Skip to main content

Ubuntu Handbook

Chapter #10: User and Group Management in Ubuntu

In this chapter, you'll learn how to create and manage users, work with groups, set proper permissions, configure sudo access, and implement security best practices for multi-user Ubuntu systems.

Chapter #10: User and Group Management in Ubuntu
Learn how to manage users, groups, permissions, and sudo access in Ubuntu

In the last chapter, we explored networking in Ubuntu and learned how to configure connections, troubleshoot issues, share files, and secure your system on networks.

Now we will learn how to manage users on our Ubuntu system, which is important because it controls who can access the system and what they are allowed to do.

Linux, including Ubuntu, was designed from the ground up as a multi-user system, which means multiple user can use the same computer (either simultaneously or at different times) while keeping their files, settings, and activities separate and secure.

In this chapter, we'll learn everything you need to know about user and group management, because understanding how to manage users and groups properly is fundamental to maintaining a secure and well-organized system.

Here's what we'll cover:

  • What users and groups are, and why theyโ€™re important for Linux security.
  • How to create new users, update them, or remove them when theyโ€™re no longer needed.
  • How groups help organize users and simplify permission management.
  • How file permissions and ownership control who can read, write, or run files.
  • How to use sudo safely to give trusted users administrative power.
  • Best practices to keep user accounts secure and well-managed.

By the end of this chapter, you'll be confident in managing users and permissions on your Ubuntu system.

Understanding Users and Groups

Before we start creating users, let's understand how Ubuntu's user system works.

What Are Users?

A user is an account that can log into the system and each user has:

  • A username - the name used to log in.
  • A user ID (UID) - a unique number identifying the user.
  • A home directory - typically home/username.
  • A shell - the command-line interface they use (usually bash).
  • A password - for authentication.

Types of Users:

  • Regular Users: Normal accounts for user who use the system; UIDs usually start at 1000.
  • System Users: Used by services and applications, not real user; UIDs are below 1000 (e.g., www-data, mysql).
  • Root User: The superuser with UID 0 who has full system control; in Ubuntu, you use sudo instead of logging in directly as root.

What Are Groups?

Groups are collections of users, which make it easier to manage permissions for multiple users at once. Instead of giving permissions to each user individually, you can assign permissions to a group, and all group members inherit those permissions.

Each user belongs to at least one group (their primary group), but can belong to multiple groups (secondary groups).

Common Ubuntu Groups:

  • sudo - Members can use sudo to run commands as root.
  • adm - Can read system logs.
  • cdrom - Can access CD/DVD drives.
  • plugdev - Can mount removable devices.
  • lpadmin - Can manage printers.
  • sambashare - Can share files via Samba.

Viewing User Information

Before you start adding or modifying users, itโ€™s useful to know how to look up information about users who already exist on the system.

Ubuntu provides several simple commands for this, and once you get used to them, checking user details becomes easy.

List Current Users

When youโ€™re working in the terminal, itโ€™s always good to confirm which user account youโ€™re currently using:

whoami

To see more detailed information, including your user ID (UID), group ID (GID), and group memberships, use:

id

If you want to check the details of a specific user account, you can use id with the username:

id username

To see which groups a user belongs to, run:

groups username
View Information About User

Listing Users on the System

All user accounts on a system are stored in a file called /etc/passwd. Despite the name, this file doesnโ€™t actually store passwords anymore, but it still contains essential user information.

To view all user accounts:

cat /etc/passwd

It will display a list of users in the long format, so if you want to filter the list to only show regular users, those who have home directories:

cat /etc/passwd | grep /home

Each line in /etc/passwd follows a specific format:

username:x:UID:GID:comment:home_directory:shell

For example:

ravi:x:1000:1000:ravi:/home/ravi:/bin/bash

Listing Groups on the System