I have completed steps to use Amazon Elastic Compute Cloud (Amazon EC2) to quickly create and connect to an instance of Ubunutu Linux, and I have access to the Linux command shell. What commands can I use to create and manages users and groups in the command shell?

Note: Because there are several Linux distributions, this article focuses on creating and managing users and groups on an Amazon EC2 instance of Ubuntu as described in the article How can I use AWS to quickly create and connect to an Amazon EC2 Linux instance?

The following commands are used to create and manage users from the command shell.

Note: To get more information about a Linux command, use one of the following commands followed by the name of the command that you want to find additional information about:

     info <cmd> – displays general information about the command

     man <cmd> – displays detailed information about the command

To display the arguments for a particular command, type the following:

     <cmd> --help – displays arguments for the command

For links to HTML-formatted man (manual) files for Ubuntu 14.04 and 14.10, see the Related Information section.

adduser adduser adds users based on command-line options and configuration variables in /etc/adduser.conf (or other conf (configuration) file when the --conf FILE command-line option is used). adduser improves on existing functionality as a 'wrapper' or 'front end' for the lower-level useradd and usermod programs. Because adding users requires root privileges, adduser must be preceded by the sudo qualifier to temporarily grant the necessary privileges.

For example, the following command creates the new user account bob.

     sudo adduser bob

Note: By default, only the first user account created in Ubuntu is granted sudo privileges. Granting sudo privileges to other users is beyond the scope of this article.

adduser displays several prompts for input, including:

  • New user password entry and verification. (required)
  • Optional information about the new user such as name, phone numbers, and room number. You can dismiss prompts that request optional information by pressing the Enter key.

After you satisfy or dismiss all prompts, adduser continues processing as follows:

Creates the new user based on the specified command-line options and configuration file variables. Some common command-line options are shown here. For a comprehensive list, see the OPTIONS section of the adduser man page. Command-line options always take precedence over values set in configuration file variables.

--conf FILE – use a configuration file other than the default /etc/adduser.conf.

--force-badname – do not evaluate the user name or system user name against the regular expression defined by the NAME_REGEX or NAME_REGEX_SYSTEM variables defined in the adduser.conf (or other configuration file specified by --conf FILE).

Note: Because of an idiosyncrasy with the evaluation of user names against the default regular expression defined by the NAME_REGEX variable (NAME_REGEX="^[a-z][-a-z0-9_]*\$"), a valid user name such as john, bob, or b-john_325$ can fail the regular expression check, requiring the use of the --force-badname option when creating new users. In this scenario you may want to comment out the NAME_REGEX variable in /etc/adduser.conf with a hash sign (#) to prevent the use of --force-badname when creating new users. In this case, ensure that new users are created in accordance with the regular expression defined by NAME_REGEX: user names should start with any lowercase character from a to z, with the remainder of the user name comprising any combination of lowercase characters a to z, numerals 0 to 9, the dash character (-), the underscore character (_), and optionally end with single dollar sign character ($) for samba compatibility. System users should also be created in accordance with the same regular expression, with the exception that system users can be created with both uppercase and lowercase characters.

--ingroup GROUP – add the new user to GROUP instead of a user group of the default group defined by the USERS_GID configuration variable in the configuration file.

--quiet – only show warnings and errors; suppress information messages.

--home DIR – use the specified directory in place of the default home directory /home/user.

--shell SHELL – use the specified command shell in place of the default command shell /bin/bash.

--system – create the user as a system user. System users are placed in the nogroup group by default.

Checks for the existence of the file specified by the command-line option --conf FILE or, in the absence of this option, checks for the existence of the default configuration file /etc/adduser.conf.

If adduser is unable to locate the specified or default configuration file, the user is according to the command-line options. If no command-line options were used, the new user is created as the sole member of a new group with a new home directory, each using the specified user name.

If the specified or default configuration file is available, adduser processes the associated configuration variable values when creating the new user.

The following are some common configuration variables in the configuration file. For a comprehensive list of configuration variables, see adduser.conf.

SKEL – The directory from which new user configuration files should be copied. By default this is set to /etc/skel.

FIRST_UID and LAST_UID – An inclusive range of UID values from which normal user account UIDs can be dynamically allocated. Default range is 1000 to 29999.

FIRST_SYSTEM_UID and LAST_SYSTEM_UID – An inclusive range of UIDs from which system UIDs can be dynamically allocated. Default range is 100 to 999.

EXTRA_GROUPS – A list of groups that new normal users are added to. The default list of extra groups is 'dialout cdrom floppy audio video plugdev users games'.

deluserdeluser removes users from the system or from the specified group based on command-line options and configuration variables in /etc/deluser.conf (or other conf (configuration) file when the --conf FILE option is used). deluser improves on existing functionality as a 'wrapper' or 'front end' for the lower-level userdel program. Because removing users requires root privileges, deluser must be preceded by the sudo qualifier to temporarily grant the necessary privileges.

For example, the following command deletes the user account bob.

sudo deluser bob

deluser removes users from the system or specified group subject to command-line options and configuration variables as follows:

Processes any specified command-line options. Some common command-line options are shown here. For a comprehensive list, see the OPTIONS section of the deluser man page. Command-line options always take precedence over values set in configuration file variables.

--conf FILE – use a configuration file other than the default /etc/deluser.conf.

--system – delete only if the user is a system user. This avoids accidentally deleting non-system users.

--backup – back up all files contained in the userhome and the mailspool-file to a file named /$user.tar.bz2 or /$user.tar.gz.

