Show Menu

Linux (RHEL) User Management Cheat Sheet by

User management on Red Hat Linux Server


This inform­ation specif­ically relates to place of employ­ment, but may be useful elsewhere.

User and Group Management

List users configured on local host
awk -F: '/\/home/ {printf "­%s:­%s­\n",$­3,$1}' /etc/p­asswd | sort -n
List groups configured on local host
awk -F: -v id="­999­" '$3 > id' /etc/group
For Users, the assumption is that they are non-system users if they have a
For Groups, the assumption is that they are non-system groups if gid is greater the 999
Refer to

Create User

Create user
useradd -c "­Fir­stname Lastna­me" -d /home/firstn­­stn­ame.suffix -u <ui­d> -g <gi­d> -m -s /bin/bash firstn­­stn­ame.suffix
Create user (shorter)
useradd -c "­Fir­stname Lastna­me" -u <ui­d> -g <gi­d> firstn­­stn­ame.suffix
Set password
passwd firstn­­stn­ame.suffix
Set account aging policy
chage -M 90 -W 7 -I 30 -d 0 firstn­­stn­ame.suffix
where -M maximum number of days between password changes, -W number of days warning before password expires, -I inactive days after password expires that account is locked, -d days since password changed (setting to 0 zero forces password change on next logon)
Expire password
(force password change)
chage -d 0 firstn­­stn­ame.suffix
Expire password and set account expiry­(fo­r co­ntr­actors)
chage -d 0 -E YYYY-MM-DD firstn­­stn­ame.suffix
List account aging inform­ation
chage -l firstn­­stn­ame.suffix
User accounts are in: firstn­­stn­­cou­nttype format. These 3 variables are used by the user management scripts. Admin User Account are suffixed with .nalx.
Service Accounts are prefixed with svc.
uid and gid are maintained in a central location to ensure uniformity across server fleet.

Account Management

Disable account
(most effective method)
chage -E0 firstn­­stn­ame.suffix
Re-enable account
chage -E1 firstn­­stn­ame.suffix
Lock account
usermod -L username
Check lock status
grep username /etc/s­hadow

single exclam­ation mark before encrypted password means account locked
Lock password
passwd -l username
Unlock password
passwd -u username
Check password status
grep username /etc/s­hadow

two exclam­ation marks before encrypted password means password locked
Check whether password ever set
grep username /etc/s­hadow

two exclam­ation marks with no encrypted password means password has never been set
Extend account expiry
(for contra­ctors)
chage -E YYYY-MM-DD firstn­­stn­ame.suffix
The recomm­ended method of securing an account is disabling by using the
command. Locking of accounts by using
or passwords by using
commands are not as effective. For example, an account which uses SSH does not use passwords.

List Logged On Users

Show who is logged on
Show who is logged on and what they are doing
Show list of last logged in users who are "­still logged in"
last -F | grep 'still logged in'
Print name of users currently logged in to local host

Non-st­andard aliases

awk -F: '{ if ($3 > 999 && $3 < 60001) print $1 }' /etc/p­asswd | grep -v suffix | sort
awk -F: '{ if ($3 > 999 && $3 < 60001) print $1 }' /etc/p­asswd | grep suffix | sort
These are functions stored in
. Again, refer to
for UID_MIN and UID_MAX and GID_MIN and GID_MAX values

Get User Inform­ation Function

# get-us­era­ccounts [Account Type: ALL|no­rma­l|a­dmi­ns|­ser­vice] [Output Format­:na­me|­des­cri­pti­on|­alm­ost­all­|cs­v|t­able] [Addit­ional Info: GROUP|­nog­rou­p|c­omp­lete]
Where group inform­ation is collected from corres­ponding user entry in
and where addition inform­ation is collated from
Argument order is important (does not use
). Account Type - ALL (is the default option). Output Format: no specific option required. Additional Info - GROUP info (is the default option).
# get-us­era­ccounts
# get-us­era­ccounts service csv group
# get-us­era­ccounts admins tablefull complete
Based on function listusers / get-us­era­ccounts (expanded version of the above custom functions
). The
alias is in PowerShell (verb-­noun) format so somewhat familiar for Windows Admini­str­ators.
Could be saved as part of a function file or incorp­orated into the system alias file (


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          *nix users and groups Cheat Sheet
          Vim Editor [Yet Another] Cheat Sheet

          More Cheat Sheets by PeterCeeAU

          Vim Editor [Yet Another] Cheat Sheet
          Robocopy By Example Cheat Sheet
          NATO Phonetic Alphabet Cheat Sheet