Adding and removing users on a Linux system is one of the most important system administration tasks to familiarize yourself with. When you create a new system, you are often only given access to the root account by default.
While running as the root user gives you complete control over a system and its users, it is also dangerous and possibly destructive. For common system administration tasks, it’s a better idea to add an unprivileged user and carry out those tasks without root privileges. You can also create additional unprivileged accounts for any other users you may have on your system. Each user on a system should have their own separate account.
For tasks that require administrator privileges, there is a tool installed on Ubuntu systems called sudo
. Briefly, sudo
allows you to run a command as another user, including users with administrative privileges. In this guide, you’ll learn how to create user accounts, assign sudo
privileges, and delete users.
Deploy your frontend applications from GitHub using DigitalOcean App Platform. Let DigitalOcean focus on scaling your app.
To complete this tutorial, you will need access to a server running Ubuntu 24.04. If you don’t have an Ubuntu server, you can refer to How To Set Up an Ubuntu Server on a DigitalOcean Droplet to quickly set up a server. Ensure that you have root access to the server and firewall enabled. To set this up, follow our Initial Server Setup Guide for Ubuntu 20.04. These instructions, originally for Ubuntu 20.04, also apply to Ubuntu 24.04.
If you are signed in as the root user, you can create a new user at any time by running the following:
If you are signed in as a non-root user who has been given sudo
privileges, you can add a new user with the following command:
Either way, you will be required to respond to a series of questions:
ENTER
if you don’t wish to utilize these fields.Y
to continue.Your new user is now ready for use and can be logged into with the password that you entered.
If you need your new user to have administrative privileges, continue on to the next section.
If your new user should have the ability to execute commands with root (administrative) privileges, you will need to give the new user access to sudo
. Let’s examine two approaches to this task: first, adding the user to a pre-defined sudo user group, and second, specifying privileges on a per-user basis in sudo
’s configuration.
By default, sudo
on Ubuntu 20.04 systems is configured to extend full privileges to any user in the sudo group.
You can view what groups your new user is in with the groups
command:
By default, a new user is only in their own group because adduser
creates this in addition to the user profile. A user and its own group share the same name. In order to add the user to a new group, you can use the usermod
command:
The -aG
option tells usermod
to add the user to the listed groups.
Please note that the usermod
command itself requires sudo
privileges. This means that you can only add users to the sudo
group if you’re signed in as the root user or as another user that has already been added as a member of the sudo
group. In the latter case, you will have to precede this command with sudo
, as in this example:
/etc/sudoers
As an alternative to putting your user in the sudo group, you can use the visudo
command, which opens a configuration file called /etc/sudoers
in the system’s default editor, and explicitly specify privileges on a per-user basis.
Using visudo
is the only recommended way to make changes to /etc/sudoers
because it locks the file against multiple simultaneous edits and performs a validation check on its contents before overwriting the file. This helps to prevent a situation where you misconfigure sudo
and cannot fix the problem because you have lost sudo
privileges.
If you are currently signed in as root, run the following:
If you are signed in as a non-root user with sudo
privileges, run the same command with the sudo
prefix:
Traditionally, visudo
opened /etc/sudoers
in the vi
editor, which can be confusing for inexperienced users. By default on new Ubuntu installations, visudo
will use the nano
text editor, which provides a more convenient and accessible text editing experience. Use the arrow keys to move the cursor, and search for the line that reads like the following:
Below this line, add the following highlighted line. Be sure to change newuser
to the name of the user profile that you would like to grant sudo
privileges:
Add a new line like this for each user that should be given full sudo
privileges. When you’re finished, save and close the file by pressing CTRL + X
, followed by Y
, and then ENTER
to confirm.
Now your new user is able to execute commands with administrative privileges.
When signed in as the new user, you can execute commands as your regular user by typing commands as normal:
You can execute the same command with administrative privileges by typing sudo
ahead of the command:
When doing this, you will be prompted to enter the password of the regular user account you are signed in as.
In the event that you no longer need a user, it’s best to delete the old account.
