adduser

create a new user or update default new user information

adduser [--home dir]|[--no-create-home]
         [--uid id] [--firstuid id] [--lastuid ID] | --gid ID][--ingroup group ] [--add_extra_groups]
        [--shell shell] [--disabled-password] [--disabled-login]
         [--conf file]         [--system]
        [--quiet] [--debug] [--force-badname] [--help|-h] [--version] [--conf file]

addgroup [--system] [options] [--gid ID] group
adduser options user group

usermod options user

# use same UID on all systems.

sudo adduser -c "Dennis German" --home  /home/dgerman dgerman --uid 501 --gid 50  #  --groups staff,sudo
adduser: `Dennis German' does not exist. Using defaults.
Adding user `dgerman' ...
Creating home directory `/home/dgerman' ...
Copying files from `/etc/skel' ...none
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for dgerman
Enter the new value, or press ENTER for the default
    Full Name []: Dennis German
    Room Number []: 
    Work Phone []: 
    Home Phone []: 862-210-9339
    Other []: 
Is the information correct? [Y/n] y
sudo passwd user


useradd

create a new user or update default new user information

useradd [options] loginName

Adds a new user account. May create the new user's home directory and copy initial files there.
Some versions will create a group for each user added to the system by default.

user

useradd -D # update Defaults

-u
--uid uid
Numerical uid, unsigned, and unique, (unless the -o is used).
Useful for having the same UID for the same user across multiple systems.
Default uses the next higher number than currently exists.
0-999 are typically reserved for system accounts.
# show the last 8 (non system ) UIDs used
sort -t ':' -n -k 3 /etc/passwd |cut -d : -f1,3|grep -v ':[[:digit:]]\{1,3\}$' |tail -n8 |head -n -1 
-o
--non-unique
Allow the creation of a user with a non-unique uid which is a synonm for other users with the same UID.
-g
--gid group
existing group name or number for initial group. Some systems require GID
# show groups in use
grep -v ':$' /etc/group |sort|sed "s/:x//"|column
-G g1[,g2,…
   [,gn
]]]
--groups
Existing Groups of which user is a member.
No default.
-n no group having the same name as the user will be created.
User will be in group specified in /etc/default/useradd. If no default group 1 will be used.
-c comment
--comment
full name.
-m
--create-home

-k
--skel skel_dir

Create home directory with files contained in /etc/skel.
Directories in /etc/skel or skel_dir will be created in the user's home directory .
-k overrides /etc/skel, only valid with -m . )
Default: Do not create the directory.
-M home directory will not be created.
-d
--home home_dir
don't create login directory.
Default: concatonate base_dir and login
-b
--base-dir base_dir
default base directory for the system if -d dir is not specified. base_dir is concatenated with the account name to define the home directory.
If -m is not used, base_dir must exist.
-s
--shell shell
login shell. The default leaves this field blank, which causes the system to select the default login shell.
-p
--password password
encrypted password, as returned by crypt.
The default is to have the account disabled.
Suggestion: leave the account disabled, then enter the password using sudo passwd loginName
-e yyyy-mm-dd
--expiredate
date the account will be disabled,
-f
--inactive days
grace period, after a password expires, after which the account is disabled.
0 disables the account as soon as the password has expired, and
-1 disables password ageing.
The default value is -1.
-K
--key KEY=value
Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others).
Example: -K PASS_MAX_DAYS=-1 can be used when creating system account to turn off password ageing, even though system account has no password at all.
Multiple -K entries can be specified, e.g.: -K UID_MIN=100 -K UID_MAX=499
-r create a system account. That is, a user with a UID lower than the value of UID_MIN defined in /etc/login.defs and whose password does not expire no a home directory is created unless -m is present.
-l (lower case L) /var/log/lastlog is not updated for this user.
-Z seuser
--selinux-user
For Security-Enhanced Linux. blank,
-h
--help
 


with -D displays defaults or updates defaults.

-b home_dir initial path prefix for home directory. The user's name will be affixed to the end of home_dir to create the new directory name if the -d is not used when creating a new account.
-e expire_date date account is disabled.
-f days days after a password has expired before the account will be disabled.
-g
--gid group
group name or ID for initial group, must exist, and a numerical group ID must have an existing entry.
-s
--shell shell

If no options are specified, useradd displays the current default values.

The system administrator is responsible for placing the default user files in /etc/skel .

CAVEATS
Adding a user to a NIS group must be performed on the NIS server.

if the username already exists in an external user database such as NIS, useradd will deny the user account creation request.

FILES

/etc/passwd User account information.
/etc/shadow Secure user account information.
/etc/group Group account information.
/etc/gshadow Secure group account information.
/etc/default/useradd Default values for account creation.
/etc/skel/ Directory containing default files.
/etc/login.defs Shadow password suite configuration.

EXIT VALUES

0 success
1 can't update password file
2 invalid command syntax
3 invalid argument to option
4 UID already in use (and no -o)
6 specified group doesn't exist
9 username already in use
10 can't update group file
12 can't create home directory
13 can't create mail spool

See userdel, usermod, chfn, chsh, passwd, crypt, groupadd, groupdel, groupmod, login.defs,

sample group file

From Raspberry pi 2/20/18
Many have no members
cat group nogroup:x:65534: root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:pi tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20:pi fax:x:21: voice:x:22: cdrom:x:24:pi floppy:x:25: tape:x:26: sudo:x:27:pi audio:x:29:pi dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44:pi sasl:x:45: plugdev:x:46:pi staff:x:50:dgerman games:x:60:pi users:x:100:pi,dgerman input:x:101:pi systemd-journal:x:102: systemd-timesync:x:103: systemd-network:x:104: systemd-resolve:x:105: systemd-bus-proxy:x:106: crontab:x:107: netdev:x:108:pi pi:x:1000: messagebus:x:109: ssh:x:110: bluetooth:x:111: avahi:x:112: spi:x:999:pi i2c:x:998:pi gpio:x:997:pi

usermod

modify a user account

usermod options uname

-g
--gid group
group name or number of the user's new initial login group. The group must exist.
Any file from the user's home directory owned by the previous primary group will be owned by this new group.
The group ownership of files outside of the user's home directory must be fixed manually.
-G group1[,group2,…
   [,groupn]]]

--groups
A list of supplementary groups which the user is also a member of. groups are separated by a comma, with no intervening whitespace.

If the user is currently a member of a group which is not listed, the user will be removed from the group unless -a (append) is used

-a
--append
Add the user to the supplementary group(s). only with -G
-c comment
--comment
normally modified using chfn
-d home_dir
--home
With -m contents of the current home directory will be moved to the new home
-m
--move-home
Move the content of the user's home directory to the new location. Only with -d or --home
Adapts ownership of the files and to copes the modes, Acess Control List and extended attributes, but manual changes might be needed
-e yyyy-mm-dd
--expiredate
when account will be disabled. An empty argument disables the expiration
-f days
--inactive
after a password expires until the account is permanently disabled.
With the account as soon as the password has expired, -1 disables the feature.
-l new_uname
--login
Nothing else is changed. In particular home directory or mail spool should be renamed.
-L
--lock
Lock a user's password. puts a ! in front of the encrypted password.
Not with -p or -U. To lock the account (not just access with a password) use --expiredate 1
-U
--unlock
Removes ! from front of the encrypted password. To unlock the account (not only access with a password) use --expiredate to 99999, see EXPIRE value from /etc/default/useradd.
-p password
--password
The encrypted password, as returned by crypt(3).
Not recommended because the password (or encrypted password) will be visible by users listing the processes. The password will be written in the local /etc/passwd or /etc/shadow file. This might differ from the password database configured in PAM configuration.
-R chroot_dir
--root
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-s
--shell shell
sets login shell. blank selects the default login shell.
-u
--uid uid
must be unique, unless -o is used.
The user's mailbox, and any files which the user owns and located in the user's home directory will have the file user ID changed
The ownership of files outside of the user's home directory must be fixed manually.

No checks will be performed with regard to the UID_MIN, UID_MAX, SYS_UID_MIN, or SYS_UID_MAX from /etc/login.defs.

-o
--non-unique
With -u allows to change the user ID to a non-unique value.i.e alias
-v first-last
--add-sub-uids
Add a range of subordinate uids to the user's account. May be specified multiple times
-V first-last
--del-sub-uids
Remove a range of subordinate uids from the user's account. May be specified multiple times
With --add-sub-uids all removals happens first.
-w first-last
--add-sub-gids
Add a range of subordinate gids. May be specified multiple times .
-W first-last
--del-sub-gids
Remove a range of subordinate gids from the user's account. May be specified multiple times
WIth --add-sub-gids are specified, all removals happens first.
-Z
--selinux-user SEUSER
The new SELinux (Secure Linux) user for the user's login. A blank SEUSER will remove the SELinux user mapping for user LOGIN (if any).

CAVEATS The user must not be executing any processes if the numerical user ID, user's name, or s home directory is being changed. Change the owner of crontab files or at jobs manually. Make changes involving NIS on the NIS server. CONFIGURATION Variables in /etc/login.defs

MAIL_DIR (string) The mail spool directory. needed to manipulate the mailbox when its corresponding user account is modified or deleted. If not specified, a compile-time default is used.
MAIL_FILE (string) location of the users mail spool files relatively to their home directory. The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and userdel to create, move, or delete the user's mail spool.
MAX_MEMBERS_PER_GROUP (n) Avoid using . When the maximum is reached, a new group entry line is started in /etc/group (with the same name, same password, and same GID).
default : 0 i.e. unlimited

split group permits a limit the length of lines in the group file. useful for NIS groups are not larger than 1024 characters. split groups is not supported by all tools

SUB_GID_MIN (n)
SUB_GID_MAX (n)
SUB_GID_COUNT (n)
If /etc/subuid exists, useradd and newusers (unless the user already have subordinate group IDs) allocate SUB_GID_COUNT unused group IDs from the range SUB_GID_MIN to SUB_GID_MAX for each new user.

The default values for
SUB_GID_MIN, SUB_GID_MAX and SUB_GID_COUNT are
100000, 600100000 and 10000.

SUB_UID_MIN (n)
SUB_UID_MAX (n)
SUB_UID_COUNT (n)
If /etc/subuid exists, useradd and newusers (unless the user already have subordinate user IDs) allocate SUB_UID_COUNT unused user IDs from the range SUB_UID_MIN to SUB_UID_MAX for each new user.
The default values for
SUB_UID_MIN, SUB_UID_MAX and SUB_UID_COUNT are
100000, 600100000 and 10000.
FILES
/etc/group Group account information.
/etc/gshadow Secure group account information.
/etc/login.defs Shadow password suite configuration.
/etc/passwd User account information.
/etc/shadow Secure user account information.
/etc/subgid Per user subordinate group IDs.
/etc/subuid Per user subordinate user IDs.

 cat /etc/default/useradd
# Default values for useradd(8)
#
# The SHELL variable specifies the default login shell on your system.
# Similar to DHSELL in adduser. However, we use "sh" here because useradd is a low level utility and should be as general as possible
SHELL=/bin/bash
#
# The default group for users 100=users on Debian systems
# Same as USERS_GID in adduser
# This argument is used when the -n flag is specified.
# default behavior (when -n and -g are not specified): create a primary user group with the same name as the user being added to the system.
# GROUP=100
#
# The default home directory. Same as DHOME for adduser
# HOME=/home
#
# The number of days after a password expires until the account # is permanently disabled
# INACTIVE=-1
#
# The default expire date
# EXPIRE=
#
# The SKEL variable specifies the directory containing "skeletal" user # files; 
# in other words, files such as a sample .profile that will be# copied to the new user's home directory when it is created.
SKEL=/etc/skel
#
# Defines whether the mail spool should be created while creating the account
# CREATE_MAIL_SPOOL=yes 


SEE ALSO chfn(1), chsh(1), passwd(1), crypt(3), gpasswd(8), groupadd(8), groupdel(8), groupmod(8), login.defs(5), subgid(5), subuid(5), useradd(8), userdel(8).

See

useradd, groupadd and usermod