852 lines
23 KiB
Groff
852 lines
23 KiB
Groff
'\" t
|
|
.\" Title: useradd
|
|
.\" Author: Julianne Frances Haugh
|
|
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
|
|
.\" Date: 03/19/2025
|
|
.\" Manual: System Management Commands
|
|
.\" Source: shadow-utils 4.17.4
|
|
.\" Language: English
|
|
.\"
|
|
.TH "USERADD" "8" "03/19/2025" "shadow\-utils 4\&.17\&.4" "System Management Commands"
|
|
.\" -----------------------------------------------------------------
|
|
.\" * Define some portability stuff
|
|
.\" -----------------------------------------------------------------
|
|
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
.\" http://bugs.debian.org/507673
|
|
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
.ie \n(.g .ds Aq \(aq
|
|
.el .ds Aq '
|
|
.\" -----------------------------------------------------------------
|
|
.\" * set default formatting
|
|
.\" -----------------------------------------------------------------
|
|
.\" disable hyphenation
|
|
.nh
|
|
.\" disable justification (adjust text to left margin only)
|
|
.ad l
|
|
.\" -----------------------------------------------------------------
|
|
.\" * MAIN CONTENT STARTS HERE *
|
|
.\" -----------------------------------------------------------------
|
|
.SH "NAME"
|
|
useradd \- create a new user or update default new user information
|
|
.SH "SYNOPSIS"
|
|
.HP \w'\fBuseradd\fR\ 'u
|
|
\fBuseradd\fR [\fIoptions\fR] \fILOGIN\fR
|
|
.HP \w'\fBuseradd\fR\ 'u
|
|
\fBuseradd\fR \-D
|
|
.HP \w'\fBuseradd\fR\ 'u
|
|
\fBuseradd\fR \-D [\fIoptions\fR]
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
When invoked without the
|
|
\fB\-D\fR
|
|
option, the
|
|
\fBuseradd\fR
|
|
command creates a new user account using the values specified on the command line plus the default values from the system\&. Depending on command line options, the
|
|
\fBuseradd\fR
|
|
command will update system files and may also create the new user\*(Aqs home directory and copy initial files\&.
|
|
.PP
|
|
By default, a group will also be created for the new user (see
|
|
\fB\-g\fR,
|
|
\fB\-N\fR,
|
|
\fB\-U\fR, and
|
|
\fBUSERGROUPS_ENAB\fR)\&.
|
|
.SH "OPTIONS"
|
|
.PP
|
|
The options which apply to the
|
|
\fBuseradd\fR
|
|
command are:
|
|
.PP
|
|
\fB\-\-badname\fR\ \&
|
|
.RS 4
|
|
Allow names that do not conform to standards\&.
|
|
.RE
|
|
.PP
|
|
\fB\-b\fR, \fB\-\-base\-dir\fR\ \&\fIBASE_DIR\fR
|
|
.RS 4
|
|
The default base directory for the system if
|
|
\fB\-d\fR\ \&\fIHOME_DIR\fR
|
|
is not specified\&.
|
|
\fIBASE_DIR\fR
|
|
is concatenated with the account name to define the home directory\&.
|
|
.sp
|
|
If this option is not specified,
|
|
\fBuseradd\fR
|
|
will use the base directory specified by the
|
|
\fBHOME\fR
|
|
variable in
|
|
/etc/default/useradd, or
|
|
/home
|
|
by default\&.
|
|
.RE
|
|
.PP
|
|
\fB\-c\fR, \fB\-\-comment\fR\ \&\fICOMMENT\fR
|
|
.RS 4
|
|
Any text string\&. It is generally a short description of the account, and is currently used as the field for the user\*(Aqs full name\&.
|
|
.RE
|
|
.PP
|
|
\fB\-d\fR, \fB\-\-home\-dir\fR\ \&\fIHOME_DIR\fR
|
|
.RS 4
|
|
The new user will be created using
|
|
\fIHOME_DIR\fR
|
|
as the value for the user\*(Aqs login directory\&. The default is to append the
|
|
\fILOGIN\fR
|
|
name to
|
|
\fIBASE_DIR\fR
|
|
and use that as the login directory name\&. If the directory
|
|
\fIHOME_DIR\fR
|
|
does not exist, then it will be created unless the
|
|
\fB\-M\fR
|
|
option is specified\&.
