Linux System Administration

User Account Management

The user account management commands are useradd, groupadd, userdel, groupdel, and usermod. The user management records are appended in files: /etc/passwd, /etc/group and /etc/shadow.

Please note: We can add, del, and modify a user or a group only from the root account.

To create a user, the command is:

useradd user

To validate that the user is created, the command is:

id user

To create a group, the command is:

groupadd group

To delete a user, the command is:

userdel -r user

To delete a group, the command is:

groupdel group

To add the user1 to the user group, the command is:

usermod -G user1 user

The command grep is the filtering command. Using grep command with the saby /etc/passwd will only show the information of user saby within the /etc/folder.



The /etc/skel/ contains some hidden files which have profile settings and default values for applications. Hence, it serves as a default home directory and user profile. While using useradd -m option, the /etc/skel/ is copied to the newly created directory.

Login Shell

The /etc/passwd file also tells about the login shell for the user.

Look at the above snapshot, user guest will log in with /bin/bash shell and user jtp will log in with /bin/ksh shell.

You can change the shell mode with usermod command for a user.

Syntax :

  1. usermod -s <newShell> <userName>


Users can change their login shell with chsh command.

Both the command chsh and chsh -s will work to change the shell.

Syntax :

  1. chsh


You will learn here to change the password, set the password using different methods.

First method is by using passwd command.

Second method is with openssel passwd command.

A user can set the password with the command passwd. Old password has to be typed twice before entering the new one.

Syntax :

  1. passwd

shell warns the user from creating a simple password. Ultimately, after two or three attempts if password is not changed then the command passwd fails and you have to pass the command again.

Although, these rules are not applied on the root user neither they need to type the old password. They can change the password directly.

Shadow files are the encrypted user passwords which are kept in /etc/shadow. This file is read-only directory and can be read only by root.

Syntax :

  1. /etc/shadow

Switch Users

The command to switch user is su-username. To switch to a root user, the command is:

su -root
Please note - we have to provide the password after running the su command. However, if we are in root, and want to switch to another user, we do not need to provide a password.

Monitor Users

Some of the commands to monitor users are who, last, w, finger, and id.

The command who tells the number of users logged in, duration, and so on.


To get the details of all users who logged in from day one, the command is last


The command w tells the number of users logged in, duration, logging time, idle time, and so on.


The command id tells about the username, the groups to which the user is added, and so on.


Talking To Users

Some of the commands to talk to users are users, wall, and write.

To find the number of users currently logged in, the command is:


To broadcast a message to all users currently logged in, the command is:


To send a message to a specific user currently logged in, the command is:

write userid

Linux Directory Service

Linux accounts are of two types local and domain/directory.

A local account is generally added from the root with the command useradd. Then we can add the user to groups and also give permissions to the user.

The domain/directory accounts are set up on a server. The Linux machine we are using is like a client that sends an account authentication request to the server directory. If the account exists, the server replies that the user has been authenticated. In this way, the user is allowed to log in.

The Active Directory in Windows help to create an account in the directory server and the user gets authenticated. This is based on the LDAP protocol. Linux does not use the LDAP protocol.

Difference between LDAP, Active Directory, IDM, WinBIND, OpenLDAP

  • Active Directory product is developed by Microsoft.
  • IDM or Identity Manager is developed by Redhat.
  • WinBIND is used in Linux to communicate with Windows. It is developed by Samba.
  • OpenLDAP - This is open-source.
  • IBM Directory Server product is developed by IBM.
  • LDAP or Lightweight Directory Access Protocol is used by Windows.

System Utility Commands

Some of the system utility commands are date, uptime, hostname, uname, which, cal, and bc.

To get the date, the command is:


The command uptime displays the current time, duration of the system running, the number of users logged in, average CPU load, and so on.


To get the hostname, the command is:


To get the environment type, the command is:


The command which displays the location of a command.



The command cal displays the calendar. The calendar is displayed with the current date highlighted.



