LinuxCommandLibrary

useradd

Create new user accounts

TLDR

Create a new user

$ sudo useradd [username]
copy

Create a new user with the specified user ID
$ sudo useradd [[-u|--uid]] [id] [username]
copy

Create a new user with the specified shell
$ sudo useradd [[-s|--shell]] [path/to/shell] [username]
copy

Create a new user belonging to additional groups (mind the lack of whitespace)
$ sudo useradd [[-G|--groups]] [group1,group2,...] [username]
copy

Create a new user with the default home directory
$ sudo useradd [[-m|--create-home]] [username]
copy

Create a new user with the home directory filled by template directory files
$ sudo useradd [[-k|--skel]] [path/to/template_directory] [[-m|--create-home]] [username]
copy

Create a new system user without the home directory
$ sudo useradd [[-r|--system]] [username]
copy

SYNOPSIS

useradd [options] LOGIN
useradd -D [options]

PARAMETERS

-c, --comment COMMENT
    Sets the GECOS field (full name, phone number, etc.) for the new user.

-d, --home-dir HOME_DIR
    Specifies the user's home directory. If not specified, it defaults based on /etc/login.defs.

-e, --expiredate EXPIRE_DATE
    Sets the account expiration date in YYYY-MM-DD format.

-f, --inactive INACTIVE
    Sets the number of days after a password expires until the account is permanently disabled. 0 means disable immediately, -1 means never.

-g, --gid GROUP
    Specifies the primary group name or GID for the new user.

-G, --groups GROUPS
    A comma-separated list of supplementary group names or GIDs the user will be a member of.

-k, --skel SKEL_DIR
    Specifies an alternative skeleton directory to copy files from instead of the default /etc/skel.

-m, --create-home
    Creates the user's home directory if it does not exist, copying files from the skeleton directory.

-M, --no-create-home
    Prevents the creation of the user's home directory, even if /etc/login.defs or /etc/default/useradd specifies it.

-N, --no-user-group
    Does not create a new group with the same name as the user's login name. The user's primary group must be specified with -g.

-o, --non-unique
    Allows creation of a user with a non-unique (duplicate) User ID (UID).

-p, --password PASSWORD
    Specifies an encrypted password for the new user. (Highly discouraged for security reasons; use passwd instead.)

-r, --system
    Creates a system account. System UIDs are typically low and these accounts often do not have a home directory.

-s, --shell SHELL
    Specifies the user's login shell. If not specified, the system default is used (e.g., /bin/bash or /bin/sh).

-u, --uid UID
    Specifies the User ID (UID) for the new user. If not specified, the next available non-system UID is chosen.

-U, --user-group
    Forces creation of a new group with the same name as the user's login name. This is the default behavior on most systems.

-D, --defaults
    Used without a LOGIN argument, this option displays the current default values for new user accounts. With other options, it modifies these defaults.

DESCRIPTION

useradd is a fundamental low-level utility on Linux systems used to create new user accounts. It directly modifies system account files such as /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow to register the new user's information. When creating a user, it can optionally create a home directory, copy skeleton files (from /etc/skel) into it, assign a primary group, add to supplementary groups, define a login shell, and set other account attributes like UID, GID, and expiration date.

Unlike some higher-level tools like adduser (often found on Debian/Ubuntu), useradd does not typically prompt for a password or other details interactively. A password must be set separately using the passwd command after the account creation. It's an essential tool for system administrators managing users directly from the command line or through scripts, providing granular control over user account properties.

CAVEATS

useradd does not set a password for the new account by default. You must use the passwd command immediately after creating the user to set their password.

Using the -p option to provide an encrypted password on the command line is a security risk as the password might be visible in process listings (e.g., ps aux) and shell history. It is highly recommended to use passwd for secure password setting.

The default behavior of useradd can vary between Linux distributions and is heavily influenced by settings in /etc/login.defs and /etc/default/useradd.

In some distributions (e.g., Debian/Ubuntu), adduser is often preferred over useradd for interactive user creation as it handles more steps automatically, including password prompting and home directory creation, making it more user-friendly for manual operations.

DEFAULT CONFIGURATION FILES

useradd retrieves its default values (like UID/GID range, home directory parent, shell, etc.) from two primary configuration files: /etc/login.defs and /etc/default/useradd. /etc/login.defs contains system-wide configuration settings for login, password, and user/group creation, while /etc/default/useradd specifically holds defaults for the useradd command itself (e.g., HOME, SHELL, SKEL, EXPIRE).

SKELETON DIRECTORY

By default, when a home directory is created (-m option), useradd copies the contents of the /etc/skel directory into the new user's home directory. This allows administrators to provide default configuration files, templates, or welcome messages for new users, ensuring a consistent initial environment. Examples of files often found in /etc/skel include .bashrc, .profile, and .vimrc.

HISTORY

The useradd command is a standard utility on Unix-like operating systems, including Linux, and has been a core component of user management toolsets for decades. Its origins lie in the early Unix systems, where similar utilities were needed to manage user accounts by modifying system flat files. In Linux, it is typically part of the shadow-utils package (or passwd package on some systems), which provides tools for managing user and group accounts and their shadow passwords. While its core functionality remains consistent, its implementation and default behaviors have evolved with Linux distributions, adapting to security best practices and system conventions.

SEE ALSO

passwd(1), usermod(8), userdel(8), groupadd(8), groups(1), id(1), login.defs(5)

Copied to clipboard