You can delete the user itself, without deleting any of their files, by running the following command as root:
If you are signed in as another non-root user with sudo
privileges, you would use the following:
If, instead, you want to delete the user’s home directory when the user is deleted, you can issue the following command as root:
If you’re running this as a non-root user with sudo
privileges, you would run the same command with the sudo
prefix:
If you previously configured sudo
privileges for the user you deleted, you may want to remove the relevant line again:
Or use the following command if you are a non-root user with sudo
privileges:
This will prevent a new user created with the same name from being accidentally given sudo
privileges.
If a group was primarily for a specific user who has been deleted, and no other users are members of that group, you might want to remove it. You can do this using using the delgroup
command:
There are scenarios where you might want to temporarily disable a user account instead of deleting it permanently. Locking a user account typically involves making it impossible for them to log in without removing their home directory, files, or user ID.
You can “lock” a user’s password which will prevent them from authenticating using their account password. This is a common and effective way to disable login for a user. If you’re signed in as root, you can do this using the following command:
If you are signed in as a non-root user who has been given sudo privileges, you can lock the password with the following command:
The -l
option renders the original password invalid by prepending a !
or *
character to the hashed password in /etc/shadow
.
To unlock a user’s password and allow them to log in again, using their original password, run the following command:
And if you are signed in as a non-root user with sudo privileges, you can use the following command:
The -u
option changes the password back to its orignal value, before locking it.
Another approach is to change the user’s default login shell to a non-existent or null shell (like /usr/sbin/nologin
or /bin/false
). This prevents the user from establishing an interactive shell session upon login.
To change a user’s shell to /usr/sbin/nologin
:
To revert the shell to their original (e.g., /bin/bash
):
adduser
and useradd
?adduser
is a high-level, and user-friendly script that simplifies the process of creating a new user account. It interactively prompts for information, automatically creates a home directory, copies skeleton files (like .bashrc
, .profile
), sets appropriate permissions, and assigns a default shell. In most cases, it’s the recommended command for creating users on Debian-based systems like Ubuntu.
useradd
is a lower-level binary that provides fine-grained control over user creation. It does not create a home directory or copy skeleton files by default, requiring these to be specified with options or handled manually. It’s often used in scripts or for automated system management where precise control and non-interactive operation are necessary.
The most common and recommended way to grant sudo privileges to a user on Ubuntu is by adding them to the sudo
group. Members of this group are typically configured to be able to execute commands with root privileges.
You can add an existing user to the sudo group using the usermod
command:
Replace username
with the actual name of the user. The -a flag stands for “append” and -G specifies the supplementary group. Changes usually take effect upon the user’s next login.
By default, the deluser
command in Ubuntu (without specific options) deletes the user account but leaves their home directory and mail spool intact.
To remove a user’s home directory and mail spool along with the account, you should use the --remove-home
option:
If you wish to remove the user’s home directory and also create a backup before deletion, you can use the --backup-home
option:
Directly “recovering” a deleted user account with a single command is generally not possible in Linux. Once a user account is deleted, its entry is removed from system files like /etc/passwd
, /etc/shadow
, and /etc/group
.
However, the possibility of data recovery depends on how the user was deleted. If only the account was deleted (e.g., deluser
username without --remove-home
), the user’s home directory and files will still exist on the system. You can then recreate the user with the same username and, if possible, the same User ID (UID) and Group ID (GID), then point their new home directory to the old one. This allows them to regain access to their original files.
You should now have a fairly good handle on how to add and remove users from your Ubuntu 24.04 system, along with how to manage sudo
privileges, remove user groups and lock user accounts. Effective user management is important for maintaining the security, organization, and integrity of the Ubuntu system. The skills you learned today will allow you to separate users and give them only the access that they are required to do their job.
For more information about how to configure sudo
, check out our guide on how to edit the sudoers file.
For more Ubuntu-based content, check out the following articles:
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I added a user named
erelsgl
. but when I tried to login as that user, with the password I created:I got the following error:
How can I let the user I created login?