A Comprehensive Guide to User and Group Management in Unix-like Environments
User and Group Management stands as a fundamental pillar in the architecture of Unix-like operating systems, serving as a cornerstone for system security, resource allocation, and access control mechanisms. Rooted in the foundational principles of multi-user computing environments, effective user and group management facilitates the orchestration of diverse user identities, privileges, and permissions within a cohesive and structured framework.
Here are some commonly used commands and tools for managing users and groups:
User Commands:
useradd
useradd
is a command-line utility in Linux and Unix-like operating systems used to create new user accounts. It is a fundamental command for system administration and user management. The useradd
command is typically used by system administrators to add new users to the system, specifying various attributes and options such as the user’s home directory, default shell, and user ID.
Some commonly used options with
useradd
include:
Option | Description |
---|---|
-c <comment> |
Adds a comment or description for the user account. |
-d <home_dir> |
Specifies the home directory for the new user account. |
-e <date> |
Sets an expiration date for the user account. |
-g <group> |
Specifies the initial login group for the new user account. |
-G <groups> |
Specifies additional groups to which the new user account should belong. |
-m |
Creates the user’s home directory if it does not already exist. |
-M |
Disables the creation of the user’s home directory. |
-n |
Creates the user account without assigning a password. |
-r |
Creates a system user account (with a UID less than 1000). |
-s <shell> |
Specifies the login shell for the new user account. |
-u <UID> |
Specifies the numerical user ID (UID) for the new user account. |
-U |
Creates a group with the same name as the user (if it does not already exist). |
-Z <SElinux_user> |
Sets the SElinux user for the new user account. |
Here are examples for each
useradd
option with explanations:
-
-c <comment>
-
Example:
sudo useradd -c "John Doe" john
-
Explanation: This command creates a new user named
john
and adds the comment “John Doe” to the user’s account information.
-
Example:
-
-d <home_dir>
-
Example:
sudo useradd -d /home/john john
-
Explanation: This command creates a new user named
john
and specifies/home/john
as the home directory for this user.
-
Example:
-
-e <date>
-
Example:
sudo useradd -e 2024-12-31 john
-
Explanation: This command creates a new user named
john
with an expiration date set to December 31, 2024.
-
Example:
-
-g <group>
-
Example:
sudo useradd -g staff john
-
Explanation: This command creates a new user named
john
and assigns the initial login groupstaff
to this user.
-
Example:
-
-G <groups>
-
Example:
sudo useradd -G users,staff john
-
Explanation: This command creates a new user named
john
and adds the user to the additional groupsusers
andstaff
.
-
Example:
-
-m
-
Example:
sudo useradd -m john
-
Explanation: This command creates a new user named
john
and automatically creates the user’s home directory/home/john
if it does not already exist.
-
Example:
-
-M
-
Example:
sudo useradd -M john
-
Explanation: This command creates a new user named
john
without creating the user’s home directory.
-
Example:
-
-n
-
Example:
sudo useradd -n john
-
Explanation: This command creates a new user named
john
without assigning a password to the account.
-
Example:
-
-r
-
Example:
sudo useradd -r systemuser
-
Explanation: This command creates a new system user named
systemuser
with a UID less than 1000.
-
Example:
-
-s <shell>
-
Example:
sudo useradd -s /bin/bash john
-
Explanation: This command creates a new user named
john
and specifies/bin/bash
as the login shell for this user.
-
Example:
-
-u <UID>
-
Example:
sudo useradd -u 2001 john
-
Explanation: This command creates a new user named
john
with the numerical user ID (UID) set to 2001.
-
Example:
-
-U
-
Example:
sudo useradd -U john
-
Explanation: This command creates a new user named
john
and also creates a group with the same name as the user, if it does not already exist.
-
Example:
-
-Z <SElinux_user>
-
Example:
sudo useradd -Z staff_u john
-
Explanation: This command creates a new user named
john
and setsstaff_u
as the SElinux user for this account.
-
Example:
userdel
The userdel
command is a command-line utility in Linux and Unix-like operating systems used to delete user accounts. It is an essential tool for system administrators to manage user accounts and their associated files. The userdel
command removes the specified user account from the system, along with its home directory and mail spool (if applicable), but it does not remove the user’s home directory by default.
Some commonly used options with
userdel
include:
Option | Description |
---|---|
-f |
Forces the removal of the user account, even if the user is still logged in. |
-r |
Removes the user’s home directory and mail spool. |
-Z |
Removes any SElinux user mapping for the user. |
-h |
Displays help information about the userdel command. |
Here are examples for each
userdel
option with explanations:
-
-f
-
Example:
sudo userdel -f john
-
Explanation: This command forcefully removes the user account
john
, even if the user is currently logged in.
-
Example:
-
-r
-
Example:
sudo userdel -r john
-
Explanation: This command removes the user account
john
, as well as the user’s home directory and mail spool.
-
Example:
-
-Z
-
Example:
sudo userdel -Z john
-
Explanation: This command removes any SElinux user mapping associated with the user account
john
.
-
Example:
-
-h
-
Example:
userdel -h
-
Explanation: This command displays help information about the
userdel
command, showing a brief description of its options and usage.
-
Example:
usermod
The usermod
command is a versatile command-line utility in Linux and Unix-like operating systems used to modify or change user account attributes. It provides a convenient way for system administrators to manage and update user account settings without deleting and recreating the user account.
Some commonly used options with
usermod
include:
Option | Description |
---|---|
-aG <groups> |
Adds the user to additional groups without removing them from current groups. |
-c <comment> |
Adds or changes the comment or description for the user account. |
-d <home_dir> |
Changes the home directory for the user account. |
-e <date> |
Sets an expiration date for the user account. |
-g <group> |
Changes the initial login group for the user account. |
-G <groups> |
Sets the supplementary groups for the user account, replacing the current list. |
-l <new_name> |
Changes the username from the current username to new_name . |
-L |
Locks (disables) the user account. |
-s <shell> |
Changes the login shell for the user account. |
-u <UID> |
Changes the numerical user ID (UID) for the user account. |
-U |
Unlocks (enables) the user account. |
Here are examples for each
usermod
option with explanations:
-
-aG <groups>
-
Example:
sudo usermod -aG sudo,johns_group john
-
Explanation: This command adds the user
john
to the additional groupssudo
andjohns_group
without removing them from the current groups.
