useradd, userdel, and usermod Commands
Linux gives you three main commands to manage user accounts: useradd creates a new user, userdel removes one, and usermod changes an existing account. Think of them as the official way to add, remove, or update entries in /etc/passwd, /etc/shadow, and /etc/group—instead of editing those files by hand. Only root (or someone with the right sudo privileges) can run these commands. Together they cover the full lifecycle of a user account: create with useradd, change with usermod, and remove with userdel when access is no longer needed.
Quick Reference
| Command | What It Does | Common Use |
|---|---|---|
useradd |
Creates a new user account | Adding new users to the system |
userdel |
Removes a user account | Deleting users who no longer need access |
usermod |
Modifies an existing user account | Changing shell, home, groups, or locking an account |
Note: All three require root privileges. Use sudo useradd ..., sudo userdel ..., and sudo usermod ....
useradd Command
useradd creates a new user: it adds a line to /etc/passwd (and usually /etc/shadow and /etc/group), can create a home directory with -m, and uses defaults from /etc/default/useradd. It's the first step in giving a new person—or a service account—access to the machine.
When to Use useradd
- You need to create a new login account for a person
- You're setting up a system or service account (e.g. for a web server)
- You're managing users on a server or lab machine
Common useradd Options
| Option | What It Does | When to Use It |
|---|---|---|
-m | Create the user's home directory | Almost always for real users |
-d path | Set home directory path | When you want a custom path (e.g. /home/jdoe) |
-s shell | Set default shell | e.g. -s /bin/bash or -s /usr/sbin/nologin |
-c "comment" | Set GECOS (full name, etc.) | To store the user's full name |
-g group | Set primary group (by name or GID) | When the user should have a specific primary group |
-G group1,group2 | Add user to supplementary groups | To give extra group memberships |
-u UID | Set user ID (must be unique) | When you need a specific UID |
-e YYYY-MM-DD | Set account expiration date | For temporary accounts |
useradd Examples
# Create user jdoe with a home directory and set password
sudo useradd -m jdoe
sudo passwd jdoe
# Create user with full name and bash as shell
sudo useradd -m -c "Jane Doe" -s /bin/bash jdoe
sudo passwd jdoe
# Create user and add to supplementary groups (e.g. developers, sudo)
sudo useradd -m -G developers,sudo jdoe
sudo passwd jdoe
# System/service account (no login)
sudo useradd -r -s /usr/sbin/nologin myapp-r creates a system account (low UID). /usr/sbin/nologin prevents interactive login. Always run passwd username after useradd for real users so they can log in.
userdel Command
userdel removes a user account from the system. It deletes the user's entry from /etc/passwd (and usually from /etc/shadow and /etc/group membership). You can choose whether to remove their home directory and mail spool as well.
When to Use userdel
- A user no longer needs an account (e.g. left the organization)
- You're removing a temporary or test account
- You're cleaning up after migrating or decommissioning a service
Common userdel Options
| Option | What It Does | When to Use It |
|---|---|---|
-r | Remove the user's home directory and mail spool | When you want to delete their files too |
-f | Force removal even if user is logged in (use with caution) | Only when necessary; can leave orphaned processes |
userdel Examples
# Remove account only; home directory stays (e.g. for backup)
sudo userdel jdoe
# Remove account and delete home directory and mail spool
sudo userdel -r jdoe
# Force removal even if user is logged in (use with care)
sudo userdel -f -r jdoeBack up important data before using -r. Use -f only when you understand the impact: the user may be kicked out and processes may run as a non-existent user. Check with who or ps -u username that the user isn't logged in.
usermod Command
usermod changes an existing user account. It updates the user's entry in /etc/passwd (and related files): you can change the home directory, shell, full name, group memberships, lock or unlock the account, and more. Use it whenever you need to fix or update a user's settings instead of deleting and recreating the account.
When to Use usermod
- Change a user's default shell, home directory, or full name
- Add or remove the user from groups
- Lock or unlock an account (without deleting it)
- Set an account expiration date
Common usermod Options
| Option | What It Does | When to Use It |
|---|---|---|
-d path | Set new home directory path | When moving a user's home |
-m | Move contents of current home to new home (use with -d) | When changing home and keeping files |
-s shell | Set default shell | e.g. -s /bin/bash or -s /usr/sbin/nologin |
-c "comment" | Set GECOS (full name, etc.) | To update the user's full name |
-aG group1,group2 | Add user to supplementary groups (append) | To add groups without removing existing ones |
-G group1,group2 | Set supplementary groups (replaces list; use -aG to add) | When you want to set the full list |
-L | Lock the account (password invalid) | To disable login without deleting the account |
-U | Unlock the account | To re-enable after -L |
-e YYYY-MM-DD | Set account expiration date | For temporary access |
usermod Examples
# Change default shell
sudo usermod -s /bin/bash jdoe
sudo usermod -s /usr/sbin/nologin jdoe
# Add user to groups (use -aG so you don't remove existing groups)
sudo usermod -aG developers,sudo jdoe
# Change full name (GECOS)
sudo usermod -c "Jane Doe" jdoe
# Lock and unlock account
sudo usermod -L jdoe
sudo usermod -U jdoe
# Move home directory and move existing files there
sudo usermod -m -d /home/jdoe2 jdoeAlways use -aG when adding groups so you don't wipe out existing group memberships. The user should not be logged in when changing UID, GID, or home directory.
Tips for Success
- Almost always use
useradd -mfor real users so they get a home directory; always runpasswd usernameafteruseraddso they can log in - Back up important data from a user's home directory before using
userdel -r; checkwhoorps -u usernamethat they aren't logged in - Use
usermod -aGwhen adding groups so you don't remove existing memberships; use-Lto lock an account instead of deleting it when access should be temporary - Check current settings with
getent passwd usernameandgroups usernamebefore and after changes
Common Mistakes to Avoid
- Forgetting
-mwithuseraddor forgetting to set a password so the user can't log in - Using
userdel -rwithout backing up files the user might need; removing root or essential system accounts - Using
usermod -Gwithout-aand removing the user from other groups; changing UID/GID or home while the user is logged in - Using
userdel -forusermodfor major changes without understanding the impact on active sessions
Best Practices
- Use
useraddwith-mfor human users and set a password withpasswd; use-rand/usr/sbin/nologinfor service accounts - Prefer
userdel -ronly after backing up or confirming files aren't needed; avoid-funless you have a clear reason - Use
usermod -aGto add groups; use-Lto disable an account before deciding to delete it; verify withgetent passwd usernameandgroups username