The command bc does the binary calculation. The input of 2+2 gave the output 4.



Processes and Jobs

An application or service is a program that works on our computer. Like Powerpoint in Windows, NTP in Linux, and so on. The shell scripts or commands are a list of instructions like cd, pwd. When an application gets started, a process starts with an id.

Types of the process :

  1. Child process: A process that is created by some other process during the run time.
  2. Daemon process: These are special processes that run in the background.
  3. Orphan process: When the parent process gets killed, the child process becomes orphan, and then the init process takes control over the orphan process.
  4. Zombie process: A zombie process is the one that should have terminated but still active in the process table. This is usually caused because the parent process didn't realize that the process has been completed or wants to create another process of the same name without using the same process ID.
  5. Interactive process: These processes interact constantly with their users and therefore spend a lot of time waiting for keypresses and mouse operations.
  6. Batch or Automatic process: These do not need user interaction and hence they often run in the background.

A service can trigger multiple processes. A daemon is a process that runs in the background constantly if not stopped explicitly. A process can trigger multiple threads. A job or work order runs a service or a process at a scheduled time.

Some of the process and service commands are systemctl, ps, top, kill, crontab, and at.

The process and service commands are generally run from the root user.

To restart a process, the command is:

systemctl restart processname

To check the processes running in the system, the command is:

ps -ef

The command ps -ef | grep ntpd shall find and display the ntpd process details currently running.


To check the status of a process, the command is:

systemctl status processname

To stop a process, the command is:

systemctl stop processname

To enable a process, the command is:

systemctl enable processname

The top command is used to monitor all the processes. It tells about the CPU usage, process id, memory utilization, duration, and much more information.


To kill a process, the command is:

kill processid
systemctl end processname

Cron Jobs in Linux

There are four different types of cronjobs. They are hourly, daily, weekly, monthly. All these jobs are set up in /etc/cron._(directory). The timing for each of the jobs except hourly is set up inside /etc/anacrontab directory.

The hourly job is set up inside the /etc/cron.d/hourly directory.

The command ls -l | grep cron shall give us all the jobs available residing within the /etc folder.


Now to get the scripts within the daily job, we shall first move to the location with the cd cron.daily command and then run the command ls - l.


We can move a job from one folder to another for example from daily to weekly job the mv command is executed.

To get the timings and all other information on the daily job we have to move to /etc/cron.daily location, then run the command:

cat /etc/anacrontab 

Process Management in Linux

To stop a process, the command is:


To get the status of a process, the command is:


To run a process in the background, the command is:


The command ps -ef | grep sleep shall display all the details of the sleep process running.


To run a process at the foreground, the command is:


The command nohut sleep 75 & shall execute the sleep process even if we exit from the terminal. A message with nohup.out also gets displayed.


To get rid of the message displayed we have to run the command nohup sleep 73 > /dev/null 2>&1 &.


To set a priority of five to the process sleep for the CPU, the command is:

nice -n sleep 10

System Monitoring in Linux

Some of the system monitoring commands are top, df, dmesg, iostat 1, netstat, free, cat /proc/cpuinfo, and /proc/meminfo.

To get all the running processes along with the details like CPU usage, process id, memory utilization, duration, and so on, the command is:


To get the disk partition information, the command is:


To get the disk partition information in a more readable format, the command is:

df -h

To get the system related warnings, error messages, failures, memory leaks, CPU issues, and so on, the command is:


To get the input and output statistics like communication with peripheral devices, internal devices, network, the command is:


To get the input and output statistics like communication with peripheral devices, internal devices, network and get the data refreshed at every one second, the command is:

iostat 1

To get the information of gateway, and subnet mask, the command is:

netstat -rnv

The command free is used to get information on physical memory and swap space details i.e the virtual memory.


