]> Julianne Frances Haugh Creation, 1991 Thomas Kłoczko kloczek@pld.org.pl shadow-utils maintainer, 2000 - 2007 Nicolas François nicolas.francois@centraliens.net shadow-utils maintainer, 2007 - now useradd 8 System Management Commands shadow-utils &SHADOW_UTILS_VERSION; useradd create a new user or update default new user information useradd options LOGIN useradd -D useradd -D options DESCRIPTION When invoked without the option, the useradd command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files. By default, a group will also be created for the new user (see , , , and ). OPTIONS The options which apply to the useradd command are:   Allow names that do not conform to standards. ,  BASE_DIR The default base directory for the system if  HOME_DIR is not specified. BASE_DIR is concatenated with the account name to define the home directory. If this option is not specified, useradd will use the base directory specified by the variable in /etc/default/useradd, or /home by default. ,  COMMENT Any text string. It is generally a short description of the account, and is currently used as the field for the user's full name. ,  HOME_DIR The new user will be created using HOME_DIR as the value for the user's login directory. The default is to append the LOGIN name to BASE_DIR and use that as the login directory name. If the directory HOME_DIR does not exist, then it will be created unless the option is specified. , See below, the subsection "Changing the default values". ,  EXPIRE_DATE The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD. If not specified, useradd will use the default expiry date specified by the variable in /etc/default/useradd, or an empty string (no expiry) by default. ,  INACTIVE defines the number of days after the password exceeded its maximum age where the user is expected to replace this password. The value is stored in the shadow password file. An input of 0 will disable an expired password with no delay. An input of -1 will blank the respective field in the shadow password file. See shadow5 for more information. If not specified, useradd will use the default inactivity period specified by the variable in /etc/default/useradd, or -1 by default. , Update /etc/subuid and /etc/subgid even when creating a system account with option. ,  GROUP The name or the number of the user's primary group. The group name must exist. A group number must refer to an already existing group. If not specified, the behavior of useradd will depend on the variable in /etc/login.defs. If this variable is set to yes (or is specified on the command line), a group will be created for the user, with the same name as her loginname. If the variable is set to no (or is specified on the command line), useradd will set the primary group of the new user to the value specified by the variable in /etc/default/useradd, or 1000 by default. ,  GROUP1[,GROUP2,...[,GROUPN]]] A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the option. The default is for the user to belong only to the initial group. In addition to passing in the -G flag, you can add the option to the file /etc/default/useradd which in turn will add all users to those supplementary groups. , Display help message and exit. ,  SKEL_DIR The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created by useradd. This option is only valid if the (or ) option is specified. If this option is not set, the skeleton directory is defined by the variable in /etc/default/useradd or, by default, /etc/skel. If possible, the ACLs and extended attributes are copied. ,  KEY=VALUE Overrides /etc/login.defs defaults (, , , and others). Example:  PASS_MAX_DAYS =-1 can be used when creating an account to turn off password aging. Multiple options can be specified, e.g.:  UID_MIN =100   UID_MAX=499 , Do not add the user to the lastlog and faillog databases. By default, the user's entries in the lastlog and faillog databases are reset to avoid reusing the entry from a previously deleted user. If this option is not specified, useradd will also consult the variable in the /etc/default/useradd if set to no the user will not be added to the lastlog and faillog databases. , Create the user's home directory if it does not exist. The files and directories contained in the skeleton directory (which can be defined with the option) will be copied to the home directory. By default, if this option is not specified and is not enabled, no home directories are created. The directory where the user's home directory is created must exist and have proper SELinux context and permissions. Otherwise the user's home directory cannot be created or accessed. , Do not create the user's home directory, even if the system wide setting from /etc/login.defs () is set to yes. , Do not create a group with the same name as the user, but add the user to the group specified by the option or by the variable in /etc/default/useradd. The default behavior (if the , , and options are not specified) is defined by the variable in /etc/login.defs. , allows the creation of an account with an already existing UID. This option is only valid in combination with the option. As a user identity serves as key to map between users on one hand and permissions, file ownerships and other aspects that determine the system's behavior on the other hand, more than one login name will access the account of the given UID. ,  PASSWORD defines an initial password for the account. PASSWORD is expected to be encrypted, as returned by crypt 3. Within a shell script, this option allows to create efficiently batches of users. Without this option, the new account will be locked and with no password defined, i.e. a single exclamation mark in the respective field of /etc/shadow. This is a state where the user won't be able to access the account or to define a password himself. Note:Avoid this option on the command line because the password (or encrypted password) will be visible by users listing the processes. You should make sure the password respects the