// learn Β· linux Β· rhcsa Β· 10 min

Local users and groups.

A user account isn't one thing β€” it's a few lines spread across /etc/passwd, /etc/shadow, and /etc/group, plus a home directory and a mail spool. Read each field, then learn the commands that create, modify, lock, and delete accounts.

Linux local users and groups animated tutorial. Covers /etc/passwd, /etc/shadow, /etc/group fields, useradd, usermod, userdel, passwd, chage, primary vs supplementary groups, and account locking. RHCSA EX200 ready.
// users and groups

A Linux account is a few lines of text plus a home directory. Once you can read /etc/passwd, /etc/shadow, and /etc/group, the management commands stop feeling magic.

// before you start
you should know
  • Β·Comfortable viewing files (cat, less) and basic permissions
  • Β·Know that root is the admin account
  • Β·Helpful: the file-permissions / chmod tool for the next lesson
by the end you'll

Read every field of a passwd/shadow/group line, and run the commands to create, modify, lock, and delete accounts safely.

pace: 10 minutes

account files β€” step 1 / 6 Β· /etc/passwd
/etc/passwdaliceusernamexpassword (x = in shadow)1000UID1000GID (primary group)Alice SmithGECOS (comment)/home/alicehome dir/bin/bashlogin shell

/etc/passwd β€” seven colon-separated fields

Every account has one line in /etc/passwd with seven fields separated by colons: username, password placeholder (almost always 'x'), UID, primary GID, GECOS (a free-text comment, historically the user's full name), home directory, and login shell. This file is world-readable β€” that's fine, because the actual password hash lives elsewhere.

// key insight

The kernel only knows numbers β€” UIDs and GIDs. Usernames and group names are a convenience layer that /etc/passwd and /etc/group map to those numbers. That's why a file copied to another system can suddenly be "owned" by a different user: same UID, different name-to-number mapping.

// exam-ready Β· the account commands & files
$id alice
$getent passwd alice
$useradd -m -s /bin/bash alice
$useradd -r svc
$usermod -aG wheel alice
$usermod -L / -U alice
$userdel -r alice
$passwd alice
$passwd -l / -u alice
$chage -l alice
$chage -M 90 -W 7 alice
$groupadd developers
$gpasswd -a alice developers
$newgrp developers
$/etc/skel
$/etc/login.defs
// check yourself
4 quick questions
Q1

Where is a user's actual hashed password stored?

Q2

You run `usermod -G developers alice` to add alice to the developers group. What's the bug?

Q3

What's the difference between a primary and a supplementary group?

Q4

You want to disable password login for a departing employee but keep their files and audit trail. Best move?

These aren't graded β€” they're just for active recall, which is what actually makes the lesson stick.

πŸ‘₯
// next: what they can touch

chmod calculator

Now that you can create users and groups, decide what they can read and write. Flip permission bits and watch rwx ↔ octal update in lockstep.

open β†’
// more in linux

keep going β€” these pair well with what you just learned.

see all linux β†’
πŸ›‘οΈ

SELinux contexts

Why Apache can't read your file. Watch the policy engine decide β€” and learn the workflow for fixing denials. RHCSA-ready.

8 min Β· interactiveopen β†’
⚑

Linux boot process

From power button to login prompt. Every stage in the chain β€” UEFI, GRUB, kernel, initramfs, systemd β€” with the rescue moves that save you. RHCSA-ready.

9 min Β· interactiveopen β†’
πŸ’Ύ

LVM stacking

Layer-by-layer build of an LVM stack: disks β†’ PVs β†’ VG β†’ LVs β†’ filesystem. Then extend live and snapshot. RHCSA-ready.

8 min Β· interactiveopen β†’
back to RHCSA trackall lessons