In Linux, user roles are distinguished by UID (User ID), which determines permissions and allowed tasks. The root user's UID is uniquely set to 0.

Root User

This is the system administrator with full privileges. The root user can log in, execute any command, and access all files. Its UID is always 0.

System Users

Thece are non-login accounts used by system services and applications. They are created automatically during software installation.

Regular Users

Standard accounts created by administrators. These users can log in but are restricted to operations within their own home directories.

Key Configuration Files for User Management

Linux manages users through specific configuration files rather than graphical tools.

/etc/passwd

This file contains user account information. Each line represents one user with seven colon-separated fields.

username:password_placeholder:UID:GID:description:home_directory:login_shell

For example:

alice:x:1001:1001:Alice Developer:/home/alice:/bin/bash

/etc/shadow

This secure file stores encrypted passwords and account aging information. Only root can read it. Each entry has nine fields:

1. Username
2. Encrypted password
3. Last password change (days since Jan 1, 1970)
4. Minimum days before password can be changed
5. Maximum password validity period
6. Warning period before password expires
7. Grace period after password expiration
8. Account expiration date
9. Reserved field

/etc/login.defs

Default configuration for user creation. Key parameters include:

• PASS_MAX_DAYS: Maximum password age
• PASS_MIN_DAYS: Minimum days between password changes
• PASS_MIN_LEN: Minimum password length
• UID_MIN/UID_MAX: Range for automatic UID assignment
• CREATE_HOME: Weather to create home directory automatically
• UMASK: Default permissions for new files

/etc/skel

Template directory containing default configuration files (like .bashrc) copied to new users' home directories.

Password Shadowing

For enhanced security, passwords can be moved from /etc/passwd to /etc/shadow:

pwconv    # Enable shadow passwords
pwunconv  # Disable shadow passwords

User Account Operations

Creating Users

useradd newuser                     # Basic user creation
useradd -d /customhome -g primarygroup -G supplementarygroup -u 1500 customuser

Options:

• -d: Specify home directory
• -g: Assign primary group
• -G: Add to supplementary groups
• -u: Set specific UID

Setting Passwords

passwd username                     # Set or change password
passwd -l username                  # Lock account
passwd -u username                  # Unlock account
passwd -S username                  # Display password status

Viewing Recant Account Entries

tail -5 /etc/passwd                 # Show last 5 lines of passwd file
tail -1 /etc/shadow                 # Show last line of shadow file

Deleting Users

userdel olduser                     # Remove user account
userdel -r olduser                  # Remove user with home directory

Modifying User Properties

usermod -l newname oldname          # Change username
usermod -d /newhome -g newgroup -u 2000 username  # Update multiple properties
usermod -L username                 # Lock account
usermod -U username                 # Unlock account

Managing Group Membership

gpasswd -a user group               # Add user to group
gpasswd -d user group               # Remove user from group
gpasswd -A user group               # Assign group administrator

Checking User Identity

id username                         # Display UID, GID, and groups

Restricting System Access

To prevent non-root logins, create an empty file:

touch /etc/nologin

This file blocks all regular user logins while allowing root access.