How to Create a new user account in CentOS 7/8

ADVERTISEMENTS



Create a new user account in CentOS Linux 7/8

How do I create a new user account on CentOS 7/8 Linux server using command-line options? How do I create a new user account with sudo access on CentOS 8 Linux server?A CentOS Linux user account created to provide security barriers between various apps and other users of the systems. For example, Apache or Nginx server runs as www-data user. Webmasters can upload files using another user called ftp. By separating them, you can improve the security of your system. This page explains how to create, modify, and delete user accounts on a CentOS Linux 7/8 server.

The procedure is as follows for creating a new user account on CentOS Linux:

Use useradd command to add a new user account on a CentOS 7 or 8. Run passwd command to set up or change user password. Delete user account by typing the userdel command in CentOS. To modify user account use usermod command . To view user account information use id command .

Important files

Above commands modify the following files to create or delete user accounts:

Do not modify the following files using a text editor such as vim or nano to avoid misconfiguration.

/etc/passwd – The password file contains one line for each user account.

/etc/shadow – Password in encrpted format for the system’s accounts and optional aging (password expiration date) information.

/etc/group – User group information.

Let us see all commands and examples in details.

The /etc/passwd file contains one line for each user account, with seven fields delimited by colons. Type cat command to list users:

cat /etc/passwd



id

id userName

id root

id vivek

uid=1000(vivek) gid=1000(vivek) groups=1000(vivek),4(adm),24(cdrom),27(sudo)

Want to see information about the currently logged-in user? Type id command Sample outputs:

Finally, use the ls command to see the owner and group of a file named /etc/hosts:

ls -l /path/to/file

ls -l /home/vivek/Documents/resume.pdf

ls -l /etc/hosts

Run the ps command/top command to see owner of process:

ps

top

htop

top -u vivek

ps -au

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND gdm 1732 0.0 0.0 163872 6516 tty1 Ssl+ 12 : 34 0 :00 /usr/lib/gdm3/gdm-x-session gnome-session --autostart /usr/share/gdm/greeter/autostart root 1734 0.0 0.2 253836 86628 tty1 Sl+ 12 : 34 0 :03 /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/ 126 /gdm/Xauthority -background none -noreset -keeptty -verbose 3 gdm 1825 0.0 0.0 263512 14224 tty1 Sl+ 12 : 34 0 :00 /usr/lib/gnome-session/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart vivek 2128 0.0 0.0 163872 6468 tty2 Ssl+ 12 : 35 0 :00 /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE = ubuntu /usr/bin/gnome-session --systemd --session=ubuntu root 2130 1.5 0.4 307212 138348 tty2 Sl+ 12 : 35 8 : 38 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/ 1000 /gdm/Xauthority -background none -noreset -keeptty -verbose 3 vivek 5052 0.0 0.0 19752 12936 pts/ 1 Ss+ 12 : 39 0 :06 /usr/bin/ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost y vivek 24020 0.0 0.0 11144 5732 pts/ 4 Ss 21 : 13 0 :00 bash vivek 24961 0.0 0.0 14648 6784 pts/ 4 S+ 21 : 17 0 :00 ssh aws-ls.laws-v-zone-a-www-001 vivek 24995 0.0 0.0 14672 6896 pts/ 5 S+ 21 : 18 0 :00 ssh vivek@do-de.public vivek 25204 0.0 0.0 11012 5156 pts/ 2 Ss 21 : 20 0 :00 bash vivek 25210 0.0 0.1 414796 40568 pts/ 2 Sl+ 21 : 20 0 :00 gpass USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND gdm 1732 0.0 0.0 163872 6516 tty1 Ssl+ 12:34 0:00 /usr/lib/gdm3/gdm-x-session gnome-session --autostart /usr/share/gdm/greeter/autostart root 1734 0.0 0.2 253836 86628 tty1 Sl+ 12:34 0:03 /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/126/gdm/Xauthority -background none -noreset -keeptty -verbose 3 gdm 1825 0.0 0.0 263512 14224 tty1 Sl+ 12:34 0:00 /usr/lib/gnome-session/gnome-session-binary --systemd --autostart /usr/share/gdm/greeter/autostart vivek 2128 0.0 0.0 163872 6468 tty2 Ssl+ 12:35 0:00 /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu root 2130 1.5 0.4 307212 138348 tty2 Sl+ 12:35 8:38 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3 vivek 5052 0.0 0.0 19752 12936 pts/1 Ss+ 12:39 0:06 /usr/bin/ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost y vivek 24020 0.0 0.0 11144 5732 pts/4 Ss 21:13 0:00 bash vivek 24961 0.0 0.0 14648 6784 pts/4 S+ 21:17 0:00 ssh aws-ls.laws-v-zone-a-www-001 vivek 24995 0.0 0.0 14672 6896 pts/5 S+ 21:18 0:00 ssh vivek@do-de.public vivek 25204 0.0 0.0 11012 5156 pts/2 Ss 21:20 0:00 bash vivek 25210 0.0 0.1 414796 40568 pts/2 Sl+ 21:20 0:00 gpass

