User Management Basics: Getting Started with useradd, usermod, and userdel

2026-05-31 Reading time: About 12 min Difficulty: Intermediate

What Can You Do with useradd, usermod, and userdel?

Linux user management comes down to three commands: useradd to create users, usermod to modify their attributes, and userdel to remove them. This guide covers both Ubuntu/Debian and RHEL/CentOS with practical command examples.

Quick Reference

sudo useradd -m -s /bin/bash alice    # Create user
sudo passwd alice                      # Set password
sudo usermod -aG sudo alice            # Grant sudo privileges
sudo userdel -r alice                  # Delete user and home directory

Prerequisites

OS: Ubuntu 22.04 / Debian or RHEL-based (examples use Ubuntu)
Run commands as a user with sudo privileges

1. How to Create a User with useradd

The useradd command adds a new user to the system. Without options, it does not create a home directory — always use the -m flag in practice.

sudo useradd -m -s /bin/bash alice

Common Options:

Option	Description
`-m`	Create home directory
`-s /bin/bash`	Set login shell
`-d /custom/home`	Specify custom home directory path
`-G group1,group2`	Set initial supplementary groups
`-c "Alice Smith"`	Comment field (typically full name)
`-e 2026-12-31`	Account expiry date (YYYY-MM-DD)
`-r`	Create a system account (for services)

Setting a Password

useradd alone does not set a password — the account cannot log in until you run passwd:

sudo passwd alice

Verifying the New User

id alice

uid=1001(alice) gid=1001(alice) groups=1001(alice)

grep alice /etc/passwd

alice:x:1001:1001::/home/alice:/bin/bash

The /etc/passwd fields are: username:password(x):UID:GID:comment:home:shell.

On Ubuntu/Debian, adduser is also available

adduser is an interactive wrapper around useradd. Use useradd for scripting and automation; use adduser for manual one-off setups since it prompts for a password automatically.

sudo adduser alice    # Interactive setup including password

2. How to Modify a User with usermod

usermod changes attributes of an existing user. The most frequent operation is adding a user to a group.

Granting sudo Privileges

sudo usermod -aG sudo alice       # Ubuntu/Debian
sudo usermod -aG wheel alice      # RHEL/CentOS/Fedora

Never omit -a (append) from -aG. Using -G alone replaces all existing group memberships. Accidentally removing a user from the sudo/wheel group locks out admin access.

Other Common Changes

Change home directory:

sudo usermod -d /new/home -m alice    # -m moves existing files

Change login shell:

sudo usermod -s /bin/zsh alice

Lock or unlock an account:

sudo usermod -L alice    # Lock (disables login)
sudo usermod -U alice    # Unlock

Verifying Changes

id alice
groups alice

uid=1001(alice) gid=1001(alice) groups=1001(alice),27(sudo)

Group changes take effect at the next login. To apply them in the current session without logging out, run newgrp sudo.

3. How to Delete a User with userdel

userdel removes a user from the system. Use -r to also delete the home directory and mail spool.

sudo userdel -r alice

Behavior comparison:

Command	User removed	Home directory	Mail spool
`userdel alice`	Yes	Kept	Kept
`userdel -r alice`	Yes	Deleted	Deleted

userdel -r is irreversible. Check the home directory contents and back up any important files before running it.

Deleting a Logged-in User

who                    # Check who is logged in
sudo pkill -u alice    # Kill all processes owned by alice
sudo userdel -r alice

4. Group Management Basics

Users and groups are tightly coupled in Linux. Here are the essential group operations.

Create a Group

sudo groupadd developers

Add a User to a Group

sudo usermod -aG developers alice

Delete a Group

sudo groupdel developers

Check Group Membership

grep developers /etc/group

developers:x:1002:alice

/etc/group fields: groupname:password:GID:member-list

5. Password Policy and Account Expiry

Use chage to inspect and configure password aging policies.

sudo chage -l alice

Last password change                                    : May 31, 2026
Password expires                                        : never
Account expires                                         : never

Setting expiry:

sudo chage -M 90 alice         # Expire password after 90 days
sudo chage -E 2026-12-31 alice # Set account expiry date

6. System Accounts for Services

Service daemons (nginx, postgres, etc.) run under dedicated system accounts that cannot log in interactively. Create them with -r:

sudo useradd -r -s /usr/sbin/nologin -d /var/lib/myapp myapp

Key flags for service accounts:

Flag	Purpose
`-r`	Mark as system account (UID < 1000)
`-s /usr/sbin/nologin`	Prevent interactive login
`-d /var/lib/myapp`	Set working directory
`-M`	Skip home directory creation

Summary: Practical Command Patterns

Standard Flow for a New User

sudo useradd -m -s /bin/bash -c "Alice Smith" alice
sudo passwd alice
sudo usermod -aG sudo alice
id alice    # Verify

Quick Reference Commands

id username               # UID/GID and group list
groups username           # Group memberships
grep username /etc/passwd # passwd entry
grep username /etc/group  # Group memberships
sudo cat /etc/shadow      # Password hash info