-
Example:
-
-c <comment>
-
Example:
sudo usermod -c "John Doe" john
-
Explanation: This command adds or changes the comment “John Doe” for the user account
john
.
-
Example:
-
-d <home_dir>
-
Example:
sudo usermod -d /home/new_home john
-
Explanation: This command changes the home directory for the user account
john
to/home/new_home
.
-
Example:
-
-e <date>
-
Example:
sudo usermod -e 2024-12-31 john
-
Explanation: This command sets an expiration date of December 31, 2024, for the user account
john
.
-
Example:
-
-g <group>
-
Example:
sudo usermod -g new_group john
-
Explanation: This command changes the initial login group for the user account
john
tonew_group
.
-
Example:
-
-G <groups>
-
Example:
sudo usermod -G users,staff john
-
Explanation: This command sets the supplementary groups for the user account
john
tousers
andstaff
, replacing the current list of supplementary groups.
-
Example:
-
-l <new_name>
-
Example:
sudo usermod -l new_username john
-
Explanation: This command changes the username of
john
tonew_username
.
-
Example:
-
-L
-
Example:
sudo usermod -L john
-
Explanation: This command locks (disables) the user account
john
, preventing the user from logging in.
-
Example:
-
-s <shell>
-
Example:
sudo usermod -s /bin/bash john
-
Explanation: This command changes the login shell for the user account
john
to/bin/bash
.
-
Example:
-
-u <UID>
-
Example:
sudo usermod -u 2001 john
-
Explanation: This command changes the numerical user ID (UID) for the user account
john
to 2001.
-
Example:
-
-U
-
Example:
sudo usermod -U john
-
Explanation: This command unlocks (enables) the user account
john
, allowing the user to log in.
-
Example:
passwd
The passwd
command is a command-line utility in Linux and Unix-like operating systems used to change or set the password for a user account. It is an essential tool for system administrators and individual users to manage and maintain the security of user accounts.
Some commonly used options with
passwd
include:
Option | Description |
---|---|
-a |
Displays the status of all password entries in /etc/passwd and /etc/shadow . |
-d <user> |
Deletes the password for the specified user account. |
-e <user> |
Expires the password for the specified user account, forcing the user to change it upon next login. |
-l <user> |
Locks (disables) the password for the specified user account. |
-u <user> |
Unlocks (enables) the password for the specified user account. |
-S |
Displays the password status for the current user. |
-g |
Specifies the group to which the password should be changed (for root only). |
-r <repository> |
Specifies the NSS (Name Service Switch) backend to use for user and group information. |
-s |
Changes the user’s login shell. |
-w |
Changes the password for the specified user account without prompting for the old password. |
-i |
Specifies the number of days after which the password must be changed. |
-n |
Specifies the minimum number of days before the password can be changed. |
-x |
Specifies the maximum number of days the password is valid. |
-y |
Specifies the number of days before the password expiration date to warn the user. |
-Q |
Exits with a status code indicating the password status for the specified user (0 = valid, 1 = invalid). |
Here are examples for each
passwd
option with explanations:
-
-a
-
Example:
sudo passwd -a
-
Explanation: This command displays the status of all password entries in
/etc/passwd
and/etc/shadow
.
-
Example:
-
-d <user>
-
Example:
sudo passwd -d john
-
Explanation: This command deletes the password for the user account
john
, making it a passwordless account.
-
Example:
-
-e <user>
-
Example:
sudo passwd -e john
-
Explanation: This command expires the password for the user account
john
, forcing the user to change it upon the next login.
-
Example:
-
-l <user>
-
Example:
sudo passwd -l john
-
Explanation: This command locks (disables) the password for the user account
john
, preventing the user from logging in.
-
Example:
-
-u <user>
-
Example:
sudo passwd -u john
-
Explanation: This command unlocks (enables) the password for the user account
john
, allowing the user to log in.
-
Example:
-
-S
-
Example:
passwd -S
- Explanation: This command displays the password status for the current user.
-
Example:
-
-g
-
Example:
sudo passwd -g
- Explanation: This command specifies the group to which the password should be changed. This option is typically used by the root user.
-
Example:
-
-r <repository>
-
Example:
sudo passwd -r files john
-
Explanation: This command specifies the NSS (Name Service Switch) backend
files
to use for user and group information when changing the password for the user accountjohn
.
-
Example:
-
-s
-
Example:
sudo passwd -s john
-
Explanation: This command changes the login shell for the user account
john
.
-
Example:
-
-w
-
Example:
sudo passwd -w password john
-
Explanation: This command changes the password for the user account
john
topassword
without prompting for the old password.
-
Example:
-
-i
-
Example:
sudo passwd -i 30 john
-
Explanation: This command specifies that the password for the user account
john
must be changed after 30 days.
-
Example:
-
-n
-
Example:
sudo passwd -n 7 john
-
Explanation: This command specifies that the password for the user account
john
cannot be changed within the first 7 days after the last password change.
-
Example:
-
-x
-
Example:
sudo passwd -x 90 john
-
Explanation: This command specifies that the password for the user account
john
is valid for a maximum of 90 days.
-
Example:
-
-y
-
Example:
sudo passwd -y 7 john
-
Explanation: This command specifies that the user
john
should be warned 7 days before the password expires.
-
Example:
-
-Q
-
Example:
passwd -Q john
-
Explanation: This command exits with a status code indicating the password status for the user account
john
(0 = valid, 1 = invalid).
-
Example:
Group Commands:
groupadd
The groupadd
command is a command-line utility in Linux and Unix-like operating systems used to create new group accounts. It is a fundamental tool for system administrators to manage group permissions and group memberships.
Some commonly used options with
groupadd
include:
Option | Description |
---|---|
-f |
Forces the creation of the group, even if it already exists. |
-g <GID> |
Specifies the numerical group ID (GID) for the new group. |
-h |
Displays help information about the groupadd command. |
-K <key=value> |
Overrides /etc/login.defs defaults (may be used multiple times). |
-o |
Allows the creation of a group with a non-unique GID. |
-p <password> |
Sets the password for the new group (encrypted). |
-r |
Creates a system group (with a GID less than 1000). |
-R <chroot_dir> |
Uses |
Here are examples for each
groupadd
option with explanations:
-
-f
-
Example:
sudo groupadd -f newgroup
-
Explanation: This command forces the creation of the group
newgroup
, even if it already exists.
