How to Add and Delete Users on RHEL 7
User account management is one of the most fundamental administrative tasks on any Linux server. On Red Hat Enterprise Linux 7, the standard command-line tools — useradd, usermod, userdel, and passwd — give you precise control over every aspect of a user’s account: their login name, home directory, group memberships, password, and account status. Understanding how these tools interact with the underlying files /etc/passwd, /etc/shadow, and /etc/group will make you a more effective and confident system administrator.
Prerequisites
- RHEL 7 system with root or
sudoaccess - Basic familiarity with the Linux command line
- An understanding of Linux file permissions is helpful but not required
Step 1: Understanding the User Database Files
Before creating accounts, it helps to understand where RHEL 7 stores user information. There are three key files:
/etc/passwd — stores basic account information. Each line represents one user and has seven colon-separated fields:
username:x:UID:GID:comment:home_directory:shellExample entry:
jsmith:x:1001:1001:John Smith:/home/jsmith:/bin/bashThe x in the password field indicates that the actual (hashed) password is stored in /etc/shadow.
/etc/shadow — stores hashed passwords and password aging policy. Only root can read this file:
jsmith:$6$rounds=5000$salt$hashedpassword:17000:0:99999:7:::/etc/group — stores group membership information. Each line has four fields:
groupname:x:GID:member1,member2Step 2: Creating a New User with useradd
The useradd command creates a new user account. In its simplest form:
useradd jsmithThis creates the user jsmith with default settings: a home directory at /home/jsmith, the default shell from /etc/default/useradd, and a private group with the same name as the user.
To customize the account at creation time, use flags:
# Specify a comment (full name), home directory, and shell explicitly:
useradd -c "John Smith" -d /home/jsmith -s /bin/bash jsmith
# Create a system account (no home directory, UID below 1000):
useradd -r -s /sbin/nologin appservice
# Specify a custom UID and primary group:
useradd -u 1500 -g developers jsmithAfter creating the account, set a password immediately:
passwd jsmithYou will be prompted to enter and confirm the password. Until a password is set, the account is locked and cannot be used for interactive login.
Verify the account was created correctly by examining the relevant files:
grep jsmith /etc/passwd
grep jsmith /etc/shadow
grep jsmith /etc/group
ls -la /home/jsmithStep 3: Modifying an Existing User with usermod
The usermod command lets you change almost any attribute of an existing account without deleting and recreating it.
Change the user’s login shell:
usermod -s /bin/zsh jsmithChange the comment field (usually the full name):
usermod -c "Jonathan Smith" jsmithMove the home directory to a new location (the -m flag copies existing contents):
usermod -d /data/home/jsmith -m jsmithAdd the user to a supplementary group without removing them from existing groups (the -aG combination is critical — omitting -a will replace all existing group memberships):
usermod -aG wheel jsmith
usermod -aG developers,dbadmins jsmithChange the user’s login name (does not rename the home directory automatically):
usermod -l jsmith_new jsmithChange the UID:
usermod -u 1600 jsmithAfter changing the UID, you may need to fix file ownership using find:
find / -user 1001 -exec chown -h jsmith {} ;Step 4: Managing Passwords and Account Aging
The passwd command handles password management and also exposes account locking and password aging controls.
Set or change a password as root:
passwd jsmithLock an account (prepends ! to the password hash in /etc/shadow, preventing login):
passwd -l jsmithUnlock a previously locked account:
passwd -u jsmithForce the user to change their password on next login:
passwd -e jsmithSet password aging policy with chage:
# Require password change every 90 days, warn 14 days before expiry:
chage -M 90 -W 14 jsmith
# Set an account expiry date:
chage -E 2026-12-31 jsmith
# View current aging settings for a user:
chage -l jsmithStep 5: Managing Home Directories and Skeletons
When useradd creates a home directory, it populates it with template files from /etc/skel. You can customise this skeleton to ensure all new users receive a standard environment.
ls -la /etc/skelDefault contents typically include .bash_profile, .bashrc, and .bash_logout. Add your own files to /etc/skel and they will automatically be copied into every new user’s home directory.
To create a home directory for a user that was added without one (e.g., a system account you later need to give a home to):
mkdir /home/jsmith
cp -rT /etc/skel /home/jsmith
chown -R jsmith:jsmith /home/jsmith
chmod 700 /home/jsmithStep 6: Deleting Users with userdel
The userdel command removes a user account from the system.
Remove the account but leave the home directory intact (useful when you want to archive data before full removal):
userdel jsmithRemove the account AND the home directory and mail spool:
userdel -r jsmithAfter deletion, verify the account is gone:
grep jsmith /etc/passwd
grep jsmith /etc/shadow
grep jsmith /etc/groupCheck for any files on the system still owned by the now-deleted UID. These become orphaned files and should be reviewed:
find / -nouser -ls 2>/dev/nullStep 7: Working with Groups
Groups allow you to assign permissions collectively to multiple users. Use groupadd to create a new group:
groupadd developersAdd an existing user to the group:
usermod -aG developers jsmithList all members of a group:
grep developers /etc/groupDelete a group (only if no user has it as their primary group):
groupdel developersProper user account management — creating accounts with the minimum necessary privileges, setting strong password policies, promptly removing accounts when no longer needed, and routinely auditing for orphaned files — is essential to maintaining a secure and well-governed RHEL 7 system. The commands covered in this tutorial give you the complete toolkit to manage users confidently at the command line.