|
|
.RE
|
|
.PP
|
|
\fB\-D\fR, \fB\-\-defaults\fR
|
|
.RS 4
|
|
See below, the subsection "Changing the default values"\&.
|
|
.RE
|
|
.PP
|
|
\fB\-e\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
|
|
.RS 4
|
|
The date on which the user account will be disabled\&. The date is specified in the format
|
|
\fIYYYY\-MM\-DD\fR\&.
|
|
.sp
|
|
If not specified,
|
|
\fBuseradd\fR
|
|
will use the default expiry date specified by the
|
|
\fBEXPIRE\fR
|
|
variable in
|
|
/etc/default/useradd, or an empty string (no expiry) by default\&.
|
|
.RE
|
|
.PP
|
|
\fB\-f\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
|
|
.RS 4
|
|
defines the number of days after the password exceeded its maximum age where the user is expected to replace this password\&. The value is stored in the shadow password file\&. An input of 0 will disable an expired password with no delay\&. An input of \-1 will blank the respective field in the shadow password file\&. See
|
|
\fBshadow\fR(5)for more information\&.
|
|
.sp
|
|
If not specified,
|
|
\fBuseradd\fR
|
|
will use the default inactivity period specified by the
|
|
\fBINACTIVE\fR
|
|
variable in
|
|
/etc/default/useradd, or \-1 by default\&.
|
|
.RE
|
|
.PP
|
|
\fB\-F\fR, \fB\-\-add\-subids\-for\-system\fR
|
|
.RS 4
|
|
Update
|
|
/etc/subuid
|
|
and
|
|
/etc/subgid
|
|
even when creating a system account with
|
|
\fB\-r\fR
|
|
option\&.
|
|
.RE
|
|
.PP
|
|
\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGROUP\fR
|
|
.RS 4
|
|
The name or the number of the user\*(Aqs primary group\&. The group name must exist\&. A group number must refer to an already existing group\&.
|
|
.sp
|
|
If not specified, the behavior of
|
|
\fBuseradd\fR
|
|
will depend on the
|
|
\fBUSERGROUPS_ENAB\fR
|
|
variable in
|
|
/etc/login\&.defs\&. If this variable is set to
|
|
\fIyes\fR
|
|
(or
|
|
\fB\-U/\-\-user\-group\fR
|
|
is specified on the command line), a group will be created for the user, with the same name as the loginname\&. If the variable is set to
|
|
\fIno\fR
|
|
(or
|
|
\fB\-N/\-\-no\-user\-group\fR
|
|
is specified on the command line), useradd will set the primary group of the new user to the value specified by the
|
|
\fBGROUP\fR
|
|
variable in
|
|
/etc/default/useradd, or 1000 by default\&.
|
|
.RE
|
|
.PP
|
|
\fB\-G\fR, \fB\-\-groups\fR\ \&\fIGROUP1\fR[\fI,GROUP2,\&.\&.\&.\fR[\fI,GROUPN\fR]]]
|
|
.RS 4
|
|
A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
|
|
\fB\-g\fR
|
|
option\&. The default is for the user to belong only to the initial group\&. In addition to passing in the \-G flag, you can add the option
|
|
\fBGROUPS\fR
|
|
to the file
|
|
/etc/default/useradd
|
|
which in turn will add all users to those supplementary groups\&.
|
|
.RE
|
|
.PP
|
|
\fB\-h\fR, \fB\-\-help\fR
|
|
.RS 4
|
|
Display help message and exit\&.
|
|
.RE
|
|
.PP
|
|
\fB\-k\fR, \fB\-\-skel\fR\ \&\fISKEL_DIR\fR
|
|
.RS 4
|
|
The skeleton directory, which contains files and directories to be copied in the user\*(Aqs home directory, when the home directory is created by
|
|
\fBuseradd\fR\&.
|
|
.sp
|
|
This option is only valid if the
|
|
\fB\-m\fR
|
|
(or
|
|
\fB\-\-create\-home\fR) option is specified\&.
|
|
.sp
|
|
If this option is not set, the skeleton directory is defined by the
|
|
\fBSKEL\fR
|
|
variable in
|
|
/etc/default/useradd
|
|
or, by default,
|
|
/etc/skel\&.
|
|
.sp
|
|
Absolute symlinks that link back to the skel directory will have the
|
|
/etc/skel
|
|
prefix replaced with the user\*(Aqs home directory\&.