-
Example:
-
-g <GID>
-
Example:
sudo groupadd -g 2001 newgroup
-
Explanation: This command specifies the numerical group ID (GID) of 2001 for the new group
newgroup
.
-
Example:
-
-h
-
Example:
groupadd -h
-
Explanation: This command displays help information about the
groupadd
command, providing a brief description of its options and usage.
-
Example:
-
-K <key=value>
-
Example:
sudo groupadd -K GID_MIN=1000 newgroup
-
Explanation: This command overrides the default minimum GID value defined in
/etc/login.defs
and creates the groupnewgroup
with a GID of 1000 or higher.
-
Example:
-
-o
-
Example:
sudo groupadd -o newgroup
-
Explanation: This command allows the creation of a group
newgroup
with a non-unique GID, meaning the GID can already exist.
-
Example:
-
-p <password>
-
Example:
sudo groupadd -p password newgroup
-
Explanation: This command sets the encrypted password
password
for the new groupnewgroup
.
-
Example:
-
-r
-
Example:
sudo groupadd -r systemgroup
-
Explanation: This command creates a system group
systemgroup
with a GID less than 1000.
-
Example:
-
-R <chroot_dir>
-
Example:
sudo groupadd -R /home/chroot newgroup
-
Explanation: This command uses
/home/chroot
as the directory tree for thegroupadd
command, creating the groupnewgroup
within this chroot environment.
-
Example:
groupdel
The groupdel
command is a command-line utility in Linux and Unix-like operating systems used to delete group accounts. It is an essential tool for system administrators to manage and remove unnecessary or obsolete group accounts.
Some commonly used options with
groupdel
include:
Option | Description |
---|---|
-h |
Displays help information about the groupdel command. |
-f |
Forces the removal of the group, even if it still contains members. |
-R <chroot_dir> |
Uses |
Here are examples for each
groupdel
option with explanations:
-
-h
-
Example:
groupdel -h
-
Explanation: This command displays help information about the
groupdel
command, providing a brief description of its options and usage.
-
Example:
-
-f
-
Example:
sudo groupdel -f oldgroup
-
Explanation: This command forces the removal of the group
oldgroup
, even if it still contains members.
-
Example:
-
-R <chroot_dir>
-
Example:
sudo groupdel -R /home/chroot oldgroup
-
Explanation: This command uses
/home/chroot
as the directory tree for thegroupdel
command, removing the groupoldgroup
within this chroot environment.
-
Example:
groupmod
The groupmod
command is a command-line utility in Linux and Unix-like operating systems used to modify or change group account attributes. It provides a convenient way for system administrators to manage and update group settings without deleting and recreating the group.
Some commonly used options with
groupmod
include:
Option | Description |
---|---|
-g <GID> |
Change the group ID to <GID> . |
-h |
Display help message and exit. |
-n <new_name> |
Change the name of the group to <new_name> . |
-o |
Allow the group ID to be a non-unique value. |
-p <password> |
Use the encrypted password <password> for the new group. |
Here are examples for each
groupmod
option with explanations:
-
-g <GID>
-
Example:
sudo groupmod -g 2001 oldgroup
-
Explanation: This command changes the group ID of
oldgroup
to 2001.
-
Example:
-
-h
-
Example:
groupmod -h
-
Explanation: This command displays help information about the
groupmod
command, providing a brief description of its options and usage.
-
Example:
-
-n <new_name>
-
Example:
sudo groupmod -n newgroup oldgroup
-
Explanation: This command changes the name of the group
oldgroup
tonewgroup
.
-
Example:
-
-o
-
Example:
sudo groupmod -o oldgroup
-
Explanation: This command allows the group ID of
oldgroup
to be a non-unique value.
-
Example:
-
-p <password>
-
Example:
sudo groupmod -p password oldgroup
-
Explanation: This command sets the encrypted password
password
for the groupoldgroup
.
-
Example:
gpasswd
The gpasswd
command is a command-line utility in Linux and Unix-like operating systems used to administer the /etc/group
file and the /etc/gshadow
file, which store group account information and group passwords, respectively. It provides a convenient way for system administrators to manage group memberships and group passwords.
Some commonly used options with
gpasswd
include:
Option | Description |
---|---|
-a <username> |
Adds a user to the specified group. |
-d <username> |
Removes a user from the specified group. |
-h |
Displays help information about the gpasswd command. |
-M <users> |
Sets the members of the group, replacing the current list. |
-r |
Removes the password from the specified group. |
-R <repository> |
Sets the location of the group information (e.g., LDAP). |
Here are examples for each
gpasswd
option with explanations:
-
-a <username>
-
Example:
sudo gpasswd -a john newgroup
-
Explanation: This command adds the user
john
to the groupnewgroup
.
-
Example:
-
-d <username>
-
Example:
sudo gpasswd -d john oldgroup
-
Explanation: This command removes the user
john
from the groupoldgroup
.
-
Example:
-
-h
-
Example:
gpasswd -h
-
Explanation: This command displays help information about the
gpasswd
command, providing a brief description of its options and usage.
-
Example:
-
-M <users>
-
Example:
sudo gpasswd -M alice,bob newgroup
-
Explanation: This command sets the members of the group
newgroup
toalice
andbob
, replacing the current list of members.
-
Example:
-
-r
-
Example:
sudo gpasswd -r newgroup
-
Explanation: This command removes the password from the group
newgroup
.
-
Example:
-
-R <repository>
-
Example:
sudo gpasswd -R ldap oldgroup
-
Explanation: This command sets the location of the group information to
ldap
for the groupoldgroup
.
-
Example:
Management Commands:
id
The id
command is a command-line utility in Linux and Unix-like operating systems used to display the user and group IDs (UID and GID) along with the associated group names for the current user or a specified username.
