Articles

Linux Users and Groups: Add, Remove, and Manage Access (2026)

April 18, 2026 3 min read

Linux users and groups are the fundamental building blocks of access control, dictating who can see and do what on a system.

Let’s watch a user get created and then gain access to a specific directory.

# Create a new user named 'alice'
sudo useradd alice

# Set a password for 'alice'
sudo passwd alice
# (Enter password when prompted)

# Create a directory for 'alice's projects
sudo mkdir /srv/projects/alice
sudo chown alice:alice /srv/projects/alice

# Now, let's make sure 'alice' can write to this directory
sudo chmod 700 /srv/projects/alice

The useradd command creates the user’s entry in /etc/passwd. passwd sets their encrypted password in /etc/shadow. mkdir creates the directory, chown assigns ownership to alice, and chmod 700 ensures only alice (the owner) has read, write, and execute permissions.

Now, what if we want to give alice and a team of developers, say devteam, access to a shared project directory?

# Create a group for the development team
sudo groupadd devteam

# Add 'alice' to the 'devteam' group
sudo usermod -aG devteam alice

# Create a shared directory for the team
sudo mkdir /srv/projects/shared_dev
sudo chown root:devteam /srv/projects/shared_dev

# Set permissions so the group can read, write, and execute
sudo chmod 775 /srv/projects/shared_dev

Here, groupadd creates the group entry in /etc/group. usermod -aG appends alice to the devteam group without removing her from other groups. chown root:devteam makes root the owner but assigns the devteam group as the owning group for the directory. chmod 775 grants read, write, and execute to the owner (root), read, write, and execute to the group (devteam), and read and execute to others. This means alice (as part of devteam) can now collaborate in this shared space.

The core of user and group management lies in a few key files:

  • /etc/passwd: Contains user account information (username, UID, GID, home directory, shell).
  • /etc/shadow: Stores encrypted passwords and password aging information.
  • /etc/group: Lists group names and the UIDs of their members.
  • /etc/gshadow: Stores encrypted group passwords (rarely used).

When you execute commands like useradd or groupadd, the system modifies these files. The User ID (UID) and Group ID (GID) are numerical identifiers that the kernel uses internally for permissions, not the names themselves. This is why when you delete a user, their UID might be reused later, potentially causing access issues if not handled carefully.

A common misconception is that adding a user to a group immediately grants them access to all files owned by that group. This is only true if the file’s permissions also allow group access. The chmod command is crucial here. For example, a file with chmod 600 (owner read/write only) will not be accessible to group members even if they are in the correct group. The setgid bit on a directory (e.g., chmod g+s /srv/projects/shared_dev) is also powerful: it ensures that new files or subdirectories created within that directory automatically inherit the group ownership of the parent directory, simplifying collaboration further.

The next step in managing access is often dealing with sticky bits or ACLs for more granular control.

Want structured learning?

Take the full Linux & Systems Programming course →