|
|
.sp
|
|
If possible, the ACLs and extended attributes are copied\&.
|
|
.RE
|
|
.PP
|
|
\fB\-K\fR, \fB\-\-key\fR\ \&\fIKEY\fR=\fIVALUE\fR
|
|
.RS 4
|
|
Overrides
|
|
/etc/login\&.defs
|
|
defaults (\fBUID_MIN\fR,
|
|
\fBUID_MAX\fR,
|
|
\fBUMASK\fR,
|
|
\fBPASS_MAX_DAYS\fR
|
|
and others)\&.
|
|
.sp
|
|
Example:
|
|
\fB\-K\fR\ \&\fIPASS_MAX_DAYS \fR=\fI\-1\fR
|
|
can be used when creating an account to turn off password aging\&. Multiple
|
|
\fB\-K\fR
|
|
options can be specified, e\&.g\&.:
|
|
\fB\-K\fR\ \&\fIUID_MIN\fR
|
|
=\fI100\fR\ \&\fB\-K\fR\ \&
|
|
\fIUID_MAX\fR=\fI499\fR
|
|
.RE
|
|
.PP
|
|
\fB\-l\fR, \fB\-\-no\-log\-init\fR
|
|
.RS 4
|
|
Do not add the user to the lastlog and faillog databases\&.
|
|
.sp
|
|
By default, the user\*(Aqs entries in the lastlog and faillog databases are reset to avoid reusing the entry from a previously deleted user\&.
|
|
.sp
|
|
If this option is not specified,
|
|
\fBuseradd\fR
|
|
will also consult the variable
|
|
\fBLOG_INIT\fR
|
|
in the
|
|
/etc/default/useradd
|
|
if set to no the user will not be added to the lastlog and faillog databases\&.
|
|
.RE
|
|
.PP
|
|
\fB\-m\fR, \fB\-\-create\-home\fR
|
|
.RS 4
|
|
Create the user\*(Aqs home directory if it does not exist\&. The files and directories contained in the skeleton directory (which can be defined with the
|
|
\fB\-k\fR
|
|
option) will be copied to the home directory\&.
|
|
.sp
|
|
By default, if this option is not specified and
|
|
\fBCREATE_HOME\fR
|
|
is not enabled, no home directories are created\&.
|
|
.sp
|
|
The directory where the user\*(Aqs home directory is created must exist and have proper SELinux context and permissions\&. Otherwise the user\*(Aqs home directory cannot be created or accessed\&.
|
|
.RE
|
|
.PP
|
|
\fB\-M\fR, \fB\-\-no\-create\-home\fR
|
|
.RS 4
|
|
Do not create the user\*(Aqs home directory, even if the system wide setting from
|
|
/etc/login\&.defs
|
|
(\fBCREATE_HOME\fR) is set to
|
|
\fIyes\fR\&.
|
|
.RE
|
|
.PP
|
|
\fB\-N\fR, \fB\-\-no\-user\-group\fR
|
|
.RS 4
|
|
Do not create a group with the same name as the user, but add the user to the group specified by the
|
|
\fB\-g\fR
|
|
option or by the
|
|
\fBGROUP\fR
|
|
variable in
|
|
/etc/default/useradd\&.
|
|
.sp
|
|
The default behavior (if the
|
|
\fB\-g\fR,
|
|
\fB\-N\fR, and
|
|
\fB\-U\fR
|
|
options are not specified) is defined by the
|
|
\fBUSERGROUPS_ENAB\fR
|
|
variable in
|
|
/etc/login\&.defs\&.
|
|
.RE
|
|
.PP
|
|
\fB\-o\fR, \fB\-\-non\-unique\fR
|
|
.RS 4
|
|
allows the creation of an account with an already existing UID\&.
|
|
.sp
|
|
This option is only valid in combination with the
|
|
\fB\-u\fR
|
|
option\&. As a user identity serves as key to map between users on one hand and permissions, file ownerships and other aspects that determine the system\*(Aqs behavior on the other hand, more than one login name will access the account of the given UID\&.
|
|
.RE
|
|
.PP
|
|
\fB\-p\fR, \fB\-\-password\fR\ \&\fIPASSWORD\fR
|
|
.RS 4
|
|
defines an initial password for the account\&. PASSWORD is expected to be encrypted, as returned by
|
|
\fBcrypt \fR(3)\&. Within a shell script, this option allows to create efficiently batches of users\&.