Some commonly used options with
id
include:
Option | Description |
---|---|
-g |
Displays the effective group ID (GID) of the user. |
-G |
Displays all group IDs (GIDs) to which the user belongs, including the effective GID. |
-h |
Displays help information about the id command. |
-u |
Displays the effective user ID (UID) of the user. |
-n |
Displays the name of the user and all groups to which the user belongs, separated by spaces. |
-r |
Displays the real (not effective) user ID (UID) and group ID (GID). |
-Z |
Displays the security context (SElinux user and role) of the user. |
Here are examples for each
id
option with explanations:
-
-g
-
Example:
id -g
- Explanation: This command displays the effective group ID (GID) of the current user.
-
Example:
-
-G
-
Example:
id -G
- Explanation: This command displays all group IDs (GIDs) to which the current user belongs, including the effective GID.
-
Example:
-
-h
-
Example:
id -h
-
Explanation: This command displays help information about the
id
command, providing a brief description of its options and usage.
-
Example:
-
-u
-
Example:
id -u
- Explanation: This command displays the effective user ID (UID) of the current user.
-
Example:
-
-n
-
Example:
id -n
- Explanation: This command displays the name of the current user and all groups to which the user belongs, separated by spaces.
-
Example:
-
-r
-
Example:
id -r
- Explanation: This command displays the real (not effective) user ID (UID) and group ID (GID) of the current user.
-
Example:
-
-Z
-
Example:
id -Z
- Explanation: This command displays the security context, including the SElinux user and role, of the current user.
-
Example:
getent
The getent
command is a command-line utility in Linux and Unix-like operating systems used to retrieve entries from databases supported by the Name Service Switch (NSS) libraries. It allows you to query various databases, such as /etc/passwd
, /etc/group
, /etc/hosts
, and more, from the command line.
Some commonly used databases with
getent
include:
Option | Description |
---|---|
ahosts |
Retrieves the host names associated with the specified IP address. |
ahostsv4 |
Retrieves the IPv4 host names associated with the specified IP address. |
ahostsv6 |
Retrieves the IPv6 host names associated with the specified IP address. |
aliases |
Retrieves the alias names defined in the specified database. |
ethers |
Retrieves the Ethernet address and hostname pairs. |
group |
Retrieves the group entries from the group database. |
gshadow |
Retrieves the secure group database entries. |
hosts |
Retrieves the host names and IP addresses. |
netgroup |
Retrieves the netgroup entries. |
networks |
Retrieves the network names and addresses. |
passwd |
Retrieves the user account information. |
protocols |
Retrieves the network protocols. |
publickey |
Retrieves the public keys for user-based authentication. |
rpc |
Retrieves the remote procedure call names and numbers. |
services |
Retrieves the service names and port numbers. |
shadow |
Retrieves the secure user account information. |
Here are examples for each
getent
option with explanations:
-
ahosts
-
Example:
getent ahosts 8.8.8.8
-
Explanation: This command retrieves the host names associated with the specified IPv4 address
8.8.8.8
.
-
Example:
-
ahostsv4
-
Example:
getent ahostsv4 www.google.com
-
Explanation: This command retrieves the IPv4 host names associated with the specified host name
www.google.com
.
-
Example:
-
ahostsv6
-
Example:
getent ahostsv6 www.google.com
-
Explanation: This command retrieves the IPv6 host names associated with the specified host name
www.google.com
.
-
Example:
-
aliases
-
Example:
getent aliases
- Explanation: This command retrieves the alias names defined in the alias database.
-
Example:
-
ethers
-
Example:
getent ethers
- Explanation: This command retrieves the Ethernet address and hostname pairs.
-
Example:
-
group
-
Example:
getent group
- Explanation: This command retrieves the group entries from the group database.
-
Example:
-
gshadow
-
Example:
getent gshadow
- Explanation: This command retrieves the secure group database entries.
-
Example:
-
hosts
-
Example:
getent hosts www.google.com
-
Explanation: This command retrieves the host names and IP addresses associated with the specified host name
www.google.com
.
-
Example:
-
netgroup
-
Example:
getent netgroup
- Explanation: This command retrieves the netgroup entries.
-
Example:
-
networks
-
Example:
getent networks
- Explanation: This command retrieves the network names and addresses.
-
Example:
-
passwd
-
Example:
getent passwd
- Explanation: This command retrieves the user account information.
-
Example:
-
protocols
-
Example:
getent protocols
- Explanation: This command retrieves the network protocols.
-
Example:
-
publickey
-
Example:
getent publickey john
-
Explanation: This command retrieves the public keys for user
john
for user-based authentication.
-
Example:
-
rpc
-
Example:
getent rpc
- Explanation: This command retrieves the remote procedure call names and numbers.
-
Example:
-
services
-
Example:
getent services
- Explanation: This command retrieves the service names and port numbers.
-
Example:
-
shadow
-
Example:
getent shadow
- Explanation: This command retrieves the secure user account information.
-
Example:
sudo
The sudo
command is a powerful command-line utility in Linux and Unix-like operating systems that allows users to run programs with the security privileges of another user, by default the superuser (root). It stands for “superuser do” or “switch user and do”.
Some commonly used options with
sudo
include:
Option | Description |
---|---|
-h |
Displays help information about the sudo command. |
-i |
Starts a new login shell with the root user’s environment variables. |
-l |
Lists the commands allowed by the user in the sudoers file. |
-S |
Reads the password from standard input, allowing for scripting. |
-u <username> |
Executes the command as the specified user instead of root . |
-v |
Updates the user’s time stamp, asking for the password if necessary. |
Here are examples for each
sudo
option with explanations:
-
-h
-
Example:
sudo -h
-
Explanation: This command displays help information about the
sudo
command, providing a brief description of its options and usage.
-
Example:
-
-i
-
Example:
sudo -i
-
Explanation: This command starts a new login shell with the
root
user’s environment variables.
-
Example:
-
-l
-
Example:
sudo -l
- Explanation: This command lists the commands allowed by the current user in the sudoers file.
-
Example:
-
-S
-
Example:
echo "password" | sudo -S command
-
Explanation: This command reads the password from standard input, allowing for scripting. In this example, the password is provided through the
echo
command.
-
Example:
-
-u <username>
-
Example:
sudo -u john whoami
-
Explanation: This command executes the
whoami
command as the userjohn
instead ofroot
, displaying the current username.
-
Example:
-
-v
-
Example:
sudo -v
- Explanation: This command updates the user’s time stamp, asking for the password if necessary, and keeps the sudo session alive for the next 5 minutes by default (this can be configured).
-
Example:
su
The su
command is a command-line utility in Linux and Unix-like operating systems used to switch to another user account, typically the superuser (root). The name su stands for “switch user” or “substitute user.”
Some commonly used options with
su
include:
Option | Description |
---|---|
- |
Starts a login shell with the new user’s environment variables. |
-c <command> |
Executes the specified command as the new user, without starting a login shell. |
-h |
Displays help information about the su command. |
-l |
Starts a login shell with the new user’s environment variables. |
-m |
Simulates a full login, similar to -l . |
-p |
Preserves the new user’s environment variables when executing the command. |
-s <shell> |
Changes the shell used for the new user session. |
-u <username> |
Specifies the username of the user account to switch to. |
Here are examples for each
su
option with explanations:
-
-
-
Example:
su - john
-
Explanation: This command starts a login shell with the
john
user’s environment variables.
-
Example:
-
-c <command>
-
Example:
su -c "whoami" john
-
Explanation: This command executes the
whoami
command as thejohn
user, without starting a login shell, and displays the current username.
-
Example:
-
-h
-
Example:
su -h
-
Explanation: This command displays help information about the
su
command, providing a brief description of its options and usage.
-
Example:
-
-l
-
Example:
su -l john
-
Explanation: This command starts a login shell with the
john
user’s environment variables.
-
Example:
-
-m
-
Example:
su -m john
-
Explanation: This command simulates a full login for the
john
user, similar to using-l
.
-
Example:
-
-p
-
Example:
su -p john
-
Explanation: This command preserves the
john
user’s environment variables when executing the command.
-
Example:
-
-s <shell>
-
Example:
su -s /bin/bash john
-
Explanation: This command changes the shell used for the
john
user session to/bin/bash
.
-
Example:
-
-u <username>
-
Example:
su -u john
-
Explanation: This command specifies the username
john
of the user account to switch to.
-
Example:
visudo
The visudo
command is a command-line utility in Linux and Unix-like operating systems used to edit and manage the /etc/sudoers
file safely. The /etc/sudoers
file is the configuration file for the sudo command, which determines which users and groups are allowed to execute which commands as the superuser (root).
When you run visudo
, it opens the /etc/sudoers
file in a safe manner, preventing multiple administrators from editing the file simultaneously and avoiding the risk of corrupting the file. The visudo
command uses the vi text editor by default, but you can change the default editor by setting the EDITOR
or VISUAL
environment variable.
For example, to edit the /etc/sudoers
file using the nano text editor, you can use:
1
VISUAL=nano visudo
Or you can set the EDITOR
environment variable and then use visudo:
1
2
export EDITOR=nano
visudo
It’s important to note that making incorrect changes to the /etc/sudoers
file can potentially lock you out of your system, so it’s crucial to use visudo to edit the file to ensure that the syntax is correct.
The /etc/sudoers
file consists of user specifications, which define which users and groups are allowed to run which commands with sudo
. The visudo
utility provides syntax checking and locks the /etc/sudoers
file to prevent simultaneous edits, making it a safer way to edit the sudo
configuration.
Some commonly used options with
visudo
include:
Option | Description |
---|---|
-c |
Check the syntax of the sudoers file before saving changes. |
-f <file> |
Specify an alternate sudoers file to edit. |
-h |
Displays help information about the visudo command. |
-s |
Edit the sudoers file using the specified editor (defaults to vi). |
-V |
Display the version of visudo and exit. |
Here are examples for each
visudo
option with explanations:
-
-c
-
Example:
visudo -c
- Explanation: This command checks the syntax of the sudoers file for any errors before saving changes.
-
Example:
-
-f <file>
-
Example:
visudo -f /etc/sudoers.d/custom
-
Explanation: This command specifies the alternate sudoers file
/etc/sudoers.d/custom
to edit withvisudo
.
-
Example:
-
-h
-
Example:
visudo -h
-
Explanation: This command displays help information about the
visudo
command, providing a brief description of its options and usage.
-
Example:
-
-s
-
Example:
visudo -s
- Explanation: This command opens the sudoers file for editing using the specified editor (defaults to vi).
-
Example:
-
-V
-
Example:
visudo -V
-
Explanation: This command displays the version of
visudo
and then exits.
-
Example:
vipw
The vipw
command is a command-line utility in Linux and Unix-like operating systems used to edit the /etc/passwd
and /etc/shadow
files safely. The /etc/passwd
file contains user account information, and the /etc/shadow
file contains the encrypted passwords for user accounts. When you run vipw
, it opens the /etc/passwd
and /etc/shadow
files in a safe manner, preventing multiple administrators from editing the files simultaneously and avoiding the risk of corrupting the files.
Some commonly used options with
vipw
include:
Option | Description |
---|---|
-h |
Displays help information about the vipw command. |
-g |
Edit the /etc/group file instead of the /etc/passwd file. |
-p |
Edit the /etc/passwd file using the specified editor (defaults to vi). |
-s |
Edit the /etc/shadow file instead of the /etc/passwd file. |
Here are examples for each
vipw
option with explanations:
-
-h
-
Example:
vipw -h
-
Explanation: This command displays help information about the
vipw
command, providing a brief description of its options and usage.
-
Example:
-
-g
-
Example:
vipw -g
-
Explanation: This command edits the
/etc/group
file instead of the default/etc/passwd
file.
-
Example:
-
-p
-
Example:
vipw -p
-
Explanation: This command opens the
/etc/passwd
file for editing using the specified editor (defaults to vi).
-
Example:
-
-s
-
Example:
vipw -s
-
Explanation: This command edits the
/etc/shadow
file instead of the default/etc/passwd
file.
-
Example:
chage
The chage
command is a command-line utility in Linux and Unix-like operating systems used to change the password expiry information for a user account. It allows system administrators to set or modify the password expiry dates, the date of the last password change, the minimum password age, and other password-related policies for user accounts.
Some commonly used options with
chage
include:
Option | Description |
---|---|
-d <date> |
Sets the last password change date to the specified date (in YYYY-MM-DD format). |
-E <date> |
Sets the account expiration date to the specified date (in YYYY-MM-DD format). |
-h |
Displays help information about the chage command. |
-I <date> |
Sets the password inactive period to the specified date (in YYYY-MM-DD format). |
-l |
Displays the current aging information for the user account. |
-m <days> |
Sets the minimum number of days between password changes to the specified value. |
-M <days> |
Sets the maximum number of days the password is valid to the specified value. |
-W <days> |
Sets the number of days before password expiration that the user is warned. |
Here are examples for each
chage
option with explanations:
-
-d <date>
-
Example:
sudo chage -d 2022-01-01 username
-
Explanation: This command sets the last password change date for the user
username
to January 1, 2022.
-
Example:
-
-E <date>
-
Example:
sudo chage -E 2025-12-31 username
-
Explanation: This command sets the account expiration date for the user
username
to December 31, 2025.
-
Example:
-
-h
-
Example:
chage -h
-
Explanation: This command displays help information about the
chage
command, providing a brief description of its options and usage.
-
Example:
-
-I <date>
-
Example:
sudo chage -I 30 username
-
Explanation: This command sets the password inactive period for the user
username
to 30 days.
-
Example:
-
-l
-
Example:
chage -l username
-
Explanation: This command displays the current aging information for the user account
username
.
-
Example:
-
-m <days>
-
Example:
sudo chage -m 7 username
-
Explanation: This command sets the minimum number of days between password changes for the user
username
to 7 days.
-
Example:
-
-M <days>
-
Example:
sudo chage -M 90 username
-
Explanation: This command sets the maximum number of days the password is valid for the user
username
to 90 days.
-
Example:
-
-W <days>
-
Example:
sudo chage -W 7 username
-
Explanation: This command sets the number of days before password expiration that the user
username
is warned to 7 days.
-
Example:
groups
The groups
command is a command-line utility in Linux and Unix-like operating systems used to display the groups
to which a user belongs. It shows a list of all the groups
that a specified user is a member of, including the user’s primary group and any secondary groups
.
Some commonly used options with
groups
include:
Option | Description |
---|---|
-h |
Displays help information about the groups command. |
-v |
Displays the process’s effective group IDs (GIDs) in numerical form. |
<username> |
Specifies the username for which to display group memberships. If not specified, uses the current user. |
Here are examples for each
groups
option with explanations:
-
-h
-
Example:
groups -h
-
Explanation: This command displays help information about the
groups
command, providing a brief description of its options and usage.
-
Example:
-
-v
-
Example:
groups -v
- Explanation: This command displays the process’s effective group IDs (GIDs) in numerical form.
-
Example:
-
<username>
-
Example:
groups john
-
Explanation: This command displays the group memberships for the user
john
. If the username is not specified, thegroups
command will display group memberships for the current user.
-
Example:
grpck
The grpck
command is a command-line utility in Linux and Unix-like operating systems used to verify the integrity and consistency of the /etc/group
file and its associated /etc/gshadow
file. The /etc/group
file contains group account information, and the /etc/gshadow
file contains the encrypted group passwords and other secure group account information.
Some commonly used options with
grpck
include:
Option | Description |
---|---|
-h |
Displays help information about the grpck command. |
-r |
Fixes any detected errors automatically. |
-s |
Displays a summary of the verification process. |
Here are examples for each
grpck
option with explanations:
-
-h
-
Example:
grpck -h
-
Explanation: This command displays help information about the
grpck
command, providing a brief description of its options and usage.
-
Example:
-
-r
-
Example:
grpck -r
- Explanation: This command automatically fixes any detected errors in the group database.
-
Example:
-
-s
-
Example:
grpck -s
- Explanation: This command displays a summary of the verification process of the group database.
-
Example:
sg
The sg
command is a command-line utility in Linux and Unix-like operating systems used to execute a command as another group. It allows users to run commands with the privileges of a different group, rather than switching to another user account.
Some commonly used options with
sg
include:
Option | Description |
---|---|
- |
Simulates a login shell with the group ID of the specified group. |
[group] |
Specifies the group name or GID to use. |
[-c command] |
Specifies the command to be executed with the new group ID. |
Here are examples for each
sg
option with explanations:
-
-
-
Command:
sg - groupname
-
Explanation: This command simulates a login shell with the group ID set to
groupname
.
-
Command:
-
[group]
-
Command:
sg groupname
-
Explanation: This command starts a new shell with the group ID set to
groupname
.
-
Command:
-
[-c command]
-
Command:
sg groupname -c "ls -l"
-
Explanation: This command executes the
ls -l
command with the group ID set togroupname
.
-
Command:
newgrp
The newgrp
command is a command-line utility in Linux and Unix-like operating systems used to change the current group ID during a login session. It allows users to switch to another group and obtain the group permissions of that group without logging out and logging back in again.
Some commonly used options with
newgrp
include:
Option | Description |
---|---|
- |
Starts a new login shell with the new group’s environment variables. |
-h |
Displays help information about the newgrp command. |
Here are examples for each
newgrp
option with explanations:
-
-
-
Example:
newgrp - groupname
-
Explanation: This command starts a new login shell with the environment variables of the specified group
groupname
.
-
Example:
-
-h
-
Example:
newgrp -h
-
Explanation: This command displays help information about the
newgrp
command, providing a brief description of its options and usage.
-
Example:
chgrp
The chgrp
command is a command-line utility in Linux and Unix-like operating systems used to change the group ownership of files and directories. It allows users to set or modify the group ownership of a file or directory to a specified group.
