How To Remotely Manage Linux Users and Groups

This guide provides detailed explanations, practical tips, and recommended tools and practices for the remote management of Linux users and groups.

Grant Knoetze, Contributor

September 14, 2023

13 Min Read
padlock icons overlay people typing on laptops
Alamy

Are you looking to manage Linux users and groups remotely? This guide will walk you through key concepts and practices, enhancing the security of your systems.

Managing Linux users and groups starts by understanding what a user is – an individual who has access to the system. A user can be a standard or privileged user.

A group, meanwhile, is essentially a collection of user accounts with the same permissions. Groups provide a practical way to implement Role-Based Access Control, or RBAC, which assigns a group of users access to the same resources and permissions based on their role. For instance, you can have groups like “accounts,” “developers,” or “managers.”

Within Linux, there are two distinct types of users: system users and regular users. Regular users don’t have sudo or root access, which grants elevated privileges. In every Linux system, there is a root account, which functions as the administrator account with unrestricted privileges. On the other hand, a sudo account offers limited administrative access, and these users are typically listed in the /etc/sudoers file.


Group directories contain the specific files associated with a given group, while a user directory contains the files belonging to an individual user. Each user on a Linux system has their named directory inside the /home directory (e.g., in my case, it’s /home/grant).

User information is stored in the /etc/passwd file, whereas encrypted password information is stored in the /etc/shadow file. Encrypted group information is stored in the /etc/gshadow file.

How To Manage Linux Users and Groups Remotely

Let’s delve into key aspects of remotely managing Linux users and groups.

Using Secure Shell (SSH) to connect to remote systems for administration

Secure Shell (SSH) is an excellent protocol for connecting to remote systems and running commands on them simply and securely.

To illustrate this, I will explain how I use SSH to connect to Linux machines hosted on AWS in my purple team cloud lab from my Windows workstation.

In Figure 1, you can see how I use SSH to remotely log in to a Linux virtual machine. I frequently use SSH to access my Linux VMs directly from my Windows host machine or other Linux system, as I work on red team and purple team labs that involve both Windows and Linux virtual machines hosted on AWS.

Once connected through SSH, you can run Linux commands directly on that machine. As shown in Figure 1, I have run the ls command on the Linux VM.

example of Secure Shell (SHH) command in Linux

image001_13

Figure 1. This shows how I SSH into a Linux virtual machine that is part of a cloud lab for purple teaming.

While there are GUI applications like TeamViewer available, SSH remains a reliable choice for secure remote access. 

Understand the /etc/passwd file

The /etc/passwd file stores essential login information. The file contains a list of the system’s accounts, with each entry providing user-related data such as username, user ID, group ID, home directory, shell, and more. It’s important to restrict write access to the /etc/passwd file to root users. In the password field of each account entry, there should be an “x” character, indicating that an encrypted password exists in the /etc/shadow file.

showing the contents of /etc/passwd file in Linux

image002_9

Figure 2. When we cat the /etc/passwd file, we can see all users. The root user entry is highlighted.

output of the cat /etc/passwd command

image003_12

Figure 3. The rest of the output of the cat /etc/passwd command. We can see our three users: grant, kelly, and Katye.

The /etc/passwd file contains one entry per line for each user, as can be seen in Figure 2 and 3. All fields are separated by a colon (:). There is a total of seven fields:

  1. Username: This field can be between 1 and 32 characters in length and is used when the user logs in.

  2. Password: An “x” character indicates that the encrypted password is stored in the /etc/shadow file.

  3. User ID (UID): Each user is assigned a unique user ID. User ID 0 (zero) is reserved for the root account, while UIDs 1 to 99 are reserved for predefined accounts. UIDs 100 to 999 are reserved for administrative and system accounts and groups.

  4. Group ID (GID): This field references the group ID stored in the /etc/group file.

  5. User ID Information (GECOS): This command field allows administrators to add extra information about the user, such as their full name and email address.

  6. Home Directory: This is the absolute path to the directory the user will be placed in upon login.

  7. Command/shell: This field specifies the absolute path of a command or shell, such as /bin/bash.

List all users

To list all users on the system, simply run the following command:

sudo /etc/passwd 

The command displays a list of all users on the terminal. If want to save this list to a text file, you can use the standard output redirector operator (>).