--remove-home – remove the home directory of the user and its mailspool.

--group – remove a user from a group or remove a group from the system, depending on the options specified. For example, the following command removes the user bob from the group test.

sudo deluser bob --group test

The following command removes the group test from the system.

sudo deluser --group test

Checks for the existence of the file specified by the command-line option --conf FILE or, in the absence of this option, checks for the existence of the default configuration file /etc/deluser.conf.

If deluser is unable to locate the specified or default configuration file, the user is removed according to the command-line options. If no command-line options were used, the user is removed from the system without removing any folders or files associated with the user.

If the specified or default configuration file is available, deluser processes the associated configuration variable values when removing the user. The following are some common configuration variables in the configuration file. For a comprehensive list of configuration variables, see deluser.conf.

REMOVE_HOME – Remove the home directory and mail spool when the user is removed. Value may be set to 0 or 1. Default value is 0 (do not remove home directory and mail spool).

BACKUP – Back up files before removing them. Only relevant if the REMOVE_HOME or REMOVE_ALL_FILES configuration variables are set to 1. Default value is 0 (do not backup files).

BACKUP_TO – Target directory for the backup file. Only relevant if the BACKUP configuration variable is set to 1. Default value is "."

addgroupaddgroup adds groups based on command-line options and configuration variables in /etc/adduser.conf (or other conf (configuration) file when the --conf FILE command-line option is used). addgroup improves on existing functionality as a 'wrapper' or 'front end' for the lower-level groupadd program. Because adding groups requires root privileges, addgroup must be preceded by the sudo qualifier to temporarily grant the necessary privileges.

For example, the following command creates the new group ftpusers.

sudo addgroup ftpusers

addgroup adds groups to the system subject to command-line options and configuration variables as follows:

Processes any specified command-line options. Some common command-line options are shown here. For a comprehensive list, see the OPTIONS section of the addgroup man page. Command-line options always take precedence over values set in configuration file variables.

--conf FILE – use a configuration file other than the default /etc/adduser.conf.

--gid ID – use the specified number for the groupid of the group.

--system – create a system group.

--group – if used with the --system option, create a group with the same name and ID as the system user. Otherwise, create a group with the specified name.

Checks for the existence of the file specified by the command-line option --conf FILE or, in the absence of this option, checks for the existence of the default configuration file /etc/adduser.conf.

If addgroup is unable to locate the specified or default configuration file, the group is added according to the command-line options. If no command-line options are used, the specified group is added to the system.

If the specified or default configuration file is available, addgroup processes the associated configuration variable values when creating the new group. The following are some common configuration variables in the configuration file that apply to adding groups. For a comprehensive list of configuration variables, see adduser.conf.

FIRST_GID and LAST_GID – An inclusive range of GID values from which normal group GIDs can be dynamically allocated. Default range is 1000 to 29999.

FIRST_SYSTEM_GID and LAST_SYSTEM_GID - An inclusive range of GID values from which system GIDS can be dynamically allocated. Default range is 100 to 999.

delgroupdelgroup removes groups based on command-line options and configuration variables in /etc/deluser.conf (or other conf (configuration) file when the –conf FILE option is used). delgroup improves on existing functionality as a 'wrapper' or 'front end' for the lower-level groupdel program. Because deleting groups requires root privileges, delgroup must be preceded by the sudo qualifier to temporarily grant the necessary privileges.

For example, the following command deletes the group ftpusers.

sudo delgroup ftpusers

delgroup deletes groups subject to command-line options and configuration variables as follows:

Processes any specified command-line options. Some common command-line options are shown here. For a comprehensive list, see the OPTIONS section of the delgroup man page. Command-line options always take precedence over values set in configuration file variables.

--conf FILE – use a configuration file other than the default /etc/deluser.conf.

--quiet – show only warnings and errors; suppress information messages.

--system – delete only if the group is a system group. This avoids accidentally deleting non-system groups.

Checks for the existence of the file specified by the command-line option --conf FILE or, in the absence of this option, checks for the existence of the default configuration file /etc/deluser.conf.

If delgroup is unable to locate the specified or default configuration file, the group is removed according to the command-line options.

If the specified or default configuration file is available, delgroup processes any associated configuration variable values when removing the group. The following is a common configuration variable in the configuration file that applies to deleting groups. For a comprehensive list of configuration variables, see deluser.conf.

ONLY_IF_EMPTY – delete the group only if no users belong to the group. Default value is 0 (groups that contain users will be deleted).

chage – Change the expiration time for a user's password.
chfn – Change a user name and/or associated user information.
chsh – Change the shell for a user.
chgrp – Change group ownership of a file.
chown – Change user and group ownership of a file.
gpasswd – Administer /etc/group and /etc/gshadow.
groupadd – Create a new group.
groupdel – Delete a group.
groupmod – Modify a group definition.
groups – Display all of the groups a user belongs to.
grpck – Verify the integrity of group files.
id – Display all group or user ID numbers for a specified user.
newgrp – Assign new group identifications for a user.
newusers – Batch utility to update and create new users.
nologin – Disable login functionality for unprivileged users.
passwd – Change a user's password.
su – Become another user during a login session.
useradd – Create a new user or change default new user information.
userdel – Delete a user account and related files.
usermod – Modify a user account.
List all regular users: awk -F':' '{ print $1}' /etc/passwd
List all groups: cut -d: -f1 /etc/group

Linux, users, groups, manage, sudo


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.