adduser
create a new user or update default new user information
sudo adduser [--home dir]|[--no-create-home]
[--uid id] [--firstuid id] [--lastuid id]
|--gid ID][--ingroup group ]
[--add_extra_groups]
[--shell shell] [--disabled-password] [--disabled-login]
[--conf file]
[--system]
[--quiet] [--debug]
[--force-badname] [--help|-h] [--version] [--conf file]
useradd
, groupadd and usermod
are friendlier front ends to the low level tools like this.
addgroup [--system] [options] [--gid ID] group
# use same UID on all systems.
sudo adduser -c "Dennis German" --home /home/dgerman dgerman --uid 501 --gid 50 # --groups staff,sudo
adduser: `Dennis German' does not exist. Using defaults.
Adding user `dgerman' ...
Creating home directory `/home/dgerman' ...
Copying files from `/etc/skel' ...none
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for dgerman
Enter the new value, or press ENTER for the default
Full Name []: Dennis German
Room Number []:
Work Phone []:
Home Phone []: 862-210-9339
Other []:
Is the information correct? [Y/n] y
sudo passwd user
useradd, groupadd and usermod
are friendlier front ends to the low level tools
By default choosing policy conformant UID and GID values, creating a home directory with skeletal configuration, running a custom script, and other features.
Run in modes to add:
- a normal user: called with one non-option argument ( not
--system or --group
)
- a system user
If called with one non-option argument and the --system option, adduser will add a system user. If a user with the same name already exists in
the system uid range (or, if the uid is specified, if a user with that uid already exists), adduser will exit with a warning.
Chooses the first available UID from the range specified for system users in the configuration file (FIRST_SYSTEM_UID and LAST_SYS TEM_UID).
to have a specific UID, specify --uid
By default, system users are placed in the nogroup group. To place the new system user in an already existing group, use the --gid or --ingroup
options. To place the new system user in a new group with the same ID, use the --group option.
A home directory is created by the same rules as for normal users. The new system user will have the shell /usr/sbin/nologin (unless overridden
with the --shell option), and have logins disabled. Skeletal configuration files are not copied.
- a user group
called with the --group option and without the --system option, or addgroup is called respectively, a user group will be added.
A GID will be chosen from the range specified for system GIDS in the configuration file (FIRST_GID, LAST_GID). To override that mechanism you can
give the GID using the --gid option.
The group is created with no users.
- a system group with the --system option, a system group will be added.
A GID will be chosen from the range specified for system GIDS in the configuration file (FIRST_SYSTEM_GID, LAST_SYSTEM_GID
). To override that mechanism you can give the GID using the --gid option.
The group is created with no users.
- an existing user to an existing group If called with two non-option arguments
--conf FILEinstead of /etc/adduser.conf.
| --disabled-login Do not run passwd, user won't be able to use her account until the password is set.
| --disabled-password Like --disabled-login , but logins are still possible (for example using SSH RSA keys) but not using password authentication.
| --force-badname apply a weak check for validity of the name. NAME_REGEX is described in adduser.conf(5).
By default, user and group names are checked against the configurable regular expression NAME_REGEX specified in the configuration file.
| --gecos GECOS Set the gecos field for the new entry generated. adduser will not ask for finger information if this option is given.
| --gid ID When creating a group, the new groupid to be the given number.
When creating a user, put the user in that group.
| --group with --system a group with the same name and ID as the system user is created.
not with --system, a group with the given name is created.
This is the default action if the program is invoked as addgroup.
| --help
| --home DIR user's home directory, created and skeleton files are copied.
rather than the default specified by the configuration file.
| --shell SHELLrather than the default specified by the configuration file.
| --ingroup GROUP
Add the new user to GROUP instead of a usergroup or the default group defined by USERS_GID in the configuration file.
affects the users primary group.
To add additional groups, see the add_extra_groups option.
| --no-create-home Do not create the home directory
| --system Create a system user or group.
| --uid ID Force the new userid to be the given number. adduser will fail if the userid is already taken.
| --firstuid ID Override the first uid in the range that the uid is chosen from (overrides FIRST_UID specified in the configuration file).
| --lastuid ID Override the last uid in the range that the uid is chosen from ( LAST_UID )
| --add_extra_groups Add new user to extra groups defined in the configuration file.
| --version Display version and copyright information.
| --quiet Suppress informational messages, only show warnings and errors.
| --debug Be verbose, most useful if you want to nail down a problem with adduser.
| | | | | | | | | | | | | | | | | | | | |
EXIT VALUES
0 The user exists as specified. This can have 2 causes: The user was created by adduser or the user was already present on the system before
adduser was invoked. If adduser was returning 0 , invoking adduser a second time with the same parameters as before also returns 0.
1 Creating the user or group failed , already present with other UID/GID than specified.
The username or groupname was rejected
because of a mismatch with the configured regular expressions, see adduser.conf(5). Adduser has been aborted by a signal.
Or for many other yet undocumented reasons which are printed to console then. You may then consider to remove --quiet to make adduser more
verbose.
FILES
/etc/adduser.conf
Default configuration file for adduser and addgrouppi@pibu734c 1/20/20
-rw-r--r-- 1 root root 2981 Sep 26 01:06 adduser.conf
# /etc/adduser.conf:
# default login shell
DSHELL=/bin/bash
# directory containing users' home directories.
DHOME=/home
# home directories will be created as /home/groupname/user.
GROUPHOMES=no
# home directories will have an extra directory - the first letter of the user name. ( why? ed)
# For example: /home/u/user.
LETTERHOMES=no
# directory containing "skeletal" user as a sample .profile that will be copied to the user's home directory
SKEL=/etc/skel
# range for IDs for dynamically allocated administrative and system accounts/groups.
# system software may assume that UIDs less than 100 are unallocated.
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999
FIRST_SYSTEM_GID=100
LAST_SYSTEM_GID=999
# range of IDs of dynamically allocated user accounts/groups.
FIRST_UID=1000
LAST_UID=59999
FIRST_GID=1000
LAST_GID=59999
# yes: user will be given their own group
# no : user will be placed in USERS_GID
USERGROUPS=yes
# If USERGROUPS is "no", then USERS_GID should be the GID of the group `users'
USERS_GID=100
# directories will be created with mode. Otherwise 0755
DIR_MODE=0755
# yes home directories for users with their own group: setgid will be set. DISCOURAGED
SETGID_HOME=no
# default quota (set with: edquota -p QUOTAUSER newuser)
QUOTAUSER=""
# ignore files matching this regular expression when creating a new home directory
SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)"
# groups a non-system user will be added to with --add_extra_groups
#EXTRA_GROUPS="dialout cdrom floppy audio video plugdev users"
# If ADD_EXTRA_GROUPS is non-zero, EXTRA_GROUPS will be default for non-system users
#ADD_EXTRA_GROUPS=1
# user and group names must match this regular expression. Example: start with a LC letter, the rest LC letters or numbers or _
#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
/usr/local/sbin/adduser.local
Optional custom add-ons.
useradd
create a new user or update default new user information
useradd [options] loginName
adduser is better.
Adds a new user account. May create the new user's home directory and copy initial files there.
Some versions will create a group for each user added to the system by default.
user
useradd -D # update Defaults
-u --uid uid Numerical uid , unsigned, and unique, (unless the -o is used).
Useful for having the same UID for the same user across multiple systems.
Default uses the next higher number than currently exists.
0-999 are typically reserved for system accounts.
# show the last 8 (non system ) UIDs used
sort -t ':' -n -k 3 /etc/passwd |cut -d : -f1,3|grep -v ':[[:digit:]]\{1,3\}$' |tail -n8 |head -n -1
| -o --non-unique Allow the creation of a user with a non-unique uid which is a synonm for other users with the same UID.
| -g --gid group existing group name or number for initial group. Some systems require GID
# show groups in use
grep -v ':$' /etc/group |sort|sed "s/:x//"|column
| -G g1[,g2,… [,gn ]]] --groups Existing Groups of which user is a member.
No default.
| -n no group having the same name as the user will be created.
User will be in group specified in /etc/default/useradd . If no default group 1 will be used.
| -c comment --comment full name.
|
-m --create-home
-k
--skel skel_dir Create home directory with files contained in /etc/skel .
Directories in /etc/skel or skel_dir will be created in the user's home directory .
-k overrides /etc/skel , only valid with -m . )
Default: Do not create the directory.
| -M home directory will not be created.
| -d --home home_dir don't create login directory.
Default: concatonate base_dir and login
| -b --base-dir base_dir default base directory for the system if -d dir is not specified. base_dir is concatenated with the account name to define the home directory.
If -m is not used, base_dir must exist.
|
-s --shell shell login shell. The default leaves this field blank, which causes the system to select the default login shell.
|
-p --password password encrypted password, as returned by crypt .
The default is to have the account disabled.
Suggestion: leave the account disabled, then enter the password using sudo passwd loginName
| -e yyyy-mm-dd --expiredate date the account will be disabled,
| -f --inactive days grace period, after a password expires, after which the account is disabled.
0 disables the account as soon as the password has expired, and
-1 disables password ageing.
The default value is -1.
|
-K --key KEY=value Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK , PASS_MAX_DAYS and others).
Example: -K PASS_MAX_DAYS=-1 can be used when creating system account to turn off password ageing, even though system account has no password at all.
Multiple -K entries can be specified, e.g.: -K UID_MIN=100 -K UID_MAX=499
| -r create a system account. That is, a user with a UID lower than the value of UID_MIN defined in /etc/login.defs and whose password does not expire no a home directory is created unless -m is present.
| -l (lower case L) | /var/log/lastlog is not updated for this user.
| -Z seuser --selinux-user For Security-Enhanced Linux. blank,
-h --help
| | | | | | | | | | | | | | | | | | | |
with -D
displays defaults or updates defaults.
-b home_dir initial path prefix for home directory. The user's name will be affixed
to the end of home_dir to create the new directory name if the -d is not used when creating a new account.
| -e expire_date date account is disabled.
| -f days days after a password has expired before the account will be disabled.
| -g --gid group group name or ID for initial group, must exist, and a
numerical group ID must have an existing entry.
| -s --shell shell
| | | | | |
If no options are specified, displays the current default values.
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no
The system administrator is responsible for placing the default user files in /etc/skel
.
CAVEATS
Adding a user to a NIS group must be performed on the NIS server.
if the username already exists in an external user database such as NIS, useradd
will deny the user account creation request.
FILES
/etc/passwd User account information.
| /etc/shadow Secure user account information.
| /etc/group Group account information.
| /etc/gshadow Secure group account information.
| /etc/default/useradd Default values for account creation.
| /etc/skel/ Directory containing default files.
| /etc/login.defs Shadow password suite configuration.
| | | | | | | |
EXIT VALUES
0 success
1 can't update password file
2 invalid command syntax
3 invalid argument to option
4 UID already in use (and no -o)
6 specified group doesn't exist
9 username already in use
10 can't update group file
12 can't create home directory
13 can't create mail spool
See
userdel, usermod, chfn, chsh, passwd, crypt, groupadd, groupdel, groupmod, login.defs,
sample group file
From Raspberry pi 2/20/18
Many have no members
cat group
nogroup:x:65534:
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:pi
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
|
dialout:x:20:pi
fax:x:21:
voice:x:22:
cdrom:x:24:pi
floppy:x:25:
tape:x:26:
sudo:x:27:pi
audio:x:29:pi
|
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:pi
sasl:x:45:
plugdev:x:46:pi
staff:x:50:dgerman
|
games:x:60:pi
users:x:100:pi,dgerman
input:x:101:pi
systemd-journal:x:102:
systemd-timesync:x:103:
systemd-network:x:104:
systemd-resolve:x:105:
systemd-bus-proxy:x:106:
crontab:x:107:
netdev:x:108:pi
|
pi:x:1000:
messagebus:x:109:
ssh:x:110:
bluetooth:x:111:
avahi:x:112:
spi:x:999:pi
i2c:x:998:pi
gpio:x:997:pi
|
usermod
modify a user account
usermod options uname
-g --gid group group name or number of the user's initial login group which must exist.
Files from the user's home directory owned by the previous primary group will be owned by this new group.
The group ownership of files outside of the user's home directory must be fixed manually.
| -G group1[,group2,…
[,groupn]]]
--groups |
Supplementary groups which the user is a member of separated by a comma, with no
intervening whitespace.
If the user is currently a member of a group which is not listed, the user will be removed from the group unless
-a (append) is used
| -a --append Add the user to the supplementary group(s), only with -G
-c comment --comment normally modified using chfn finger
| -d home_dir --home
With -m contents of the current home directory will be moved to the new home
-m --move-home Move the contents of the user's home directory to the new location.
Only with -d or --home
Adapts ownership of the files and retains the modes, Acess Control List and extended attributes, but manual changes
might be needed
| -e [yyyy-mm-dd] --expiredate when account will be disabled. An empty argument disables the expiration
| -f days --inactive after a password expires until the account is permanently disabled.
With 0̸ the account as soon as the password has expired, -1 disables the feature.
| -l new_uname --login
new_uname Nothing else is changed. In particular home directory or mail spool should be renamed.
| -L --lock
Lock user's password. puts a ! in front of the encrypted password.
Not with -p or -U .
To lock the account (not just access with a password) use --expiredate 1
| -U --unlock
Removes ! from front of the encrypted password.
To unlock the account (not only access with a password) use --expiredate
to 99999, see EXPIRE value from /etc/default/useradd .
| -p password --password Set encrypted password, as returned from crypt.
Not recommended because the password will be visible by users watching the processes.
The password will be written in the local /etc/passwd or /etc/shadow file.
| -R chroot_dir --root
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
| -s --shell shellsets login shell, blank selects the default login shell.
| -u --uid uid Sets uid must be unique, unless -o is used.
The user's mailbox, and any files which the user owns and located in the user's home directory will have the file
user ID changed
The ownership of files outside of the user's home directory must be fixed manually.
No checks will be performed with regard to the UID_MIN, UID_MAX, SYS_UID_MIN, or SYS_UID_MAX from /etc/login.defs.
| -o --non-unique With -u allows changing the user ID to a non-unique value.i.e alias
| -v first-last --add-sub-uids Add a range of subordinate uids to the user's account.
May be specified multiple times
| -V first-last --del-sub-uids RemoVe subordinate uids
May be specified multiple times
With --add-sub-uids removals happens before adds.
| -w first-last --add-sub-gids b>Add .
May be specified multiple times .
-W first-last --del-sub-gids Remove subordinate gids.
May be specified multiple times
With removals happen befor adds
| -Z --selinux-user SEUSER SELinux (Secure Linux) user
A blank SEUSER will remove the SELinux user mapping for user LOGIN
| | | | | | | | | | | | | | | | | | | | | | | |
CAVEATS
The user must not be executing any processes if the numerical user ID, user's name, or s home directory is being changed.
Change the owner of crontab files or at jobs manually.
Make changes involving NIS on the NIS server.
CONFIGURATION
Variables in /etc/login.defs
MAIL_DIR (string)
The mail spool directory. needed to manipulate the mailbox when its corresponding user account is modified or
deleted. If not specified, a compile-time default is used.
| MAIL_FILE (string)
location of the users mail spool files relatively to their home directory.
The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and userdel to create, move, or delete the user's mail spool.
| MAX_MEMBERS_PER_GROUP (n)
Avoid using . When the maximum is reached, a new group entry line is started in /etc/group (with the same name, same password, and same GID).
default : 0 i.e. unlimited
Split group permits a limit the length of lines in the group file. useful for NIS groups are not larger than 1024 characters.
Split groups is not supported by all tools
| SUB_GID_MIN (n) SUB_GID_MAX (n) SUB_GID_COUNT (n)
If /etc/subuid exists, useradd and newusers (unless the user already have subordinate group IDs) allocate
SUB_GID_COUNT unused group IDs from the range SUB_GID_MIN to SUB_GID_MAX for each new user.
The default values for SUB_GID_MIN, SUB_GID_MAX and SUB_GID_COUNT are
100000, 600100000 and 10000.
| SUB_UID_MIN (n) SUB_UID_MAX (n) SUB_UID_COUNT (n)
If /etc/subuid exists, useradd and newusers (unless the user already have subordinate user IDs) allocate
SUB_UID_COUNT unused user IDs from the range SUB_UID_MIN to SUB_UID_MAX for each new user.
The default values for
SUB_UID_MIN, SUB_UID_MAX and SUB_UID_COUNT are
100000, 600100000 and 10000.
| | | | | |
FILES
/etc/group Group account information.
| /etc/gshadow Secure group account information.
| /etc/login.defs Shadow password suite configuration.
| /etc/passwd User account information.
| /etc/shadow Secure user account information.
| /etc/subgid Per user subordinate group IDs.
| /etc/subuid Per user subordinate user IDs.
| | | | | | | |
cat /etc/default/useradd
# Default values for useradd(8)
#
# The SHELL variable specifies the default login shell on your system.
# Similar to DHSELL in adduser. However, we use "sh" here because useradd is a low level utility and should be as general as possible
SHELL=/bin/bash
#
# The default group for users 100=users on Debian systems
# Same as USERS_GID in adduser
# This argument is used when the -n flag is specified.
# default behavior (when -n and -g are not specified): create a primary user group with the same name as the user being added to the system.
# GROUP=100
#
# The default home directory. Same as DHOME for adduser
# HOME=/home
#
# The number of days after a password expires until the account # is permanently disabled
# INACTIVE=-1
#
# The default expire date
# EXPIRE=
#
# The SKEL variable specifies the directory containing "skeletal" user # files;
# in other words, files such as a sample .profile that will be# copied to the new user's home directory when it is created.
SKEL=/etc/skel
#
# Defines whether the mail spool should be created while creating the account
# CREATE_MAIL_SPOOL=yes
SEE ALSO
chfn(1), chsh(1), passwd(1), crypt(3), gpasswd(8), groupadd(8), groupdel(8), groupmod(8), login.defs(5), subgid(5), subuid(5),
useradd(8), userdel(8).
See
useradd, groupadd and usermod