Manage group membership

For managing group memberships, you have the option of using a GUI application or a command-line tool. To create a new group, you can use the groupadd command. Additionally, there are several other commands available for tasks like creating new groups, deleting existing groups, and modifying group properties.

To add a new user to a group, there are various commands, including:

  • usermod

  • useradd

  • gpasswd

To remove a user from a group, you can use the same commands with the relevant option or switch. You can find the options and switches specific to each command by running the --help option with the command.

Create, modify, and delete user accounts

To remotely manage users and groups from the terminal, you can use the useradd, usermod, and userdel utilities. When you create a user, the default settings are defined in the /etc/login.defs file. In Figure 4, you can see where I use the cat command to output the contents of the /etc/login.defs file.

If you need to modify configuration files in Linux, you can use built-in text editors such as Nano (see Figure 5).

showing the output of the sudo cat /etc/login.defs file

image004_7

Figure 4. The output of the sudo cat /etc/login.defs file.

showing the /etc/login.defs file opened in Nano for modification

image005_8

Figure 5. The /etc/login.defs file is open in Nano for modification.

Use command-line tools to manage users

Managing users remotely via the command line is a straightforward process. In a recent article, I highlighted several commands for managing users. The same commands include familiar ones like useradd, userdel, usermod, groupadd, groupdel, and groupmod. They can all be used in the command line for remote management of Linux users and groups.

Manage user password requirements

Password management is critical in the overall security of remote systems and users. It is important to establish password policies that force users to create complex and difficult-to-crack passwords. Additionally, the use of a password manager can help users manage their passwords securely.


Linux offers Pluggable Authentication Modules (PAMs) that can be downloaded and integrated into the system. The PAMs provide Linux system administrators with tools and techniques for authenticating users.

Furthermore, in scenarios where centralized user authentication and login management are needed, you might be using Active Directory or Open-LDAP. In such cases, you would usually configure group policies to enforce password-related rules and policies across the network.

Managing Linux Groups Remotely

Managing groups remotely can present challenges, but luckily, we have many tools at our disposal. To gain a complete understanding of Linux group management, let’s start by exploring the /etc/group file.

Understanding the /etc/group file

In Figure 6, you can see where I have used the cat /etc/group command to output the contents of the /etc/group file. To modify the file, you can use a text or code editor like Nano, as can be seen in Figure 7.

the cat command is run on the /etc/group file to show its contents

image006_5

Figure 6. The cat command is run on the /etc/group file to show its contents.

the /etc/group file is opened in Nano for configuration

image007_4

Figure 7. The /etc/group file is opened in Nano for configuration.                     

There are four fields in each entry, from left to right:

  1. group_name (group name)

  2. Password (password, usually place held by an “x” character in the /etc/group file)

  3. GID (Group ID)

  4. Group List (List of all usernames who are members of the group)

Associate a new user with an existing group

There are various commands for remotely adding a user to a group, including usermod, useradd, and the gpasswd commands. I have written an article on adding users to groups, which you can read here.

Remove a user from a group

When you need to remove a user from a group, you can use the same commands as before but with different switches or options selected. Remember to run the --help command for any command to see the options and switches that are available. The commands typically used for this task include usermod, useradd, and gpasswd.

Create a new group

You can use the groupadd command to create a group.

Change primary group

In Linux, the primary group is a special group assigned by the operating system to files created by the user, and each user must belong to a primary group. Secondary groups are all the other groups to which a user can belong. A user can be a member of up to 15 groups.


To find out a user’s groups, use cat or another command to output or save the contents of the /etc/passwd file, as we discussed earlier in this article. To remotely change a user’s primary group, you can use the commands that we have already mentioned, such as useradd, groupadd, and gpasswd.

Tools for Remote Linux User and Group Management

You can use a variety of command-line tools for remote management of Linux users and groups. These include the commands that we have already discussed extensively, plus a few others.

