adduser

create a new user or update default new user information

sudo adduser [--home dir]|[--no-create-home]
        [--uid id] [--firstuid id] [--lastuid id]
        |--gid ID][--ingroup group ] [--add_extra_groups]
        [--shell shell] [--disabled-password] [--disabled-login]
        [--conf file]         [--system]
        [--quiet] [--debug] [--force-badname] [--help|-h] [--version] [--conf file]

useradd, groupadd and usermod

are friendlier front ends to the low level tools like this.

addgroup [--system] [options] [--gid ID] group

# use same UID on all systems.

sudo adduser -c "Dennis German" --home  /home/dgerman dgerman --uid 501 --gid 50  #  --groups staff,sudo
adduser: `Dennis German' does not exist. Using defaults.
Adding user `dgerman' ...
Creating home directory `/home/dgerman' ...
Copying files from `/etc/skel' ...none
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for dgerman
Enter the new value, or press ENTER for the default
    Full Name []: Dennis German
    Room Number []: 
    Work Phone []: 
    Home Phone []: 862-210-9339
    Other []: 
Is the information correct? [Y/n] y
sudo passwd user

useradd, groupadd and usermod are friendlier front ends to the low level tools By default choosing policy conformant UID and GID values, creating a home directory with skeletal configuration, running a custom script, and other features.

Run in modes to add:

--conf FILEinstead of /etc/adduser.conf.
--disabled-login Do not run passwd, user won't be able to use her account until the password is set.
--disabled-password Like --disabled-login, but logins are still possible (for example using SSH RSA keys) but not using password authentication.
--force-badname apply a weak check for validity of the name. NAME_REGEX is described in adduser.conf(5).
By default, user and group names are checked against the configurable regular expression NAME_REGEX specified in the configuration file.
--gecos GECOS Set the gecos field for the new entry generated. adduser will not ask for finger information if this option is given.
--gid ID When creating a group, the new groupid to be the given number.
When creating a user, put the user in that group.
--group with --system a group with the same name and ID as the system user is created.
not with --system, a group with the given name is created.
This is the default action if the program is invoked as addgroup.
--help
--home DIR user's home directory, created and skeleton files are copied.
rather than the default specified by the configuration file.
--shell SHELLrather than the default specified by the configuration file.
--ingroup GROUP Add the new user to GROUP instead of a usergroup or the default group defined by USERS_GID in the configuration file.
affects the users primary group.
To add additional groups, see the add_extra_groups option.
--no-create-home Do not create the home directory
--system Create a system user or group.
--uid ID Force the new userid to be the given number. adduser will fail if the userid is already taken.
--firstuid ID Override the first uid in the range that the uid is chosen from (overrides FIRST_UID specified in the configuration file).
--lastuid ID Override the last uid in the range that the uid is chosen from ( LAST_UID )
--add_extra_groups Add new user to extra groups defined in the configuration file.
--version Display version and copyright information.
--quiet Suppress informational messages, only show warnings and errors.
--debug Be verbose, most useful if you want to nail down a problem with adduser.

EXIT VALUES

0 The user exists as specified. This can have 2 causes: The user was created by adduser or the user was already present on the system before adduser was invoked. If adduser was returning 0 , invoking adduser a second time with the same parameters as before also returns 0. 1 Creating the user or group failed , already present with other UID/GID than specified.
The username or groupname was rejected because of a mismatch with the configured regular expressions, see adduser.conf(5). Adduser has been aborted by a signal. Or for many other yet undocumented reasons which are printed to console then. You may then consider to remove --quiet to make adduser more verbose. FILES /etc/adduser.conf Default configuration file for adduser and addgroup
pi@pibu734c  1/20/20

-rw-r--r-- 1 root root 2981 Sep 26 01:06 adduser.conf
# /etc/adduser.conf: 

# default login shell 
DSHELL=/bin/bash

# directory containing users' home directories.
DHOME=/home

# home directories will be created as /home/groupname/user.
GROUPHOMES=no

# home directories will have an extra directory - the first letter of the user name.  ( why? ed)
# For example: /home/u/user.
LETTERHOMES=no

# directory containing "skeletal" user as a sample .profile that will be copied to the user's home directory 
SKEL=/etc/skel

# range for IDs for dynamically allocated administrative and system accounts/groups.
#        system software may assume that UIDs less than 100 are unallocated.
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999

FIRST_SYSTEM_GID=100
LAST_SYSTEM_GID=999

# range of IDs of dynamically allocated user accounts/groups.
FIRST_UID=1000
LAST_UID=59999

FIRST_GID=1000
LAST_GID=59999

# yes: user will be given their own group 
# no : user will be placed in USERS_GID 
USERGROUPS=yes

# If USERGROUPS is "no", then USERS_GID should be the GID of the group `users' 
USERS_GID=100

# directories will be created with mode. Otherwise 0755 
DIR_MODE=0755

# yes home directories for users with their own  group: setgid will be set. DISCOURAGED
SETGID_HOME=no

# default quota (set with: edquota -p QUOTAUSER newuser)
QUOTAUSER=""

# ignore files matching this regular expression when creating a new home directory
SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)"

# groups a non-system user will be added to with --add_extra_groups 
#EXTRA_GROUPS="dialout cdrom floppy audio video plugdev users"

# If ADD_EXTRA_GROUPS is non-zero, EXTRA_GROUPS will be default for non-system users
#ADD_EXTRA_GROUPS=1 

# user and group names must match this regular expression. Example: start with a LC letter, the rest LC letters or numbers or _
#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
/usr/local/sbin/adduser.local Optional custom add-ons.

useradd

create a new user or update default new user information

useradd [options] loginName

adduser is better.

Adds a new user account. May create the new user's home directory and copy initial files there.
Some versions will create a group for each user added to the system by default.

user

useradd -D # update Defaults

-u
--uid uid
Numerical uid, unsigned, and unique, (unless the -o is used).
Useful for having the same UID for the same user across multiple systems.
Default uses the next higher number than currently exists.
0-999 are typically reserved for system accounts.
# show the last 8 (non system ) UIDs used
sort -t ':' -n -k 3 /etc/passwd |cut -d : -f1,3|grep -v ':[[:digit:]]\{1,3\}$' |tail -n8 |head -n -1 
-o
--non-unique
Allow the creation of a user with a non-unique uid which is a synonm for other users with the same UID.
-g
--gid group
existing group name or number for initial group. Some systems require GID
# show groups in use
grep -v ':$' /etc/group |sort|sed "s/:x//"|column
-G g1[,g2,…
   [,gn
]]]
--groups
Existing Groups of which user is a member.
No default.
-n no group having the same name as the user will be created.
User will be in group specified in /etc/default/useradd. If no default group 1 will be used.
-c comment
--comment
full name.
-m
--create-home

-k
--skel skel_dir

Create home directory with files contained in /etc/skel.
Directories in /etc/skel or skel_dir will be created in the user's home directory .
-k overrides /etc/skel, only valid with -m . )
Default: Do not create the directory.
-M home directory will not be created.
-d
--home home_dir
don't create login directory.
Default: concatonate base_dir and login
-b
--base-dir base_dir
default base directory for the system if -d dir is not specified. base_dir is concatenated with the account name to define the home directory.
If -m is not used, base_dir must exist.
-s
--shell shell
login shell. The default leaves this field blank, which causes the system to select the default login shell.
-p
--password password
encrypted password, as returned by crypt.
The default is to have the account disabled.
Suggestion: leave the account disabled, then enter the password using sudo passwd loginName
-e yyyy-mm-dd
--expiredate
date the account will be disabled,
-f
--inactive days
grace period, after a password expires, after which the account is disabled.
0 disables the account as soon as the password has expired, and
-1 disables password ageing.
The default value is -1.
-K
--key KEY=value
Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others).
Example: -K PASS_MAX_DAYS=-1 can be used when creating system account to turn off password ageing, even though system account has no password at all.
Multiple -K entries can be specified, e.g.: -K UID_MIN=100 -K UID_MAX=499
-r create a system account. That is, a user with a UID lower than the value of UID_MIN defined in /etc/login.defs and whose password does not expire no a home directory is created unless -m is present.
-l (lower case L) /var/log/lastlog is not updated for this user.
-Z seuser
--selinux-user
For Security-Enhanced Linux. blank,
-h
--help
 


with -D displays defaults or updates defaults.

-b home_dir initial path prefix for home directory. The user's name will be affixed to the end of home_dir to create the new directory name if the -d is not used when creating a new account.
-e expire_date date account is disabled.
-f days days after a password has expired before the account will be disabled.
-g
--gid group
group name or ID for initial group, must exist, and a numerical group ID must have an existing entry.
-s
--shell shell

If no options are specified, displays the current default values.

GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no

The system administrator is responsible for placing the default user files in /etc/skel .

CAVEATS
Adding a user to a NIS group must be performed on the NIS server.

if the username already exists in an external user database such as NIS, useradd will deny the user account creation request.

FILES

/etc/passwd User account information.
/etc/shadow Secure user account information.
/etc/group Group account information.
/etc/gshadow Secure group account information.
/etc/default/useradd Default values for account creation.
/etc/skel/ Directory containing default files.
/etc/login.defs Shadow password suite configuration.

EXIT VALUES

0 success
1 can't update password file
2 invalid command syntax
3 invalid argument to option
4 UID already in use (and no -o)
6 specified group doesn't exist
9 username already in use
10 can't update group file
12 can't create home directory
13 can't create mail spool

See userdel, usermod, chfn, chsh, passwd, crypt, groupadd, groupdel, groupmod, login.defs,

sample group file

From Raspberry pi 2/20/18
Many have no members
cat group nogroup:x:65534: root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:pi tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20:pi fax:x:21: voice:x:22: cdrom:x:24:pi floppy:x:25: tape:x:26: sudo:x:27:pi audio:x:29:pi dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44:pi sasl:x:45: plugdev:x:46:pi staff:x:50:dgerman games:x:60:pi users:x:100:pi,dgerman input:x:101:pi systemd-journal:x:102: systemd-timesync:x:103: systemd-network:x:104: systemd-resolve:x:105: systemd-bus-proxy:x:106: crontab:x:107: netdev:x:108:pi pi:x:1000: messagebus:x:109: ssh:x:110: bluetooth:x:111: avahi:x:112: spi:x:999:pi i2c:x:998:pi gpio:x:997:pi

usermod

modify a user account

   usermod options uname

-g
--gid group
group name or number of the user's initial login group which must exist.
Files from the user's home directory owned by the previous primary group will be owned by this new group.
The group ownership of files outside of the user's home directory must be fixed manually.
-G group1[,group2,…
   [,groupn]]]

--groups
Supplementary groups which the user is a member of separated by a comma, with no intervening whitespace.

If the user is currently a member of a group which is not listed, the user will be removed from the group unless -a (append) is used

-a
--append
Add the user to the supplementary group(s), only with -G
-c comment
--comment
normally modified using chfn finger
-d home_dir
--home
With -m contents of the current home directory will be moved to the new home
-m
--move-home
Move the contents of the user's home directory to the new location.
Only with -d or --home
Adapts ownership of the files and retains the modes, Acess Control List and extended attributes, but manual changes might be needed
-e [yyyy-mm-dd]
--expiredate
when account will be disabled. An empty argument disables the expiration
-f days
--inactive
after a password expires until the account is permanently disabled.
With the account as soon as the password has expired, -1 disables the feature.
-l new_uname
--login
new_uname Nothing else is changed. In particular home directory or mail spool should be renamed.
-L
--lock
Lock user's password. puts a ! in front of the encrypted password.
Not with -p or -U.

To lock the account (not just access with a password) use --expiredate 1

-U
--unlock
Removes ! from front of the encrypted password. To unlock the account (not only access with a password) use --expiredate to 99999, see EXPIRE value from /etc/default/useradd.
-p password
--password
Set encrypted password, as returned from crypt.
Not recommended because the password will be visible by users watching the processes. The password will be written in the local /etc/passwd or /etc/shadow file.
-R chroot_dir
--root
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-s
--shell shell
sets login shell, blank selects the default login shell.
-u
--uid uid
Sets uid must be unique, unless -o is used.
The user's mailbox, and any files which the user owns and located in the user's home directory will have the file user ID changed
The ownership of files outside of the user's home directory must be fixed manually.
No checks will be performed with regard to the UID_MIN, UID_MAX, SYS_UID_MIN, or SYS_UID_MAX from /etc/login.defs.
-o
--non-unique
With -u allows changing the user ID to a non-unique value.i.e alias
-v first-last
--add-sub-uids
Add a range of subordinate uids to the user's account.
May be specified multiple times
-V first-last
--del-sub-uids
RemoVe subordinate uids
May be specified multiple times
With --add-sub-uids removals happens before adds.
-w first-last
--add-sub-gids
b>Add .
May be specified multiple times .
-W first-last
--del-sub-gids
Remove subordinate gids.
May be specified multiple times
With removals happen befor adds
-Z
--selinux-user SEUSER
SELinux (Secure Linux) user
A blank SEUSER will remove the SELinux user mapping for user LOGIN

CAVEATS

The user must not be executing any processes if the numerical user ID, user's name, or s home directory is being changed. Change the owner of crontab files or at jobs manually. Make changes involving NIS on the NIS server.

CONFIGURATION

Variables in /etc/login.defs
MAIL_DIR (string) The mail spool directory. needed to manipulate the mailbox when its corresponding user account is modified or deleted. If not specified, a compile-time default is used.
MAIL_FILE (string) location of the users mail spool files relatively to their home directory. The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and userdel to create, move, or delete the user's mail spool.
MAX_MEMBERS_PER_GROUP (n) Avoid using . When the maximum is reached, a new group entry line is started in /etc/group (with the same name, same password, and same GID).
default : 0 i.e. unlimited

Split group permits a limit the length of lines in the group file. useful for NIS groups are not larger than 1024 characters.
Split groups is not supported by all tools

SUB_GID_MIN (n)
SUB_GID_MAX (n)
SUB_GID_COUNT (n)
If /etc/subuid exists, useradd and newusers (unless the user already have subordinate group IDs) allocate SUB_GID_COUNT unused group IDs from the range SUB_GID_MIN to SUB_GID_MAX for each new user.

The default values for
SUB_GID_MIN, SUB_GID_MAX and SUB_GID_COUNT are
100000, 600100000 and 10000.

SUB_UID_MIN (n)
SUB_UID_MAX (n)
SUB_UID_COUNT (n)
If /etc/subuid exists, useradd and newusers (unless the user already have subordinate user IDs) allocate SUB_UID_COUNT unused user IDs from the range SUB_UID_MIN to SUB_UID_MAX for each new user.
The default values for
SUB_UID_MIN, SUB_UID_MAX and SUB_UID_COUNT are
100000, 600100000 and 10000.

FILES

/etc/group Group account information.
/etc/gshadow Secure group account information.
/etc/login.defs Shadow password suite configuration.
/etc/passwd User account information.
/etc/shadow Secure user account information.
/etc/subgid Per user subordinate group IDs.
/etc/subuid Per user subordinate user IDs.

 cat /etc/default/useradd
# Default values for useradd(8)
#
# The SHELL variable specifies the default login shell on your system.
# Similar to DHSELL in adduser. However, we use "sh" here because useradd is a low level utility and should be as general as possible
SHELL=/bin/bash
#
# The default group for users 100=users on Debian systems
# Same as USERS_GID in adduser
# This argument is used when the -n flag is specified.
# default behavior (when -n and -g are not specified): create a primary user group with the same name as the user being added to the system.
# GROUP=100
#
# The default home directory. Same as DHOME for adduser
# HOME=/home
#
# The number of days after a password expires until the account # is permanently disabled
# INACTIVE=-1
#
# The default expire date
# EXPIRE=
#
# The SKEL variable specifies the directory containing "skeletal" user # files; 
# in other words, files such as a sample .profile that will be# copied to the new user's home directory when it is created.
SKEL=/etc/skel
#
# Defines whether the mail spool should be created while creating the account
# CREATE_MAIL_SPOOL=yes 


SEE ALSO chfn(1), chsh(1), passwd(1), crypt(3), gpasswd(8), groupadd(8), groupdel(8), groupmod(8), login.defs(5), subgid(5), subuid(5), useradd(8), userdel(8).

See

useradd, groupadd and usermod