|
|
.sp
|
|
Without this option, the new account will be locked and with no password defined, i\&.e\&. a single exclamation mark in the respective field of
|
|
/etc/shadow\&. This is a state where the user won\*(Aqt be able to access the account or to define a password himself\&.
|
|
.sp
|
|
\fBNote:\fRAvoid this option on the command line because the password (or encrypted password) will be visible by users listing the processes\&.
|
|
.sp
|
|
You should make sure the password respects the system\*(Aqs password policy\&.
|
|
.RE
|
|
.PP
|
|
\fB\-r\fR, \fB\-\-system\fR
|
|
.RS 4
|
|
Create a system account\&.
|
|
.sp
|
|
System users will be created with no aging information in
|
|
/etc/shadow, and their numeric identifiers are chosen in the
|
|
\fBSYS_UID_MIN\fR\-\fBSYS_UID_MAX\fR
|
|
range, defined in
|
|
/etc/login\&.defs, instead of
|
|
\fBUID_MIN\fR\-\fBUID_MAX\fR
|
|
(and their
|
|
\fBGID\fR
|
|
counterparts for the creation of groups)\&.
|
|
.sp
|
|
Note that
|
|
\fBuseradd\fR
|
|
will not create a home directory for such a user, regardless of the default setting in
|
|
/etc/login\&.defs
|
|
(\fBCREATE_HOME\fR)\&. You have to specify the
|
|
\fB\-m\fR
|
|
options if you want a home directory for a system account to be created\&.
|
|
.sp
|
|
Note that this option will not update
|
|
/etc/subuid
|
|
and
|
|
/etc/subgid\&. You have to specify the
|
|
\fB\-F\fR
|
|
options if you want to update the files for a system account to be created\&.
|
|
.RE
|
|
.PP
|
|
\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
|
|
.RS 4
|
|
Apply changes in the
|
|
\fICHROOT_DIR\fR
|
|
directory and use the configuration files from the
|
|
\fICHROOT_DIR\fR
|
|
directory\&. Only absolute paths are supported\&.
|
|
.RE
|
|
.PP
|
|
\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
|
|
.RS 4
|
|
Apply changes to configuration files under the root filesystem found under the directory
|
|
\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
|
|
.RE
|
|
.PP
|
|
\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
|
|
.RS 4
|
|
sets the path to the user\*(Aqs login shell\&. Without this option, the system will use the
|
|
\fBSHELL\fR
|
|
variable specified in
|
|
/etc/default/useradd, or, if that is as well not set, the field for the login shell in
|
|
/etc/passwd
|
|
remains empty\&.
|
|
.RE
|
|
.PP
|
|
\fB\-u\fR, \fB\-\-uid\fR\ \&\fIUID\fR
|
|
.RS 4
|
|
The numerical value of the user\*(Aqs ID\&. This value must be unique, unless the
|
|
\fB\-o\fR
|
|
option is used\&. The value must be non\-negative\&. The default is to use the smallest ID value greater than or equal to
|
|
\fBUID_MIN\fR
|
|
and greater than every other user\&.
|
|
.sp
|
|
See also the
|
|
\fB\-r\fR
|
|
option and the
|
|
\fBUID_MAX\fR
|
|
description\&.
|
|
.RE
|
|
.PP
|
|
\fB\-U\fR, \fB\-\-user\-group\fR
|
|
.RS 4
|
|
Create a group with the same name as the user, and add the user to this group\&.
|
|
.sp
|
|
The default behavior (if the
|
|
\fB\-g\fR,
|
|
\fB\-N\fR, and
|
|
\fB\-U\fR
|
|
options are not specified) is defined by the
|
|
\fBUSERGROUPS_ENAB\fR
|
|
variable in
|
|
/etc/login\&.defs\&.
|
|
.RE
|
|
.PP
|
|
\fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
|
|
.RS 4
|
|
defines the SELinux user for the new account\&. Without this option, SELinux uses the default user\&. Note that the shadow system doesn\*(Aqt store the selinux\-user, it uses
|
|
\fBsemanage\fR(8)
|
|
for that\&.
|
|
.RE
|
|
.PP
|
|
\fB\-\-selinux\-range\fR\ \&\fISERANGE\fR
|
|
.RS 4
|
|
defines the SELinux MLS range for the new account\&. Without this option, SELinux uses the default range\&. Note that the shadow system doesn\*(Aqt store the selinux\-range, it uses
|
|
\fBsemanage\fR(8)
|
|
for that\&.
|
|
.sp
|
|
This option is only valid if the
|
|
\fB\-Z\fR
|
|
(or
|
|
\fB\-\-selinux\-user\fR) option is specified\&.
|
|
.RE
|
|
.SS "Changing the default values"
|
|
.PP
|
|
When invoked with only the
|
|
\fB\-D\fR
|
|
option,
|
|
\fBuseradd\fR
|
|
will display the current default values\&. When invoked with
|
|
\fB\-D\fR
|
|
plus other options,
|
|
\fBuseradd\fR
|
|
will update the default values for the specified options\&. Valid default\-changing options are:
|
|
.PP
|
|
\fB\-b\fR, \fB\-\-base\-dir\fR\ \&\fIBASE_DIR\fR
|
|
.RS 4
|
|
sets the path prefix for a new user\*(Aqs home directory\&. The user\*(Aqs name will be affixed to the end of
|
|
\fIBASE_DIR\fR
|
|
to form the new user\*(Aqs home directory name, if the
|
|
\fB\-d\fR
|
|
option is not used when creating a new account\&.
|
|
.sp
|
|
This option sets the
|
|
\fBHOME\fR
|
|
variable in
|
|
/etc/default/useradd\&.
|
|
.RE
|
|
.PP
|
|
\fB\-e\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
|
|
.RS 4
|
|
sets the date on which newly created user accounts are disabled\&.
|
|
.sp
|
|
This option sets the
|
|
\fBEXPIRE\fR
|
|
variable in
|
|
/etc/default/useradd\&.
|
|
.RE
|
|
.PP
|
|
\fB\-f\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
|
|
.RS 4
|
|
defines the number of days after the password exceeded its maximum age where the user is expected to replace this password\&. See
|
|
\fBshadow\fR(5)for more information\&.
|
|
.sp
|
|
This option sets the
|
|
\fBINACTIVE\fR
|
|
variable in
|
|
/etc/default/useradd\&.
|
|
.RE
|
|
.PP
|
|
\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGROUP\fR
|
|
.RS 4
|
|
sets the default primary group for newly created users, accepting group names or a numerical group ID\&. The named group must exist, and the GID must have an existing entry\&.
|
|
.sp
|
|
This option sets the
|
|
\fBGROUP\fR
|
|
variable in
|
|
/etc/default/useradd\&.
|
|
.RE
|
|
.PP
|
|
\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
|
|
.RS 4
|
|
defines the default login shell for new users\&.
|
|
.sp
|
|
This option sets the
|
|
\fBSHELL\fR
|
|
variable in
|
|
/etc/default/useradd\&.
|
|
.RE
|
|
.SH "NOTES"
|
|
.PP
|
|
The system administrator is responsible for placing the default user files in the
|
|
/etc/skel/
|
|
directory (or any other skeleton directory specified in
|
|
/etc/default/useradd
|
|
or on the command line)\&.
|
|
.SH "CAVEATS"
|
|
.PP
|
|
You may not add a user to a NIS or LDAP group\&. This must be performed on the corresponding server\&.
|
|
.PP
|
|
Similarly, if the username already exists in an external user database such as NIS or LDAP,
|
|
\fBuseradd\fR
|
|
will deny the user account creation request\&.
|
|
.PP
|
|
Usernames may contain only lower and upper case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. Dashes are not allowed at the beginning of the username\&. Fully numeric usernames and usernames \&. or \&.\&. are also disallowed\&. It is not recommended to use usernames beginning with \&. character as their home directories will be hidden in the
|
|
\fBls\fR
|
|
output\&.
|
|
.PP
|
|
Usernames may only be up to 256 characters long\&.
|
|
.SH "CONFIGURATION"
|
|
.PP
|
|
The following configuration variables in
|
|
/etc/login\&.defs
|
|
change the behavior of this tool:
|
|
.PP
|
|
\fBCREATE_HOME\fR (boolean)
|
|
.RS 4
|
|
Indicate if a home directory should be created by default for new users\&.
|
|
.sp
|
|
This setting does not apply to system users, and can be overridden on the command line\&.
|
|
.RE
|
|
.PP
|
|
\fBGID_MAX\fR (number), \fBGID_MIN\fR (number)
|
|
.RS 4
|
|
Range of group IDs used for the creation of regular groups by
|
|
\fBuseradd\fR,
|
|
\fBgroupadd\fR, or
|
|
\fBnewusers\fR\&.
|
|
.sp
|
|
The default value for
|
|
\fBGID_MIN\fR
|
|
(resp\&.
|
|
\fBGID_MAX\fR) is 1000 (resp\&. 60000)\&.
|
|
.RE
|
|
.PP
|
|
\fBHOME_MODE\fR (number)
|
|
.RS 4
|
|
The mode for new home directories\&. If not specified, the
|
|
\fBUMASK\fR
|
|
is used to create the mode\&.
|
|
.sp
|
|
\fBuseradd\fR
|
|
and
|
|
\fBnewusers\fR
|
|
use this to set the mode of the home directory they create\&.
|
|
.RE
|
|
.PP
|
|
\fBLASTLOG_UID_MAX\fR (number)
|
|
.RS 4
|
|
Highest user ID number for which the lastlog entries should be updated\&. As higher user IDs are usually tracked by remote user identity and authentication services there is no need to create a huge sparse lastlog file for them\&.
|
|
.sp
|
|
No
|
|
\fBLASTLOG_UID_MAX\fR
|
|
option present in the configuration means that there is no user ID limit for writing lastlog entries\&.
|
|
.RE
|
|
.PP
|
|
\fBMAIL_DIR\fR (string)
|
|
.RS 4
|
|
The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&. The parameter CREATE_MAIL_SPOOL in
|
|
/etc/default/useradd
|
|
determines whether the mail spool should be created\&.
|
|
.RE
|
|
.PP
|
|
\fBMAIL_FILE\fR (string)
|
|
.RS 4
|
|
Defines the location of the users mail spool files relatively to their home directory\&.
|
|
.RE
|
|
.PP
|
|
The
|
|
\fBMAIL_DIR\fR
|
|
and
|
|
\fBMAIL_FILE\fR
|
|
variables are used by
|
|
\fBuseradd\fR,
|
|
\fBusermod\fR, and
|
|
\fBuserdel\fR
|
|
to create, move, or delete the user\*(Aqs mail spool\&.
|
|
.PP
|
|
If
|
|
\fBMAIL_CHECK_ENAB\fR
|
|
is set to
|
|
\fIyes\fR, they are also used to define the
|
|
\fBMAIL\fR
|
|
environment variable\&.
|
|
.PP
|
|
\fBMAX_MEMBERS_PER_GROUP\fR (number)
|
|
.RS 4
|
|
Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
|
|
/etc/group
|
|
(with the same name, same password, and same GID)\&.
|
|
.sp
|
|
The default value is 0, meaning that there are no limits in the number of members in a group\&.
|
|
.sp
|
|
This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
|
|
.sp
|
|
If you need to enforce such limit, you can use 25\&.
|
|
.sp
|
|
Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
|
|
.RE
|
|
.PP
|
|
\fBPASS_MAX_DAYS\fR (number)
|
|
.RS 4
|
|
The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
|
|
.RE
|
|
.PP
|
|
\fBPASS_MIN_DAYS\fR (number)
|
|
.RS 4
|
|
The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, 0 will be assumed (which disables the restriction)\&.
|
|
.RE
|
|
.PP
|
|
\fBPASS_WARN_AGE\fR (number)
|
|
.RS 4
|
|
The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a value of \-1 means no warning is given\&. If not specified, no warning will be provided\&.
|
|
.RE
|
|
.PP
|
|
\fBSUB_GID_MIN\fR (number), \fBSUB_GID_MAX\fR (number), \fBSUB_GID_COUNT\fR (number)
|
|
.RS 4
|
|
If
|
|
/etc/subuid
|
|
exists, the commands
|
|
\fBuseradd\fR
|
|
and
|
|
\fBnewusers\fR
|
|
(unless the user already have subordinate group IDs) allocate
|
|
\fBSUB_GID_COUNT\fR
|
|
unused group IDs from the range
|
|
\fBSUB_GID_MIN\fR
|
|
to
|
|
\fBSUB_GID_MAX\fR
|
|
for each new user\&.
|
|
.sp
|
|
The default values for
|
|
\fBSUB_GID_MIN\fR,
|
|
\fBSUB_GID_MAX\fR,
|
|
\fBSUB_GID_COUNT\fR
|
|
are respectively 100000, 600100000 and 65536\&.
|
|
.RE
|
|
.PP
|
|
\fBSUB_UID_MIN\fR (number), \fBSUB_UID_MAX\fR (number), \fBSUB_UID_COUNT\fR (number)
|
|
.RS 4
|
|
If
|
|
/etc/subuid
|
|
exists, the commands
|
|
\fBuseradd\fR
|
|
and
|
|
\fBnewusers\fR
|
|
(unless the user already have subordinate user IDs) allocate
|
|
\fBSUB_UID_COUNT\fR
|
|
unused user IDs from the range
|
|
\fBSUB_UID_MIN\fR
|
|
to
|
|
\fBSUB_UID_MAX\fR
|
|
for each new user\&.
|
|
.sp
|
|
The default values for
|
|
\fBSUB_UID_MIN\fR,
|
|
\fBSUB_UID_MAX\fR,
|
|
\fBSUB_UID_COUNT\fR
|
|
are respectively 100000, 600100000 and 65536\&.
|
|
.RE
|
|
.PP
|
|
\fBSYS_GID_MAX\fR (number), \fBSYS_GID_MIN\fR (number)
|
|
.RS 4
|
|
Range of group IDs used for the creation of system groups by
|
|
\fBuseradd\fR,
|
|
\fBgroupadd\fR, or
|
|
\fBnewusers\fR\&.
|
|
.sp
|
|
The default value for
|
|
\fBSYS_GID_MIN\fR
|
|
(resp\&.
|
|
\fBSYS_GID_MAX\fR) is 101 (resp\&.
|
|
\fBGID_MIN\fR\-1)\&.
|
|
.RE
|
|
.PP
|
|
\fBSYS_UID_MAX\fR (number), \fBSYS_UID_MIN\fR (number)
|
|
.RS 4
|
|
Range of user IDs used for the creation of system users by
|
|
\fBuseradd\fR
|
|
or
|
|
\fBnewusers\fR\&.
|
|
.sp
|
|
The default value for
|
|
\fBSYS_UID_MIN\fR
|
|
(resp\&.
|
|
\fBSYS_UID_MAX\fR) is 101 (resp\&.
|
|
\fBUID_MIN\fR\-1)\&.
|
|
.RE
|
|
.PP
|
|
\fBUID_MAX\fR (number), \fBUID_MIN\fR (number)
|
|
.RS 4
|
|
Range of user IDs used for the creation of regular users by
|
|
\fBuseradd\fR
|
|
or
|
|
\fBnewusers\fR\&.
|
|
.sp
|
|
The default value for
|
|
\fBUID_MIN\fR
|
|
(resp\&.
|
|
\fBUID_MAX\fR) is 1000 (resp\&. 60000)\&.
|
|
.RE
|
|
.PP
|
|
\fBUMASK\fR (number)
|
|
.RS 4
|
|
The file mode creation mask is initialized to this value\&. If not specified, the mask will be initialized to 022\&.
|
|
.sp
|
|
\fBuseradd\fR
|
|
and
|
|
\fBnewusers\fR
|
|
use this mask to set the mode of the home directory they create if
|
|
\fBHOME_MODE\fR
|
|
is not set\&.
|
|
.sp
|
|
It is also used by
|
|
\fBlogin\fR
|
|
to define users\*(Aq initial umask\&. Note that this mask can be overridden by the user\*(Aqs GECOS line (if
|
|
\fBQUOTAS_ENAB\fR
|
|
is set) or by the specification of a limit with the
|
|
\fIK\fR
|
|
identifier in
|
|
\fBlimits\fR(5)\&.
|
|
.RE
|
|
.PP
|
|
\fBUSERGROUPS_ENAB\fR (boolean)
|
|
.RS 4
|
|
Enable setting of the umask group bits to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007) for non\-root users, if the uid is the same as gid, and username is the same as the primary group name\&.
|
|
.sp
|
|
If set to
|
|
\fIyes\fR,
|
|
\fBuserdel\fR
|
|
will remove the user\*(Aqs group if it contains no more members, and
|
|
\fBuseradd\fR
|
|
will create by default a group with the name of the user\&.
|
|
.RE
|
|
.SH "FILES"
|
|
.PP
|
|
/etc/passwd
|
|
.RS 4
|
|
User account information\&.
|
|
.RE
|
|
.PP
|
|
/etc/shadow
|
|
.RS 4
|
|
Secure user account information\&.
|
|
.RE
|
|
.PP
|
|
/etc/group
|
|
.RS 4
|
|
Group account information\&.
|
|
.RE
|
|
.PP
|
|
/etc/gshadow
|
|
.RS 4
|
|
Secure group account information\&.
|
|
.RE
|
|
.PP
|
|
/etc/default/useradd
|
|
.RS 4
|
|
Default values for account creation\&.
|
|
.RE
|
|
.PP
|
|
/etc/shadow\-maint/useradd\-pre\&.d/*, /etc/shadow\-maint/useradd\-post\&.d/*
|
|
.RS 4
|
|
Run\-part files to execute during user addition\&. The environment variable
|
|
\fBACTION\fR
|
|
will be populated with useradd and
|
|
\fBSUBJECT\fR
|
|
with the
|
|
\fBusername\fR\&.
|
|
useradd\-pre\&.d
|
|
will be executed prior to any user addition\&.
|
|
useradd\-post\&.d
|
|
will execute after user addition\&. If a script exits non\-zero then execution will terminate\&.
|
|
.RE
|
|
.PP
|
|
/etc/skel/
|
|
.RS 4
|
|
Directory containing default files\&.
|
|
.RE
|
|
.PP
|
|
/etc/subgid
|
|
.RS 4
|
|
Per user subordinate group IDs\&.
|
|
.RE
|
|
.PP
|
|
/etc/subuid
|
|
.RS 4
|
|
Per user subordinate user IDs\&.
|
|
.RE
|
|
.PP
|
|
/etc/login\&.defs
|
|
.RS 4
|
|
Shadow password suite configuration\&.
|
|
.RE
|
|
.SH "EXIT VALUES"
|
|
.PP
|
|
The
|
|
\fBuseradd\fR
|
|
command exits with the following values:
|
|
.PP
|
|
\fI0\fR
|
|
.RS 4
|
|
success
|
|
.RE
|
|
.PP
|
|
\fI1\fR
|
|
.RS 4
|
|
can\*(Aqt update password file
|
|
.RE
|
|
.PP
|
|
\fI2\fR
|
|
.RS 4
|
|
invalid command syntax
|
|
.RE
|
|
.PP
|
|
\fI3\fR
|
|
.RS 4
|
|
invalid argument to option
|
|
.RE
|
|
.PP
|
|
\fI4\fR
|
|
.RS 4
|
|
UID already in use (and no
|
|
\fB\-o\fR)
|
|
.RE
|
|
.PP
|
|
\fI6\fR
|
|
.RS 4
|
|
specified group doesn\*(Aqt exist
|
|
.RE
|
|
.PP
|
|
\fI9\fR
|
|
.RS 4
|
|
username or group name already in use
|
|
.RE
|
|
.PP
|
|
\fI10\fR
|
|
.RS 4
|
|
can\*(Aqt update group file
|
|
.RE
|
|
.PP
|
|
\fI12\fR
|
|
.RS 4
|
|
can\*(Aqt create home directory
|
|
.RE
|
|
.PP
|
|
\fI14\fR
|
|
.RS 4
|
|
can\*(Aqt update SELinux user mapping
|
|
.RE
|
|
.PP
|
|
\fI19\fR
|
|
.RS 4
|
|
invalid user or group name
|
|
.RE
|
|
.SH "SEE ALSO"
|
|
.PP
|
|
\fBchfn\fR(1),
|
|
\fBchsh\fR(1),
|
|
\fBpasswd\fR(1),
|
|
\fBcrypt\fR(3),
|
|
\fBgroupadd\fR(8),
|
|
\fBgroupdel\fR(8),
|
|
\fBgroupmod\fR(8),
|
|
\fBlogin.defs\fR(5),
|
|
\fBnewusers\fR(8),
|
|
\fBsubgid\fR(5), \fBsubuid\fR(5),
|
|
\fBuserdel\fR(8),
|
|
\fBusermod\fR(8)\&.
|