For users:

  • useradd (to add a new user)

  • usermod (to modify user attributes)

  • userdel (to delete a user)


For groups:

  • groupadd (to add a new group)

  • gpasswd (to manage group passwords)

  • groupdel (to delete a group)

  • groupmod (to modify a group)

Infrastructure as Code for Managing Multiple Servers at Scale

For managing multiple servers at scale, infrastructure as code (IaC) tools are invaluable. IaC tools let you use declarative programming languages in scripts, which can be replicated across multiple servers or systems, allowing large-scale management.


One popular IaC tool is Puppet, although there are other IaC offerings available, as well. You can find a link to the Puppet project at the end of this article.

When working with IaC tools like Puppet, you will typically configure files that can be replicated across systems. To do this successfully, you must have a basic understanding of how to use text and code editors from the command line in Linux. We have already introduced Nano as a tool, but there are other options available like Vim and Vi.

Tips and Best Practices for Remote Management of Linux Users and Groups

Here are several tips and best practices for managing Linux users and groups remotely.

Use Secure Shell (SSH). SSH is a secure protocol for remote management of Linux systems and is highly recommended for secure access.

Verify user and group information. Ensure that user and group information is correct and not duplicated anywhere.

Review group permissions and home directories. Regularly review group permissions to ensure they have access to the necessary resources. Likewise, manage user home directories and set correct permissions.

Enable shadow passwords. The file that stores encrypted user passwords is the /etc/shadow file and is only accessible by the root user. Storing passwords in the /etc/passwd file is an unsafe practice.

Review password policies. Regularly assess and update password policies and procedures.

Check group membership. Use the groups command to verify a user’s group membership. Simply follow the command with the username, and all the groups the user belongs to will be displayed, as can be seen in Figure 8.

Test in a non-production environment. Test commands in a safe test environment before applying them in a production system.

Use tools like sudo and PAM. Sudo provides fine-grained access control, while Pluggable Authentication Modules offers flexible user authentication.

Use GUI tools where possible. TeamViewer is one example of software available for remote system administration, especially for day-to-day remote management.

Maintain documentation. Keep a detailed user database and documentation for users and groups. Documentation can be valuable for reference and troubleshooting.

output of the groups command when run with my username as an argument

image008_5


Figure 8. The output of the groups command when run with my username as an argument. All the groups that I belong to are listed here.

Final Thoughts


Whether you are performing actions at scale across multiple systems or managing a single system, Linux provides a range of tools to suit your needs. These tools can be terminal-based, such as SSH, or GUI-based like TeamViewer. Thanks to Linux’s flexibility as an operating system, as well as its support for protocols like SSH, remote administration of users and groups can be straightforward and efficient.

Frequently Asked Questions (FAQ)

Q: What is remote user and group management in Linux?

A: Remote user and group management in Linux involves the administration of user accounts and groups from a remote location. In addition, it’s the practice of maintaining user access, permissions, and security across multiple Linux machines. Management of users and groups is commonly performed according to the principle of Role-Based Access Control (RBAC).

You may be used to a Windows environment where tools like Remote Desktop Protocol and PowerShell remoting are used. When Active Directory is implemented in these environments, centralized user and group management and authentication are achieved easily.

In the Linux environment, things are a bit different – although, interestingly, Windows and Linux systems can communicate with each other using SSH and other protocols.

Q: What tools are available for remote management in Linux?


A: You have a choice of tools and protocols to suit your needs. They include GUI tools, like TeamViewer, and command-line tools, such as the SSH protocol using the ssh command. Other popular tools include Putty, which is a remoting tool that can be used across platforms (Windows, Linux, and MacOS).

In addition, there are infrastructure as code tools, as discussed earlier. Below you will find links to three of these: Terraform, Puppet, and Ansible.

ITPro Today Linux resources

Check out my contributor page for a library of my Linux articles: https://www.itprotoday.com/author/Grant-Knoetze

About the Author(s)

Grant Knoetze

Contributor

Grant Knoetze is a cybersecurity analyst with a special interest in DFIR, programming languages, incident response, red-teaming, and malware analysis. His full-time job includes teaching and instructing in various topics from basic Linux all the way through to malware incident response, and other advanced topics. He is also a speaker at various conferences worldwide.

www.grantknoetze.com

https://github.com/Grant-Knoetze

https://www.linkedin.com/in/grant-knoetze-563b0b1b6/

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like