII' testred

You can check by login user testred using the password PaaSS2ord

Below given are options which you can use with useradd command

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

[root@localhost ~]# useradd --help Usage: useradd [options] LOGIN   Options:   -b, --base-dir BASE_DIR       base directory for the home directory of the                                 new account   -c, --comment COMMENT         GECOS field of the new account   -d, --home-dir HOME_DIR       home directory of the new account   -D, --defaults                print or change default useradd configuration   -e, --expiredate EXPIRE_DATE  expiration date of the new account   -f, --inactive INACTIVE       password inactivity period of the new account   -g, --gid GROUP               name or ID of the primary group of the new                                 account   -G, --groups GROUPS           list of supplementary groups of the new                                 account   -h, --help                    display this help message and exit   -k, --skel SKEL_DIR           use this alternative skeleton directory   -K, --key KEY=VALUE           override /etc/login.defs defaults   -l, --no-log-init             do not add the user to the lastlog and                                 faillog databases   -m, --create-home             create the user's home directory   -M, --no-create-home          do not create the user's home directory   -N, --no-user-group           do not create a group with the same name as                                 the user   -o, --non-unique              allow to create users with duplicate                                 (non-unique) UID   -p, --password PASSWORD       encrypted password of the new account   -r, --system                  create a system account   -s, --shell SHELL             login shell of the new account   -u, --uid UID                 user ID of the new account   -U, --user-group              create a group with the same name as the user   -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping   [root@localhost ~]#

Delete User in Red hat and CentOS

(1) To delete the user ,use below given command

1	userdel username

Note: The above command will not remove user’s home directory and mail spool

(2) Delete user with its home directory and mail spool. Use option -r

1	userdel -r username

Other options which you can also use

1 2 3 4 5 6 7 8 9 10 11

[root@localhost ~]# userdel --help Usage: userdel [options] LOGIN   Options:   -f, --force                   force removal of files,                                 even if not owned by user   -h, --help                    display this help message and exit   -r, --remove                  remove home directory and mail spool   -Z, --selinux-user            remove SELinux user from SELinux user mapping   [root@localhost ~]#