Some commonly used options with
chgrp
include:
Option | Description |
---|---|
-c, --changes |
Report only when a change is made. |
-f, --silent, --quiet |
Suppress most error messages. |
-v, --verbose |
Output a diagnostic for every file processed. |
--dereference |
Affect the referent of each symbolic link (default). |
-h, --no-dereference |
Affect symbolic links instead of any referenced file (useful only on systems that can change the ownership of a symlink). |
--no-preserve-root |
Do not treat ‘/’ specially (the default). |
--preserve-root |
Fail to operate recursively on ‘/’. |
--reference=RFILE |
Use RFILE’s group rather than specifying a GROUP value. |
-R, --recursive |
Operate on files and directories recursively. |
-H |
If a command line argument is a symbolic link to a directory, traverse it. |
-L |
Traverse every symbolic link to a directory encountered. |
-P |
Do not traverse any symbolic links (default). |
--help |
Display help and exit. |
--version |
Output version information and exit. |
Here are examples for each
chgrp
option with explanations:
-
-c, --changes
-
Command:
chgrp -c groupname filename
-
Explanation: This command changes the group ownership of
filename
togroupname
and reports only when a change is made.
-
Command:
-
-f, --silent, --quiet
-
Command:
chgrp -f groupname filename
-
Explanation: This command changes the group ownership of
filename
togroupname
and suppresses most error messages.
-
Command:
-
-v, --verbose
-
Command:
chgrp -v groupname filename
-
Explanation: This command changes the group ownership of
filename
togroupname
and outputs a diagnostic for every file processed.
-
Command:
-
--dereference
-
Command:
chgrp --dereference groupname symlink
-
Explanation: This command changes the group ownership of the referent of
symlink
togroupname
(the default behavior).
-
Command:
-
-h, --no-dereference
-
Command:
chgrp -h groupname symlink
-
Explanation: This command changes the group ownership of
symlink
itself togroupname
(useful on systems that can change the ownership of a symlink).
-
Command:
-
--no-preserve-root
-
Command:
chgrp --no-preserve-root groupname /path/to/directory
-
Explanation: This command changes the group ownership of
/path/to/directory
togroupname
without treating ‘/’ specially (the default).
-
Command:
-
--preserve-root
-
Command:
chgrp --preserve-root groupname /
- Explanation: This command fails to operate recursively on ‘/’.
-
Command:
-
--reference=RFILE
-
Command:
chgrp --reference=referencefile targetfile
-
Explanation: This command changes the group ownership of
targetfile
to match that ofreferencefile
.
-
Command:
-
-R, --recursive
-
Command:
chgrp -R groupname directory
-
Explanation: This command changes the group ownership of
directory
and its contents recursively togroupname
.
-
Command:
-
-H
-
Command:
chgrp -RH groupname symlink_directory
-
Explanation: This command changes the group ownership of
symlink_directory
and any symbolic links to directories it points to, recursively.
-
Command:
-
-L
-
Command:
chgrp -RL groupname symlink_directory
-
Explanation: This command changes the group ownership of
symlink_directory
and every symbolic link it points to, recursively.
-
Command:
-
-P
-
Command:
chgrp -RP groupname directory
-
Explanation: This command changes the group ownership of
directory
without traversing any symbolic links.
-
Command:
-
--help
-
Command:
chgrp --help
-
Explanation: This command displays help information about the
chgrp
command.
-
Command:
-
--version
-
Command:
chgrp --version
-
Explanation: This command outputs version information about
chgrp
.
-
Command:
groupmems
The groupmems
command is a command-line utility in Linux and Unix-like operating systems used to manage the members of a group. It allows users to add or remove members from a group without editing the /etc/group
file manually.
Some commonly used options with
groupmems
include:
Option | Description |
---|---|
-a |
Adds a user to the specified group. |
-d |
Deletes a user from the specified group. |
-h |
Displays help information about the groupmems command. |
-g |
Specifies the group to administer. |
-l |
Lists the members of the specified group. |
-p |
purge all members from the group |
Here are examples for each
groupmems
option with explanations:
-
-a
-
Command:
groupmems -a username -g groupname
-
Explanation: This command adds the user
username
to the groupgroupname
.
-
Command:
-
-d
-
Command:
groupmems -d username -g groupname
-
Explanation: This command deletes the user
username
from the groupgroupname
.
-
Command:
-
-h
-
Command:
groupmems -h
-
Explanation: This command displays help information about the
groupmems
command, providing a brief description of its options and usage.
-
Command:
-
-g
-
Command:
groupmems -g groupname
-
Explanation: This command specifies the group
groupname
to administer.
-
Command:
-
-l
-
Command:
groupmems -l -g groupname
-
Explanation: This command lists the members of the group
groupname
.
-
Command:
-
-p
-
Command:
groupmems -p password -g groupname
-
Explanation: This command removes all members from the group
groupname
.
-
Command:
vigr
The vigr
command is a command-line utility in Linux and Unix-like operating systems used to edit the /etc/group
and /etc/gshadow
files safely. The /etc/group
file contains group account information, and the /etc/gshadow
file contains the encrypted group passwords and other secure group account information.
When you run vigr
, it opens the /etc/group
and /etc/gshadow
files in a safe manner, preventing multiple administrators from editing the files simultaneously and avoiding the risk of corrupting the files. The vigr
command uses the vi text editor by default, but you can change the default editor by setting the EDITOR
or VISUAL
environment variable.
It’s important to note that making incorrect changes to the /etc/group
and /etc/gshadow
files can potentially lock you out of your system or cause other issues, so it’s crucial to use vigr
to edit the files to ensure that the syntax is correct.
Some commonly used options with
vigr
include:
Option | Description |
---|---|
-g, --group |
edit group database |
-h, --help |
display this help message and exit |
-p, --passwd |
edit passwd database |
-q, --quiet |
quiet mode |
-R, --root CHROOT_DIR |
directory to chroot into |
-s, --shadow |
edit shadow or gshadow database |
Here are examples for each
vigr
option with explanations:
-
-g, --group
-
Example:
vigr -g
-
Explanation: This command opens the
/etc/group
file for editing using thevi
editor.
-
Example:
-
-h, --help
-
Example:
vigr -h
-
Explanation: This command displays help information about the
vigr
command, providing a brief description of its options and usage.
-
Example:
-
-p, --passwd
-
Example:
vigr -p
-
Explanation: This command opens the
/etc/passwd
file for editing using thevi
editor.
-
Example:
-
-q, --quiet
-
Example:
vigr -q
-
Explanation: This command runs
vigr
in quiet mode, which suppresses all normal output.
-
Example:
-
-R, --root CHROOT_DIR
-
Example:
vigr -R /mnt/chroot
-
Explanation: This command sets the directory
/mnt/chroot
as the directory to chroot into before editing the database.