To get the CPU information of the system, the command is:

cat /proc/cpuinfo

To get the memory information of the system, the command is:

cat /proc/meminfo

Log Monitoring

The log monitoring is an important method of system administration. The log directory is present within the /var/log. This location can be reconfigured or changed.

Some of the logs that get generated are:

  • boot - It is generated when the system is booted or rebooted.
  • chronyd - It is generated while we make any changes to the chronyd services.
  • cron - It is generated if a job is scheduled through the crontab. The activity or the record gets added to the cron log file.
  • maillog - It is generated whenever mail is sent or received.
  • secure - It is generated to capture the user's login and log out activities.
  • messages - It is generated to capture the hardware, software, and process information.
  • httpd

System Maintenance Commands

Some of the system maintenance commands are:

  • shutdown - to bring down the system.
  • init 0-6 [run levels range from 0 to 6] - has different levels of bringing the system down.
  • reboot - to reboot the system
  • halt - to shut down the system even if other processes are running.

Changing Linux Hostname

To get the hostname of our machine, the command is:


The Linux version 7 keeps the hostname information inside the directory /etc/hostname. For version 6, the location was /etc/sysconfig/network.

Please note - For changing the hostname we have to log in as root.


To change the hostname of a system, the command is:

hostnamectl set-hostname newhostname

Then the system should be rebooted to reflect the newhostname.

Finding System Information

Some of the commands to find system information are:

  • cat /etc/redhat-release - To give the information about the operating system.
  • uname -a - To get information about the operating system and kernel.
  • dmidecode - To get information about the operating system's processor, hardware, and memory.


Finding System Architecture

There are two different types of system architecture - 32 bit and 64 bit. This basic difference between them lies in the number of calculations per second they can perform. This determines the speed at which they can perform a task.

A 64-bit processor can be of dual-core, quad-core, six-core, and eight-core versions which can help in home computing. More than one cores enable more calculations per second that can be performed. Thus the speed and performance of the computer improve even while performing complex tasks.

To get the system architecture, the command is:


Terminal Control Keys

Multiple key combinations on the keyboard can have a special effect on the terminal. The control keys are obtained by holding the CTRL key while typing the letter C.

Some common terminal control keys are listed below:

  • CTRL-U - To remove whatever we have typed.
  • CTRL-C - To stop/kill command.
  • CTRL-Z - To suspend a command.
  • CTRL-D - To exit from the interactive program.

Terminal Commands

To clear the screen, the command is:


To exit out of the shell, terminal, or a user session, the command is:


The script command holds the terminal activities in a log file that can be named by a user.


Here, the log-act.log file contains all the activities performed after triggering the script command. To come out of the script command exit is used. Finally, the cat log-act.log command is executed to verify if the activities that have been performed after running the script.

Recover Root Password

To recover the root password the below steps are performed:

  • Reboot the system with the reboot command.
  • Edit the grub.
  • Change the password.
  • Again reboot the system.

SOS Report

An SOS report can collect and support information. To have an SOS report, we have to install it with the command sos -version.

To collect all information, files, and directories for SOS, the command is:


Environment Variables in Linux

An environment variable is a dynamic-named value that can change the way a process is executing on the computer. They belong to the environment to which the process runs.

It can be said as a group of defined rules and values to build an environment.

To view all environment variables, the command is:


The command echo $JAVA_HOME shall display the value set for the JAVA_HOME environment.


To set the value to an environment variable TEXT, the command is:

export TEXT=1
Please note - The environment variable set with the export command is temporary and it goes away once we log off from the system.

To set environment variables permanently, first, we have run the command:

vi .bashrc

The vi editor opens, to set an environment variable TEST with value 123, the command is:

export TEST

To set the environment variable for all users, we have to modify the files /etc/profile and /etc/bashrc. The command is:

vi /etc/profile or /etc/bashrc
export TEST
About Author :

Myself Debomita Bhattacharjee, an IT employee with 6+ years of experience in Software industry. My area of interest is Automation testing and Front End Development.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions