Linux stores all user and group data in four key files under /etc. Understanding these files is essential for managing access and security on any system.

User Files

/etc/passwd — Contains user account information. Each line represents one user with fields separated by colons:

username:x:UID:GID:comment:home_directory:shell
# Example:
gamal:x:1001:1001:Gamal Mohamed:/home/gamal:/bin/bash

The fields include: Name, password placeholder (x), UID (User ID), GID (Group ID), comment, Home directory, and Shell. This file is readable by all users.

/etc/shadow — Contains the actual hashed passwords. Only readable by root for security. Passwords are never stored in plain text.

Group Files

/etc/group — Contains group names and their members. Each line:

groupname:x:GID:member1,member2
# Example:
devops:x:1005:ali,gamal

/etc/gshadow — Contains group hashed passwords. Only readable by root.

Checking User Info

whoami              # Show the currently logged-in username
id username         # Show UID, GID, and all groups for a user
su - username       # Switch to another user (opens their shell with their environment)

su - (with the dash) loads the target user's full environment — their home directory, PATH, etc. Without the dash, you switch user but keep your current environment.

Creating Users

There are two commands to create users:

sudo adduser username    # Interactive — prompts for password, full name, etc.
                         # Creates home directory automatically
                         # Recommended for manual user creation

sudo useradd username    # Non-interactive — just creates the user entry
                         # Does NOT create home dir by default
                         # Use -m flag to create home: sudo useradd -m username
                         # Better for scripting/automation

Modifying Users

sudo usermod username -aG sudo    # Add user to the sudo group (grant admin privileges)
                                  # -a = append (don't remove from other groups)
                                  # -G = supplementary group

Important: Always use -aG together. Using -G alone will replace all the user's groups with only the one specified — you'd lose their existing group memberships.

Setting Passwords

sudo passwd username     # Set or change a user's password
                         # Prompts for the new password twice

Deleting Users

sudo userdel username       # Delete the user account only
                            # Home directory and files are kept

sudo userdel -r username    # Delete user AND their home directory + mail spool
                            # Use when you want a complete cleanup

Creating & Inspecting Groups

sudo groupadd devops          # Create a new group called "devops"
grep devops /etc/group        # Check if the group exists and see its members

Managing Group Members — gpasswd

gpasswd is the main tool for managing group membership:

sudo gpasswd devops -a username              # Add a single user to the group
sudo gpasswd devops -M user1,user2,user3     # Set the full member list (replaces existing!)
sudo gpasswd devops -d username              # Remove a user from the group

Warning about -M: This flag replaces the entire member list. If the group had 5 members and you run -M user1,user2, the other 3 are removed. Use -a to safely add one user at a time.

Modifying & Deleting Groups

sudo groupmod -n newname oldname    # Rename a group
sudo groupdel devops                # Delete a group
                                    # The group must NOT be the primary group of any user