Managing users and groups is one of the most common tasks in Linux. It is also one of the areas that feels confusing at first. The good news is that Linux user and group management is very consistent once you understand the basics.
This guide walks through the simplest working approach to users and groups. Every command shown here is practical, safe, and commonly used on real systems. You do not need prior Linux experience to follow along. All examples and commands come directly from the source script .
What a User Is in Linux
In Linux, a user is simply an identity.
Every command that runs, every file that gets created, and every process that starts runs as a specific user. Linux uses this identity to decide what is allowed and what is blocked.
To see which user you are currently logged in as, run:
whoamiExample output:
boThis tells you the name of the user the system recognizes right now. Everything you do in the terminal happens under this user account.
Real-world context:
When someone logs into a Linux server, the system must know who they are. That identity controls file access, command permissions, and system safety.
User IDs and Group IDs
Linux does not rely only on usernames. Internally, it uses numeric IDs.
To view this information, run:
idExample output:
uid=1000(bo) gid=1000(bo) groups=1000(bo),27(sudo)Here is what this means:
-
uidis the user ID -
gidis the primary group ID -
groupslists all groups this user belongs to
Groups allow Linux to give permissions to more than one user at a time.
Real-world context:
Instead of configuring access for every individual user, administrators add users to groups. This keeps systems manageable and consistent.
What a Group Is
A group is just a collection of users.
Permissions can be assigned to a group instead of a single user, which makes access control much easier.
To see which groups your user belongs to, run:
groupsExample output:
bo sudoThis shows that the user belongs to the bo group and the sudo group. Being in the sudo group allows a user to run administrative commands.
Real-world context:
On servers, administrative access is almost always controlled by group membership rather than individual configuration.
Viewing All Users on the System
Linux stores user account information in a file.
To view it, run:
cat /etc/passwdExample output:
bo:x:1000:1000:Bo Morgan:/home/bo:/bin/bashEach line represents one user account. You can see:
-
Username
-
User ID
-
Group ID
-
Home directory
-
Default shell
This file does not contain passwords. Passwords are stored securely elsewhere.
Real-world context:
If a user exists on a system, they will appear here. This file is often the first place administrators check when troubleshooting access issues.
Creating a New User (Simple and Safe)
The easiest and safest way to create a new user is with adduser.
Run:
sudo adduser testuserExample output:
Adding user `testuser' ...Adding new group `testuser' (1001) ...Adding new user `testuser' (1001) with group `testuser' ...Creating home directory `/home/testuser' ...
This command:
-
Creates the user
-
Creates a group with the same name
-
Creates a home directory
You will be prompted to set a password. The extra information fields can be left blank.
Real-world context:
This is how you create accounts for interns, contractors, or test users on a system.
Switching Users to Test Access
To verify permissions, you can switch to another user.
Run:
su - testuserExample output:
$The prompt changes because you are now logged in as testuser. This user has limited permissions by default.
Real-world context:
Administrators use this to confirm that users have the correct level of access and nothing more.
Understanding Sudo Access
Most users should not have full administrative privileges.
To test this, run:
sudo ls /rootExample output:
testuser is not in the sudoers file.This error is expected. It confirms that the user does not have administrative access.
Real-world context:
This restriction prevents accidental or harmful system changes.
Adding a User to a Group
To grant administrative access, you add the user to the sudo group.
First, return to your admin account:
exitThen run:
sudo usermod -aG sudo testuserThis command modifies an existing user. The -aG option adds the user to a group without removing existing group memberships.
Real-world context:
This is the standard and correct way to grant admin access on most Linux systems.
Verifying Group Membership
To confirm the change, run:
groups testuserExample output:
testuser : testuser sudoThe user now belongs to the sudo group. The user must log out and back in for this change to fully apply.
Common Beginner Mistakes and How to Avoid Them
Forgetting sudo
If a command fails, check whether administrative privileges are required.
Using useradd instead of adduseruseradd is a lower-level tool and does not create a home directory by default. Beginners should use adduser.
Forgetting to log out
Group changes do not take effect until the user logs out and logs back in.
A Practical IT Scenario
Imagine setting up a Linux server for a small team.
You would:
-
Create a user account for each team member
-
Add only trusted users to the admin group
-
Verify access by switching users
This approach keeps the system secure, predictable, and easy to manage.
A Small Next Step
Once you are comfortable with users and groups, the next step is learning file permissions. That is where user and group knowledge becomes truly powerful.
Conclusion
Users and groups are a core part of Linux system management. By working through these steps a few times, the commands and concepts will start to feel natural. This is the safe and simple foundation that most Linux systems are built on.