See how to “Show All Running Processes in Linux using ps/htop commands” for more information.

Creating a new CentOS user account from the command line

The syntax is:

sudo useradd userName

sudo useradd [options] userName

Examples

Create the vivek user account, run:

sudo adduser vivek

Verify it:

id vivek

Or use the grep command as follows:

grep -w '^vivek' /etc/passwd

grep -w '^vivek' /etc/group

Finally, set or change the password for vivek user by typing the following passwd command:

sudo passwd vivek



A new user account was created. Next, verify it by log in using the ssh command:

ssh vivek@your-centos-8-server-ip

Deleting user account in CentOS Linux 7/8

The syntax is:

sudo userdel {userName}

sudo userdel -r {UserName}

The -r option remove home directory and mail spool of given user account. So make a backup if you need user data. Let us delete the vivek user along with all personal data:

sudo userdel -r vivek

Verify that the user vivek is successfully deleted from CentOS server:

id vivek

grep -w '^vivek' /etc/passwd

grep -w '^vivek' /etc/group



Advance examples

Let us create a new accout named www-files as follows:

$ sudo useradd -d /home/www-files -m \

-c "Nginx file and sftp user" \

-s /bin/bash www-files

$ sudo passwd www-files

$ id www-files

Where,

-d /home/www-files : Home directory is /home/www-files of the new account

: Home directory is /home/www-files of the new account -m : Create the user’s home directory

: Create the user’s home directory -c "Nginx file and sftp user" : Set up GECOS field of the new account (comment)

: Set up GECOS field of the new account (comment) -s /bin/bash : Set login shell of the new account

: Set login shell of the new account www-files : Login/Username

How to modify user accounts

You need to usermod as follows:

usermod [options] {username}

Please note that the user account must exists in order to use usermod. Let us see some common examples.

Set new value of the GECOS field (comment

sudo usermod -c "Vivek Gite" vivek

## verification ##

grep -w 'vivek' /etc/passwd

Update home directory location for the user account

Change /home/vivek to /home/ftpvivek, run:

sudo usermod -d /home/ftpvivek -m vivek

Lock the user account

sudo usermod -L vivek

Unlock the user account

sudo usermod -U vivek

Create a Sudo User on CentOS

All members of the wheel group have sudo access. So all you have to do is append user account to the wheel group as follows:

sudo usermod -aG wheel {username}

##

## add vivek user to wheel group for sudo access ##

##

sudo usermod -aG wheel vivek

id vivek

Next, login as vivek user and test sudo access:

{vivek@my-centos8-box:~ }$ sudo ls /root/

{vivek@my-centos8-box:~ }$ sudo -s

{root@my-centos8-box:~ }#

See “Linux Add User To Group” for more info.

sudo usermod -l login-name old-name

# rename 'vivekg' user to 'vivek' #

sudo usermod -l vivek vivekg

See “How to Change a USER and GROUP ID on Linux For All Owned Files” for more info.

