DevOpsLesson
DevOpsLesson

Free, comprehensive DevOps tutorials and learning roadmaps. Master Docker, Kubernetes, CI/CD, and more.

Stay Updated

Get notified about new tutorials and features.

Tutorials

  • What is DevOps?
  • Docker Tutorial
  • Terraform Tutorial
  • CI/CD Pipeline
  • All Tutorials

Roadmaps

  • DevOps Engineer
  • Cloud Engineer
  • SRE Path
  • All Roadmaps

Company

  • About Us
  • Blog
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 DevOpsLesson. All rights reserved.

DOCKERKUBERNETESTERRAFORMAWSCI/CDLINUXGITDEVOPS ROADMAPCLOUD ROADMAPSRE ROADMAPGIT CHEATSHEETDOCKER CHEATSHEETK8S CHEATSHEETTF CHEATSHEETLINUX CHEATSHEETDOCKERFILE LINTERYAML VALIDATORCRON PARSERREGEX TESTER

Linux Tutorial

Introduction to Linux
Linux Filesystem
Linux Navigation
Linux File Operations
Linux Text Processing
Linux Permissions
Linux Users and Groups
Linux Process Management
Linux systemd Basics
Linux Networking
Linux Disk and Storage
Linux Bash Scripting
Linux Package Management
Linux Environment Variables
Linux Cron Jobs
Linux SSH Keys
Linux Firewall Basics
Linux Log Management
Linux Performance Monitoring and Troubleshooting

Linux Users and Groups

PreviousPrev
Next

Learn how Linux accounts and groups work, and how to manage users, passwords, sudo access, and account files.

Why User Management Matters

Linux is designed for multiple users. Even on a single server, different services, admins, and automation systems may run under different accounts. Good account management improves security, auditing, and operational safety.

Instead of giving every process full root access, Linux encourages controlled access through users, groups, and privilege escalation tools.

Core Identity Commands

Start with the commands that tell you who you are.

whoami
id

whoami prints your current username. id shows your numeric user ID, primary group, and supplementary groups.

Example output:

uid=1001(devops) gid=1001(devops) groups=1001(devops),27(sudo),998(docker)

This tells you not only the user name, but also what groups affect your permissions.

Creating and Removing Users

Use useradd to create a user account.

sudo useradd -m -s /bin/bash deploy

Common options:

  • -m creates the home directory
  • -s sets the login shell

Set a password with:

sudo passwd deploy

Remove a user with:

sudo userdel deploy
sudo userdel -r deploy

-r also removes the home directory.

Tip: Be careful with userdel -r because it removes the user’s home data too.

Modifying Users with usermod

usermod updates existing accounts.

sudo usermod -aG docker deploy
sudo usermod -s /bin/zsh deploy

The -aG combination appends the user to supplementary groups. This is important: using -G without -a can replace existing group memberships.

Working with Groups

Groups make permission management easier.

Create a group:

sudo groupadd developers

Add a user to it:

sudo usermod -aG developers deploy

Groups are useful when multiple users need access to the same application directories, logs, or deployment scripts.

sudo vs su

sudo

sudo runs a command with elevated privileges, typically as root.

sudo systemctl restart nginx
sudo cat /etc/shadow

It is preferred because it gives controlled, auditable elevation for specific commands.

su

su switches to another user account.

su - deploy
sudo su -

su - starts a full login shell for the target user.

In modern administration, sudo is usually favored over sharing the root password.

Important Account Files

/etc/passwd

/etc/passwd stores basic account information such as username, UID, GID, home directory, and login shell.

cat /etc/passwd

A sample entry looks like this:

deploy:x:1002:1002:Deployment User:/home/deploy:/bin/bash

/etc/shadow

/etc/shadow stores password hashes and password policy information.

sudo cat /etc/shadow

This file is restricted because password hashes are sensitive.

Note: /etc/passwd is readable by normal users on many systems, but /etc/shadow should be protected.

Managing Sudo Access

Sudo permissions are often configured through /etc/sudoers or files in /etc/sudoers.d/.

Always edit sudo rules with:

sudo visudo

visudo checks syntax before saving. That matters because a broken sudoers file can lock administrators out of privileged access.

A common pattern is group-based sudo access, such as allowing members of a sudo or wheel group to elevate privileges.

Real-World Scenarios

Granting Docker Access

A CI user needs to run Docker commands without typing sudo each time.

sudo usermod -aG docker ci-runner

The user may need to log out and back in before the new group membership applies.

Creating a Deployment Account

You might create a dedicated account that owns application files and runs deployment scripts.

sudo useradd -m -s /bin/bash deploy
sudo passwd deploy
sudo usermod -aG developers deploy

This keeps deployment activity separate from personal admin accounts.

Best Practices

  • avoid direct root logins when possible
  • prefer sudo over sharing root credentials
  • assign access through groups instead of one-off permission hacks
  • review /etc/passwd, /etc/shadow, and sudo rules carefully
  • use service accounts for applications and automation

Test Your Understanding

Let's see how well you understood the concepts! These exercises will help reinforce what you just learned.

Exercise 1: Preserving existing groups

Question: Why is usermod -aG docker deploy safer than using -G docker without -a?

Exercise

Exercise 1: Preserving existing groups

Choose why the append flag matters when modifying supplementary group membership.

Exercise 2: Distinguishing passwd and shadow

Question: Which file from the lesson stores password hashes and therefore needs tighter protection?

Exercise

Exercise 2: Distinguishing passwd and shadow

Identify which account file contains password hashes.

Exercise 3: Avoiding broken sudoers files

Question: What is the key reason to use visudo when changing sudo rules?

Exercise

Exercise 3: Avoiding broken sudoers files

Choose why visudo is the recommended editor for sudo configuration.

PreviousPrev
Next

Continue Learning

Linux File Operations

Learn how to create, copy, move, remove, link, and inspect files in Linux with safe, practical examples.

15 min·Easy

Linux Text Processing

Learn how to search, filter, transform, and count text in Linux using grep, awk, sed, cut, sort, uniq, wc, and pipes.

20 min·Medium

Linux Permissions

Understand Linux ownership, rwx permissions, octal notation, chmod, chown, special bits, and umask.

18 min·Medium

Explore Related Topics

Do

Docker Tutorials

Run and manage containers on Linux

Gi

Git Tutorials

Master Git version control on the command line

Try the Tool

Cron Parser

Parse and validate cron expressions with a visual schedule preview.

Regex Tester

Test and debug regular expressions used in Bash scripts and configs.

On This Page

Why User Management MattersCore Identity CommandsCreating and Removing UsersModifying Users with `usermod`Working with Groups`sudo` vs `su``sudo``su`Important Account Files`/etc/passwd``/etc/shadow`Managing Sudo AccessReal-World ScenariosGranting Docker AccessCreating a Deployment AccountBest PracticesTest Your UnderstandingExercise 1: Preserving existing groupsExercise 2: Distinguishing passwd and shadowExercise 3: Avoiding broken sudoers files