User and Group Management in Practice - Setting Up Multi-User Environments

2026-06-02 Reading time: About 15 min Difficulty: Intermediate

Key Takeaways

The difference between useradd and adduser, and the safe pattern for production user creation
How to add users to groups with usermod -aG and why omitting -a causes data loss
How to read /etc/passwd, /etc/shadow, and /etc/group
A complete multi-user environment setup from scratch

Quick Reference (Production Pattern)

Add user: useradd -m -s /bin/bash username → passwd username
Add to group: usermod -aG groupname username (-a is mandatory)
Verify: id username / groups username
Never edit /etc/passwd directly — use usermod instead

Prerequisites

OS: Ubuntu / Debian-based (where adduser is also available)
Run commands with sudo or as root

What is the difference between useradd and adduser?

useradd is a low-level binary available on all Linux distributions. adduser is a high-level interactive wrapper (Perl/Python) found on Debian-based systems. For scripts, prefer useradd for portability; for manual interactive use, adduser is faster.

	useradd	adduser
Type	Binary	Script wrapper
Interactive	No	Yes
Home directory	Requires `-m`	Created by default
Portability	All distributions	Debian-based only

How do you add a user?

Create a user with useradd -m -s /bin/bash username, then set a password with passwd. This is the standard procedure on most systems.

# Create user with home directory
sudo useradd -m -s /bin/bash alice

# Set password
sudo passwd alice

New password:
Retype new password:
passwd: password updated successfully

Key options:

Option	Description
`-m`	Create home directory
`-s /bin/bash`	Set default shell
`-d /path`	Specify home directory path
`-u 1500`	Set explicit UID
`-g groupname`	Set primary group
`-G grp1,grp2`	Set supplementary groups

Verify the created user:

id alice

uid=1001(alice) gid=1001(alice) groups=1001(alice)

Using adduser: sudo adduser alice handles everything interactively in one command. Use this for manual setup; use useradd in scripts.

How do you create and manage groups?

Use groupadd groupname to create a group. Groups are stored in /etc/group and form the foundation of shared file access control on Linux.

# Create a group
sudo groupadd developers

# Verify
getent group developers

developers:x:1002:

Modifying and deleting groups:

# Rename a group
sudo groupmod -n dev developers

# Delete a group
sudo groupdel dev

Deleting a group does not clean up references in /etc/group supplementary group entries. After groupdel, verify no stale entries remain:

grep ':dev:' /etc/group

How do you add a user to a group?

Use usermod -aG groupname username. The -a (append) flag is critical — omitting it replaces all existing supplementary groups with the new one.

# Add to group (-a is mandatory)
sudo usermod -aG developers alice

# Add to multiple groups at once
sudo usermod -aG developers,sudo alice

# Verify
groups alice

alice : alice developers sudo

Omitting -a destroys existing group membership.

# Dangerous: removes alice from all other groups including sudo
sudo usermod -G developers alice

If you accidentally remove a privileged user from the sudo group, you will need another root session to recover.

Group changes are not applied to active sessions. Use newgrp or re-login to activate:

# Activate new group without re-login
newgrp developers

How do you read /etc/passwd and /etc/shadow?

/etc/passwd stores user account information. /etc/shadow stores hashed passwords (readable only by root). Modern systems separate these two files — historically, password hashes were stored in /etc/passwd which was world-readable.

/etc/passwd — 7 colon-separated fields:

alice:x:1001:1001:Alice Smith:/home/alice:/bin/bash
 ^    ^ ^    ^    ^            ^            ^
 |    | |    |    |            |            Default shell
 |    | |    |    |            Home directory
 |    | |    |    GECOS (full name, etc.)
 |    | |    GID (primary group)
 |    | UID
 |    Password ('x' = stored in /etc/shadow)
 Username

/etc/shadow — 9 colon-separated fields:

sudo grep alice /etc/shadow

alice:$6$salt$hashedpassword...:19500:0:99999:7:::
       ^                        ^     ^ ^     ^
       |                        |     | |     Warning days
       |                        |     | Maximum password age
       |                        |     Minimum password age
       |                        Last change (days since epoch)
       Hash ($6$ = SHA-512)

Never edit /etc/passwd directly. Use usermod or chsh to make changes. A malformed /etc/passwd will prevent all logins.

How do you modify or delete a user?

usermod handles almost all attribute changes. Use userdel to remove a user; add -r to also remove the home directory.

# Change login shell
sudo usermod -s /bin/zsh alice

# Move home directory (moves files as well)
sudo usermod -d /home/alice2 -m alice

# Lock account (disable login)
sudo usermod -L alice

# Unlock account
sudo usermod -U alice

# Delete user (keep home directory)
sudo userdel alice

# Delete user and home directory
sudo userdel -r alice

userdel -r is irreversible. Check the home directory contents before deleting:

ls -la /home/alice

How do you build a multi-user environment from scratch?

Here is a complete walkthrough for setting up a shared development server.

# 1. Create a shared group
sudo groupadd developers

# 2. Create users with the group pre-assigned
sudo useradd -m -s /bin/bash -G developers alice
sudo useradd -m -s /bin/bash -G developers bob

# 3. Set passwords
sudo passwd alice
sudo passwd bob

# 4. Create a shared directory
sudo mkdir /srv/project
sudo chown root:developers /srv/project
sudo chmod 2775 /srv/project   # setgid: new files inherit the group automatically

The 2 in chmod 2775 sets the setgid bit. Files created inside this directory automatically inherit the developers group, so all group members can read and write them.

# Verify the directory
ls -ld /srv/project

drwxrwsr-x 2 root developers 4096 Jun  2 00:00 /srv/project
             ^
             's' = setgid bit active

# Confirm all members
getent group developers

developers:x:1002:alice,bob

Granting sudo access

To give a user admin privileges on Ubuntu, add them to the sudo group:

sudo usermod -aG sudo alice

For finer-grained control, use visudo to configure specific command permissions.

How do you check who is currently logged in?

Use who or w to see active sessions. w also shows what each user is currently running.

who

alice    pts/0        2026-06-02 09:00 (192.168.1.10)
bob      pts/1        2026-06-02 09:05 (192.168.1.11)

 09:10:00 up 2 days, 3:00,  2 users,  load average: 0.10, 0.08, 0.05
USER     TTY      FROM             LOGIN@   IDLE JCPU   PCPU WHAT
alice    pts/0    192.168.1.10     09:00    2:00  0.05s  0.01s bash
bob      pts/1    192.168.1.11     09:05    0.00s 0.10s  0.02s top

View login history with last:

last -n 10