Getting help

Use man command or pass the --help as follows:

usermod command

Run:

man 8 usermod

usermod --help

Options Description -c OR --comment COMMENT new value of the GECOS field -d OR --home HOME_DIR new home directory for the user account -e OR --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f OR --inactive INACTIVE set password inactive after expiration to INACTIVE -g OR --gid GROUP force use GROUP as new primary group -G OR --groups GROUPS new list of supplementary GROUPS -a OR --append append the user to the supplemental GROUPS mentioned by the -G option without removing the user from other groups -h OR --help display this help message and exit -l OR --login NEW_LOGIN new value of the login name -L OR --lock lock the user account -m OR --move-home move contents of the home directory to the new location (use only with -d) -o OR --non-unique allow using duplicate (non-unique) UID -p OR --password PASSWORD use encrypted password for the new password -R OR --root CHROOT_DIR directory to chroot into -P OR --prefix PREFIX_DIR prefix directory where are located the /etc/* files -s OR --shell SHELL new login shell for the user account -u OR --uid UID new UID for the user account -U OR --unlock unlock the user account -v OR --add-subuids FIRST-LAST add range of subordinate uids -V OR --del-subuids FIRST-LAST remove range of subordinate uids -w OR --add-subgids FIRST-LAST add range of subordinate gids -W OR --del-subgids FIRST-LAST remove range of subordinate gids -Z OR --selinux-user SEUSER new SELinux user mapping for the user account

passwd command

Execute:

man 8 passwd

passwd --help

Options Description -k OR --keep-tokens keep non-expired authentication tokens -d OR --delete delete the password for the named account (root only); also removes password lock if any -l OR --lock lock the password for the named account (root only) -u OR --unlock unlock the password for the named account (root only) -e OR --expire expire the password for the named account (root only) -f OR --force force operation -x OR --maximum=DAYS maximum password lifetime (root only) -n OR --minimum=DAYS minimum password lifetime (root only) -w OR --warning=DAYS number of days warning users receives before password expiration (root only) -i OR --inactive=DAYS number of days after password expiration when an account becomes disabled (root only) -S OR --status report password status on the named account (root only) --stdin OR read new tokens from stdin (root only)

useradd command

Type:

man 8 useradd

useradd --help

Options Description -b OR --base-dir BASE_DIR base directory for the home directory of the new account -c OR --comment COMMENT GECOS field of the new account -d OR --home-dir HOME_DIR home directory of the new account -D OR --defaults print or change default useradd configuration -e OR --expiredate EXPIRE_DATE expiration date of the new account -f OR --inactive INACTIVE password inactivity period of the new account -g OR --gid GROUP name or ID of the primary group of the new account -G OR --groups GROUPS list of supplementary groups of the new account -h OR --help display this help message and exit -k OR --skel SKEL_DIR use this alternative skeleton directory -K OR --key KEY=VALUE override /etc/login.defs defaults -l OR --no-log-init do not add the user to the lastlog and faillog databases -m OR --create-home create the user’s home directory -M OR --no-create-home do not create the user’s home directory -N OR --no-user-group do not create a group with the same name as the user -o OR --non-unique allow to create users with duplicate (non-unique) UID -p OR --password PASSWORD encrypted password of the new account -r OR --system create a system account -R OR --root CHROOT_DIR directory to chroot into -P OR --prefix PREFIX_DIR prefix directory where are located the /etc/* files -s OR --shell SHELL login shell of the new account -u OR --uid UID user ID of the new account -U OR --user-group create a group with the same name as the user -Z OR --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping

Conclusion

You learned how to create a new user account and modify or delete user them on CentOS Enterprise Linux 7 or 8. See CentOS/RHEL 8 docs here for more info.