-
Example:
-
-s, --shadow
-
Example:
vigr -s
-
Explanation: This command opens the
/etc/shadow
file for editing using thevi
editor.
-
Example:
whoami
The whoami
command does not have any options to provide examples for. It simply displays the username of the current user.
-
whoami
-
Command:
whoami
-
Output:
username
- Explanation: This command displays the username of the current user.
-
Command:
W or w
The w
command is a command-line utility in Linux and Unix-like operating systems used to display information about the currently logged-in users and what they are doing. It provides a quick overview of the system’s activity, showing who is logged in, what they are doing, and how long they have been idle.
Some commonly used options with
w
include:
Option | Description |
---|---|
-h |
Displays help information about the w command. |
-s |
Displays only the summary information, omitting the login time, JCPU, and PCPU fields. |
-u |
Shows the load average, number of users logged in, and system uptime. |
Here are examples for each
w
option with explanations:
-
-h
-
Example:
w -h
-
Explanation: This command displays help information about the
w
command, providing a brief description of its options and usage.
-
Example:
-
-s
-
Example:
w -s
- Explanation: This command displays only the summary information, omitting the login time, JCPU (total CPU time used by the job), and PCPU (CPU time used by the process) fields.
-
Example:
-
-u
-
Example:
w -u
- Explanation: This command shows the load average, number of users logged in, and system uptime, in addition to the usual output.
-
Example:
last
The last
command is a command-line utility in Linux and Unix-like operating systems used to display information about the last
logged-in users and their sessions. It provides a history of the last
logged-in users, showing when they logged in and out, as well as from which terminals or IP addresses they logged in.
Some commonly used options with
last
include:
Option | Description |
---|---|
-d |
Displays the hostname in the last column of the output. |
-f <file> |
Reads the specified file instead of /var/log/wtmp . |
-h |
Displays help information about the last command. |
-i |
Displays the IP addresses along with the hostname in the output. |
-n <num> |
Displays the specified number (num ) of lines. |
-x |
Displays the system shutdown entries and run level changes. |
Here are examples for each
last
option with explanations:
-
-d
-
Example:
last -d
- Explanation: This command displays the hostname in the last column of the output, in addition to the usual output.
-
Example:
-
-f <file>
-
Example:
last -f /var/log/wtmp.1
-
Explanation: This command reads the specified
file
/var/log/wtmp.1
instead of the default/var/log/wtmp
.
-
Example:
-
-h
-
Example:
last -h
-
Explanation: This command displays help information about the
last
command, providing a brief description of its options and usage.
-
Example:
-
-i
-
Example:
last -i
- Explanation: This command displays the IP addresses along with the hostname in the output.
-
Example:
-
-n <num>
-
Example:
last -n 5
-
Explanation: This command displays the last
5
lines of the log.
-
Example:
-
-x
-
Example:
last -x
- Explanation: This command displays the system shutdown entries and run level changes in the output.
-
Example:
finger
The finger
command is a command-line utility in Linux and Unix-like operating systems used to display information about user accounts. It provides detailed information about a specific user, such as the login name, real name, terminal name, login time, idle time, and more.
Some commonly used options with
finger
include:
Option | Description |
---|---|
-h |
Displays help information about the finger command. |
-l |
Displays a long format listing, including the user’s home directory, login shell, and more. |
-m |
Displays information in a machine-parseable format. |
-p |
Suppresses the display of the user’s plan file. |
-q |
Quiet mode; only displays the user’s login name, real name, terminal, and write status. |
-s |
Short format; displays only the user’s login name, real name, terminal, and write status. |
<username> |
Specifies the username(s) for which to display information. If not specified, displays information for all logged-in users. |
Here are examples for each
finger
option with explanations:
-
-h
-
Example:
finger -h
-
Explanation: This command displays help information about the
finger
command, providing a brief description of its options and usage.
-
Example:
-
-l
-
Example:
finger -l username
-
Explanation: This command displays a long format listing for the user
username
, which includes the user’s home directory, login shell, and more.
-
Example:
-
-m
-
Example:
finger -m username
-
Explanation: This command displays information for the user
username
in a machine-parseable format.
-
Example:
-
-p
-
Example:
finger -p username
-
Explanation: This command suppresses the display of the user’s plan file for the user
username
.
-
Example:
-
-q
-
Example:
finger -q username
-
Explanation: This command displays information for the user
username
in quiet mode, showing only the user’s login name, real name, terminal, and write status.
-
Example:
-
-s
-
Example:
finger -s username
-
Explanation: This command displays information for the user
username
in a short format, showing only the user’s login name, real name, terminal, and write status.
-
Example:
-
<username>
-
Example:
finger username
-
Explanation: This command displays information for the specified
username
. If no username is specified, it displays information for all logged-in users.
-
Example:
chfn
The chfn
command is a command-line utility in Linux and Unix-like operating systems used to change the user information stored in the /etc/passwd
file. It allows users to modify the information associated with their user account, such as the full name, room number, work phone, and other details.
Some commonly used options with
chfn
include:
Option | Description |
---|---|
-f <full_name> |
Sets the user’s full name. |
-h |
Displays help information about the chfn command. |
-o |
Allows the use of duplicate GECOS field values. |
-r <room_number> |
Sets the user’s office or room number. |
-w <work_phone> |
Sets the user’s work phone number. |
Here are examples for each
chfn
option with explanations:
-
-f <full_name>
-
Example:
chfn -f "John Doe" username
-
Explanation: This command sets the full name of the user
username
to “John Doe”.
-
Example:
-
-h
-
Example:
chfn -h
-
Explanation: This command displays help information about the
chfn
command, providing a brief description of its options and usage.
-
Example:
-
-o
-
Example:
chfn -o username
-
Explanation: This command allows the use of duplicate GECOS (General Electric Comprehensive Operating System) field values for the user
username
.
-
Example:
-
-r <room_number>
-
Example:
chfn -r "101" username
-
Explanation: This command sets the office or room number of the user
username
to “101”.
-
Example:
-
-w <work_phone>
-
Example:
chfn -w "555-1234" username
-
Explanation: This command sets the work phone number of the user
username
to “555-1234”.
-
Example: