To create a new Linux user account, make the appropriate new entries in /etc/passed and /etc/group and viola, technically, the user exists. There are still a few subtleties before the user can log in successfully.

These commands create the home directory, change its owner to fred, change its group to users, and change its permissions so that only the owner may read, write, list or generally manipulate files within that directory. It is now possible for fred to log in.

That’s the real deal. For those who are adverse to shell commands and text file editing, It’s far from being the only way.

Linux provides a command called useradd which automates the entire process. useradd adds the relevant entries to /etc/passwd, /etc/shadow and /etc/group, and will make a directory with permissions set appropriately.

The useradd program will also take files from a directory called /etc/skel and copy these into the new directory. So, any files that should be given to a new user – such as login files to set up environment variables – should be set up in that folder.

Of course, if you want to restrict the user’s access on your system, then you should not give them a login shell – but rather something else like /bin/false – and also perhaps not even a valid home directory. You could set the home directory to /tmp or some other shared area with unimportant data.

Removing a user

Deleting a user from the system involves, at its simplest, taking their entry out of /etc/passwd. The user will no longer be able to log in at all and will not be recognised as an existing user account. If you're a bit pedantic like me this will never do: there is debris lying about and this has to be cleansed.

Any references to the user must be removed from both /etc/shadow and /etc/group. The user’s home directory – and subdirectories – need to be deleted. Linux provides a command called userdel which can be used to achieve these tasks automatically. You use it by specifying the username you wish to remove, and an option –r flag if you wish to remove the home directory too.

However, even after this, there may still be other files in the system that belong to the phantom UID once known as user, such as e-mail in /var/mail or temporary files in /tmp. The userdel command won’t remove these or look for them. Locate these files and inspect them. Then make a decision to either remove or back up, or whether to change their ownership to another, still current, user, depending on privacy and importance.

Changing account creation defaults

The home directory prefix and the login shell can be changed to default to any specific value for all future users that may be created. The current defaults are listed in /etc/default/useradd, or can be dumped to the screen via useradd –D. You're not stuck with what the program thinks are sensible options!

Determine what you wish to change. The options available are as below:

• b – change the default home directory. The default is /home.
  
• e – change the default date to expire the account. The date is in the format mm/dd/yy.
  
• f – change the default wait after a password expires. When the password expires, it must be updated by the user within this many days. If that does not happen and the wait time is exceeded, then the account will be disabled. To disable the account immediately on expiration use 0 (i.e. wait 0 days). To inhibit this feature, use –1, which is the default value.
  
• g – change the default group to assign new users to.
  
• s – change the default shell to assign new users to.

The above command would change the default behaviours of useradd so that any new users had their home directory under /users, were in the users group, used the /bin/tcsh shell, and had their account disabled 14 days after their password expires if they don’t change it.

The defaults can be overridden by using these same flags with the useradd command when creating a new account, should that ever be necessary.

That’s the fundamentals of user management. In many ways this has been basic information. Yet, in another, it’s not basic. This is the arcane happenings of the mouse clicks, menus and icons that make today’s operating system work.  Understanding this makes you a better Linux admin and user.