patternbashModerate
User Management: useradd, Groups, and Home Directories
Viewed 0 times
useraddusermodgroupssudoservice accountnologinnewgrpuserdelhome directory
linux
Error Messages
Problem
Creating users with the wrong defaults — missing home directories, wrong shells for service accounts, or not adding to the right groups — causes permission issues.
Solution
Use the right flags for useradd depending on whether the account is for a human or a service.
# Create a human user with home dir and bash shell
useradd -m -s /bin/bash -c "Full Name" username
passwd username
# Create a service account (no login shell, no home dir)
useradd -r -s /sbin/nologin -M myservice
# Add existing user to a group
usermod -aG sudo username # Add to sudo group
usermod -aG docker username # Add to docker group
# IMPORTANT: user must log out and back in for group to apply
newgrp docker # Activate group in current session without logout
# Show user's groups
id username
groups username
# Lock/unlock an account
usermod -L username # Lock
usermod -U username # Unlock
# Delete user and home directory
userdel -r username
# List all users
getent passwd | column -t -s ':'Why
useradd -r creates a system account with a UID in the system range (< 1000) and no expiry. Service accounts should use nologin shell to prevent interactive logins. The -aG flag appends to existing groups; omitting -a replaces all groups.Gotchas
- usermod -G without -a replaces all secondary groups, potentially removing the user from important groups like sudo.
- New group membership is only active in new login sessions — existing sessions retain the old groups.
- useradd on Debian/Ubuntu uses /etc/default/useradd for defaults; useradd -D shows current defaults.
- Home directories created by useradd -m get permissions from /etc/skel which may include hidden dotfiles.
Revisions (0)
No revisions yet.