system's password policy. , Create a system account. System users will be created with no aging information in /etc/shadow, and their numeric identifiers are chosen in the - range, defined in /etc/login.defs, instead of - (and their counterparts for the creation of groups). Note that useradd will not create a home directory for such a user, regardless of the default setting in /etc/login.defs (). You have to specify the options if you want a home directory for a system account to be created. Note that this option will not update /etc/subuid and /etc/subgid. You have to specify the options if you want to update the files for a system account to be created. ,  CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. Only absolute paths are supported. ,  PREFIX_DIR Apply changes to configuration files under the root filesystem found under the directory PREFIX_DIR. This option does not chroot and is intended for preparing a cross-compilation target. Some limitations: NIS and LDAP users/groups are not verified. PAM authentication is using the host files. No SELINUX support. ,  SHELL sets the path to the user's login shell. Without this option, the system will use the variable specified in /etc/default/useradd, or, if that is as well not set, the field for the login shell in /etc/passwd remains empty. ,  UID The numerical value of the user's ID. This value must be unique, unless the option is used. The value must be non-negative. The default is to use the smallest ID value greater than or equal to and greater than every other user. See also the option and the description. , Create a group with the same name as the user, and add the user to this group. The default behavior (if the , , and options are not specified) is defined by the variable in /etc/login.defs. ,  SEUSER defines the SELinux user for the new account. Without this option, SELinux uses the default user. Note that the shadow system doesn't store the selinux-user, it uses semanage 8 for that.  SERANGE defines the SELinux MLS range for the new account. Without this option, SELinux uses the default range. Note that the shadow system doesn't store the selinux-range, it uses semanage 8 for that. This option is only valid if the (or ) option is specified. Changing the default values When invoked with only the option, useradd will display the current default values. When invoked with plus other options, useradd will update the default values for the specified options. Valid default-changing options are: ,  BASE_DIR sets the path prefix for a new user's home directory. The user's name will be affixed to the end of BASE_DIR to form the new user's home directory name, if the option is not used when creating a new account. This option sets the variable in /etc/default/useradd. ,  EXPIRE_DATE sets the date on which newly created user accounts are disabled. This option sets the variable in /etc/default/useradd. ,  INACTIVE defines the number of days after the password exceeded its maximum age where the user is expected to replace this password. See shadow5 for more information. This option sets the variable in /etc/default/useradd. ,  GROUP sets the default primary group for newly created users, accepting group names or a numerical group ID. The named group must exist, and the GID must have an existing entry. This option sets the variable in /etc/default/useradd. ,  SHELL defines the default login shell for new users. This option sets the variable in /etc/default/useradd. NOTES The system administrator is responsible for placing the default user files in the /etc/skel/ directory (or any other skeleton directory specified in /etc/default/useradd or on the command line). CAVEATS You may not add a user to a NIS or LDAP group. This must be performed on the corresponding server. Similarly, if the username already exists in an external user database such as NIS or LDAP, useradd will deny the user account creation request. Usernames may contain only lower and upper case letters, digits, underscores, or dashes. They can end with a dollar sign. Dashes are not allowed at the beginning of the username. Fully numeric usernames and usernames . or .. are also disallowed. It is not recommended to use usernames beginning with . character as their home directories will be hidden in the ls output. Usernames may only be up to 32 characters long. CONFIGURATION The following configuration variables in /etc/login.defs change the behavior of this tool: &CREATE_HOME; &GID_MAX; &HOME_MODE; &LASTLOG_UID_MAX; &MAIL_DIR; &MAX_MEMBERS_PER_GROUP; &PASS_MAX_DAYS; &PASS_MIN_DAYS; &PASS_WARN_AGE; &SUB_GID_COUNT; &SUB_UID_COUNT; &SYS_GID_MAX; &SYS_UID_MAX; &TCB_AUTH_GROUP; &TCB_SYMLINKS; &UID_MAX; &UMASK; &USE_TCB; &USERGROUPS_ENAB; FILES /etc/passwd User account information. /etc/shadow Secure user account information. /etc/group Group account information. /etc/gshadow Secure group account information. /etc/default/useradd Default values for account creation. /etc/shadow-maint/useradd-pre.d/*, /etc/shadow-maint/useradd-post.d/* Run-part files to execute during user addition. The environment variable ACTION will be populated with useradd and SUBJECT with the username. useradd-pre.d will be executed prior to any user addition. useradd-post.d will execute after user addition. If a script exits non-zero then execution will terminate. /etc/skel/ Directory containing default files. /etc/subgid Per user subordinate group IDs. /etc/subuid Per user subordinate user IDs. /etc/login.defs Shadow password suite configuration. EXIT VALUES The useradd command exits with the following values: 0 success 1 can't update password file 2 invalid command syntax 3 invalid argument to option 4 UID already in use (and no ) 6 specified group doesn't exist 9 username or group name already in use 10 can't update group file 12 can't create home directory 14 can't update SELinux user mapping SEE ALSO chfn1 , chsh1 , passwd1 , crypt3 , groupadd8 , groupdel8 , groupmod8 , login.defs5 , newusers8 , subgid5 , subuid5 , userdel8 , usermod8 .