add user

in general there is just one binary /usr/sbin/useradd on all three distros.

# cross distribution Debian8, RedHat(CentOS7), Suse12
useradd -m username; # add user and create hom directory

passwd username; # you will have to asign a password for the user straight afterwards

# on debian you probably would also want to
usermod -s /bin/bash username; # change default-login-shell of username to bash

debian specific:

in debian8 you have „adduser“ which is a perlscript written by Guy Maor, Ted Hajek, Ian A. Murdock, Roland Bauerschmidt

It is interactive… asks you questions.

in centos/redhat: file /usr/sbin/adduser is a symbolic link to useradd.

here is the script:

i guess the major difference between the binary useradd -m and the perl-script adduser is:

under debian are two files defining how users are added and deleted:



the binary useradd -m command does not read those the perl-script does.

While i think Debian is one of the best Linux distributions out there for the sake of simplification, standardization, unification and less confusion Debian should adopt the Centos/Redhat/Suse approach of adding users.

I don’t see any need for those config files. If you do please report in the comments.

delete remove user: cross distribution

everything that has a beginning also has an end… Neo…

userdel -r AgentSmith; # same as --remove-home - remove user including his/her home directory

which userdel; # on all three distros it is a binary 
/usr/sbin/userdel; # at this location


deluser perl script: debian only

deluser username; # just the user, not his/her files (/home/username)

deluser --remove-home username; # delete user and /home/username

By default, deluser will remove the user without removing the home directory, the mail spool or any other files on the system owned by the user. Removing the home
directory and mail spool can be achieved using the





option removes all files on the system owned by the user.

If you want to backup all files before deleting them you can activate the


option which will create a file


in the directory specified by the


option (defaulting to the current working directory).

Both the remove and backup options can also be activated for default in the configuration file /etc/deluser.conf.

See for details.

example content: (this file does not exist on suse12 or centos7 per default)

root@Debian8:~# cat /etc/deluser.conf
# /etc/deluser.conf: `deluser' configuration.

# Remove home directory and mail spool when user is removed

# Remove all files on the system owned by the user to be removed

# Backup files before removing them. This options has only an effect if

# target directory for the backup file

# delete a group even there are still users in this group

# exclude these filesystem types when searching for files of a user to backup
EXCLUDE_FSTYPES = "(proc|sysfs|usbfs|devpts|tmpfs|afs)"

add group – create new group – add new group to the system

groupadd GROUP_NAME

delete group

groupdel GROUP_NAME

add user to group

usermod -a -G users user; # add user „user“ to group „users“

usermod -a -G sudo bob; # adds user bob to group sudo = allowed to run sudo = run processes with root-privileges temporarily

remove user from group

gpasswd -d user group;

config files involved

list files in sorted for their userids – /etc/passwd

is where all users:accounts:are:stored.

but despite the name – passwords are not stored there – they are in /etc/shadow.

you can get a nicely formatted list in the format: username ……………. UID sorted after UID.

cut -d: -f 1,3 /etc/passwd|tr : "\t"|expand -t 25|sort -k2 -n
root                     0
bin                      1
daemon                   2
adm                      3
lp                       4
sync                     5
shutdown                 6
halt                     7
mail                     8
operator                 11
games                    12
ftp                      14
named                    25
rpc                      32
tss                      59
tcpdump                  72
sshd                     74
dbus                     81
postfix                  89
nobody                   99
usbmuxd                  113
pulse                    171
rtkit                    172
abrt                     173
systemd-network          192
nm-openvpn               989
nm-openconnect           990
setroubleshoot           991
lightdm                  992
openvpn                  993
unbound                  994
geoclue                  995
vnstat                   996
chrony                   997
polkitd                  998
systemd-bus-proxy        999
user                     1000
test                     1001

cut -d: -f 1,3 /etc/passwd|tr : "\t"|expand -t 25|sort -k2 -n
root                     0
daemon                   1
bin                      2
sys                      3
sync                     4
games                    5
man                      6
lp                       7
mail                     8
news                     9
uucp                     10
proxy                    13
www-data                 33
backup                   34
list                     38
irc                      39
gnats                    41
systemd-timesync         100
systemd-network          101
systemd-resolve          102
systemd-bus-proxy        103
Debian-exim              104
messagebus               105
statd                    106
sshd                     107
avahi                    108
colord                   109
geoclue                  110
pulse                    111
rtkit                    112
saned                    113
usbmux                   114
lightdm                  115
ntp                      116
user                     1000
nobody                   65534

cut -d: -f 1,3 /etc/passwd|tr : "\t"|expand -t 25|sort -k2 -n
root                     0
bin                      1
daemon                   2
lp                       4
mail                     8
news                     9
uucp                     10
games                    12
man                      13
at                       25
wwwrun                   30
ftp                      40
named                    44
postfix                  51
ntp                      74
gdm                      483
scard                    484
vnc                      485
ftpsecure                486
pulse                    487
rtkit                    488
statd                    489
srvGeoClue               490
systemd-bus-proxy        491
systemd-timesync         492
openslp                  494
rpc                      495
nscd                     496
polkitd                  497
sshd                     498
messagebus               499
user                     1000
test                     1001
nobody                   65534


are stored in /etc/shadow only accessible by root:shadow

all lines with leading $6 are sha512 encrypted passwords (plus salt).

if you would like to generate your own passwords should work like: (src)

mkpasswd -m sha-512
# or
python -c "import crypt,random,string; print crypt.crypt(raw_input('clear-text password: '), '\$6\$' + ''.join([random.choice(string.ascii_letters + string.digits) for _ in range(16)]))"


on all distros root has UID:0 and UID-Numbering of non-root non-service user-accounts start at 1000.

With GUID (GroupID) SUSE12 starts numbering from 100 on, while CentOS/Debian start with 1000.

UIDs might be re-asigned to different users – if users are deleted and new users are added – passing on file-ownership.

test@debian:~$ id
uid=1001(test) gid=1001(test) groups=1001(test)

[test@centos ~]$ id
uid=1001(test) gid=1001(test) Gruppen=1001(test) Kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

test@suse:~> id
uid=1001(test) gid=100(users) Gruppen=100(users)

lock/disable/enable/suspend accounts

To lock a user account:

  • passwd -l USERNAME
  • usermod -L USERNAME

To unlock a user account:

  • passwd -u USERNAME
  • usermod -U USERNAME

technically this will alter the line corresponding to the user in /etc/shadow

and append a ! in front of the user’s password which means – account disabled – can not login.

root@Debian8:# cat /etc/shadow|grep user

root@Debian8:# passwd -l user
passwd: password expiry information changed.

root@Debian8:# cat /etc/shadow|grep user

expire account or password:

you can time account and password validity with:

chage -l bob
Last password change                                    : Jun 01, 2017
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : -1
Maximum number of days between password change          : -1
Number of days of warning before password expires       : -1

chage bob
Changing the aging information for maria
Enter the new value, or press ENTER for the default

        Minimum Password Age [0]:
        Maximum Password Age [99999]:
        Last Password Change (YYYY-MM-DD) [2017-05-11]:
        Password Expiration Warning [7]:
        Password Inactive [-1]:
        Account Expiration Date (YYYY-MM-DD) [-1]:



group management ->

massively cool article and video: