]> Julianne Frances Haugh Creation, 1991 Thomas Kłoczko kloczek@pld.org.pl shadow-utils maintainer, 2000 - 2007 Nicolas François nicolas.francois@centraliens.net shadow-utils maintainer, 2007 - now useradd 8 System Management Commands shadow-utils &SHADOW_UTILS_VERSION; useradd create a new user or update default new user information useradd options LOGIN useradd -D useradd -D options When invoked without the -D option, the useradd command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files. By default, a group will also be created for the new user (see -g, -N, -U, and USERGROUPS_ENAB). The options which apply to the useradd command are: --badname  Allow names that do not conform to standards. -b, --base-dir BASE_DIR The default base directory for the system if -d HOME_DIR is not specified. BASE_DIR is concatenated with the account name to define the home directory. If the -m option is not used, BASE_DIR must exist. If this option is not specified, useradd will use the base directory specified by the HOME variable in /etc/default/useradd, or /home by default. -c, --comment COMMENT Any text string. It is generally a short description of the login, and is currently used as the field for the user's full name. -d, --home-dir HOME_DIR The new user will be created using HOME_DIR as the value for the user's login directory. The default is to append the LOGIN name to BASE_DIR and use that as the login directory name. The directory HOME_DIR does not have to exist but will not be created if it is missing. -D, --defaults See below, the subsection "Changing the default values". -e, --expiredate EXPIRE_DATE The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD. If not specified, useradd will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default. -f, --inactive INACTIVE The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature. If not specified, useradd will use the default inactivity period specified by the INACTIVE variable in /etc/default/useradd, or -1 by default. -g, --gid GROUP The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group. If not specified, the behavior of useradd will depend on the USERGROUPS_ENAB variable in /etc/login.defs. If this variable is set to yes (or -U/--user-group is specified on the command line), a group will be created for the user, with the same name as her loginname. If the variable is set to no (or -N/--no-user-group is specified on the command line), useradd will set the primary group of the new user to the value specified by the GROUP variable in /etc/default/useradd, or 100 by default. -G, --groups GROUP1[,GROUP2,...[,GROUPN]]] A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. The default is for the user to belong only to the initial group. -h, --help Display help message and exit. -k, --skel SKEL_DIR The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created by useradd. This option is only valid if the -m (or --create-home) option is specified. If this option is not set, the skeleton directory is defined by the SKEL variable in /etc/default/useradd or, by default, /etc/skel. If possible, the ACLs and extended attributes are copied. -K, --key KEY=VALUE Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others). Example: -K PASS_MAX_DAYS=-1 can be used when creating system account to turn off password aging, even though system account has no password at all. Multiple -K options can be specified, e.g.: -K UID_MIN=100  -K UID_MAX=499 -l, --no-log-init Do not add the user to the lastlog and faillog databases. By default, the user's entries in the lastlog and faillog databases are reset to avoid reusing the entry from a previously deleted user. -m, --create-home Create the user's home directory if it does not exist. The files and directories contained in the skeleton directory (which can be defined with the -k option) will be copied to the home directory. By default, if this option is not specified and CREATE_HOME is not enabled, no home directories are created. -M, --no-create-home Do no create the user's home directory, even if the system wide setting from /etc/login.defs (CREATE_HOME) is set to yes. -N, --no-user-group Do not create a group with the same name as the user, but add the user to the group specified by the -g option or by the GROUP variable in /etc/default/useradd. The default behavior (if the -g, -N, and -U options are not specified) is defined by the USERGROUPS_ENAB variable in /etc/login.defs. -o, --non-unique Allow the creation of a user account with a duplicate (non-unique) UID. This option is only valid in combination with the -u option. -p, --password PASSWORD The encrypted password, as returned by crypt3 . The default is to disable the password. Note: This option is not recommended because the password (or encrypted password) will be visible by users listing the processes. You should make sure the password respects the system's password policy. -r, --system Create a system account. System users will be created with no aging information in /etc/shadow, and their numeric identifiers are chosen in the SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead of UID_MIN-UID_MAX (and their GID counterparts for the creation of groups). Note that useradd will not create a home directory for such a user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created. -R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. -P, --prefix PREFIX_DIR Apply changes in the PREFIX_DIR directory and use the configuration files from the PREFIX_DIR directory. This option does not chroot and is intended for preparing a cross-compilation target. Some limitations: NIS and LDAP users/groups are not verified. PAM authentication is using the host files. No SELINUX support. -s, --shell SHELL The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell specified by the SHELL variable in /etc/default/useradd, or an empty string by default. -u, --uid UID The numerical value of the user's ID. This value must be unique, unless the -o option is used. The value must be non-negative. The default is to use the smallest ID value greater than or equal to UID_MIN and greater than every other user. See also the -r option and the UID_MAX description. -U, --user-group Create a group with the same name as the user, and add the user to this group. The default behavior (if the -g, -N, and -U options are not specified) is defined by the USERGROUPS_ENAB variable in /etc/login.defs. -Z, --selinux-user SEUSER The SELinux user for the user's login. The default is to leave this field blank, which causes the system to select the default SELinux user. When invoked with only the -D option, useradd will display the current default values. When invoked with -D plus other options, useradd will update the default values for the specified options. Valid default-changing options are: -b, --base-dir BASE_DIR The path prefix for a new user's home directory. The user's name will be affixed to the end of BASE_DIR to form the new user's home directory name, if the -d option is not used when creating a new account. This option sets the HOME variable in /etc/default/useradd. -e, --expiredate EXPIRE_DATE The date on which the user account is disabled. This option sets the EXPIRE variable in /etc/default/useradd. -f, --inactive INACTIVE The number of days after a password has expired before the account will be disabled. This option sets the INACTIVE variable in /etc/default/useradd. -g, --gid GROUP The group name or ID for a new user's initial group (when the -N/--no-user-group is used or when the USERGROUPS_ENAB variable is set to no in /etc/login.defs). The named group must exist, and a numerical group ID must have an existing entry. This option sets the GROUP variable in /etc/default/useradd. -s, --shell SHELL The name of a new user's login shell. This option sets the SHELL variable in /etc/default/useradd. The system administrator is responsible for placing the default user files in the /etc/skel/ directory (or any other skeleton directory specified in /etc/default/useradd or on the command line). You may not add a user to a NIS or LDAP group. This must be performed on the corresponding server. Similarly, if the username already exists in an external user database such as NIS or LDAP, useradd will deny the user account creation request. Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes. They can end with a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]? Usernames may only be up to 32 characters long. The following configuration variables in /etc/login.defs change the behavior of this tool: &CREATE_HOME; &GID_MAX; &HOME_MODE; &LASTLOG_UID_MAX; &MAIL_DIR; &MAX_MEMBERS_PER_GROUP; &PASS_MAX_DAYS; &PASS_MIN_DAYS; &PASS_WARN_AGE; &SUB_GID_COUNT; &SUB_UID_COUNT; &SYS_GID_MAX; &SYS_UID_MAX; &TCB_AUTH_GROUP; &TCB_SYMLINKS; &UID_MAX; &UMASK; &USE_TCB; &USERGROUPS_ENAB; /etc/passwd User account information. /etc/shadow Secure user account information. /etc/group Group account information. /etc/gshadow Secure group account information. /etc/default/useradd Default values for account creation. /etc/skel/ Directory containing default files. /etc/subgid Per user subordinate group IDs. /etc/subuid Per user subordinate user IDs. /etc/login.defs Shadow password suite configuration. The useradd command exits with the following values: 0 success 1 can't update password file 2 invalid command syntax 3 invalid argument to option 4 UID already in use (and no -o) 6 specified group doesn't exist 9 username already in use 10 can't update group file 12 can't create home directory 14 can't update SELinux user mapping chfn1 , chsh1 , passwd1 , crypt3 , groupadd8 , groupdel8 , groupmod8 , login.defs5 , newusers8 , subgid5 , subuid5 , userdel8 , usermod8 .