{"id":373,"date":"2019-10-21T20:00:26","date_gmt":"2019-10-21T18:00:26","guid":{"rendered":"http:\/\/linuxboxen2.dk\/?p=373"},"modified":"2019-10-21T20:00:26","modified_gmt":"2019-10-21T18:00:26","slug":"org_useradd","status":"publish","type":"post","link":"https:\/\/www.linuxboxen.dk\/?p=373","title":{"rendered":"USERADD"},"content":{"rendered":"
\n
\n
\n
\n

USERADD(8)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 System Management Commands\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 USERADD(8)<\/p>\n

NAME<\/p>\n

useradd – create a new user or update default new user information<\/p>\n

SYNOPSIS<\/p>\n

useradd [options] LOGIN<\/p>\n

useradd -D<\/p>\n

useradd -D [options]<\/p>\n

DESCRIPTION<\/p>\n

When invoked without the -D option, the useradd command creates a new
\nuser account using the values specified on the command line plus the
\ndefault values from the system. Depending on command line options,
\nthe useradd command will update system files and may also create the
\nnew user’s home directory and copy initial files.<\/p>\n

By default, a group will also be created for the new user (see -g,
\n-N, -U, and USERGROUPS_ENAB).<\/p>\n

OPTIONS<\/p>\n

The options which apply to the useradd command are:<\/p>\n

-b, –base-dir BASE_DIR
\nThe default base directory for the system if -dHOME_DIR is not
\nspecified.\u00a0 BASE_DIR is concatenated with the account name to
\ndefine the home directory. If the -m option is not used, BASE_DIR
\nmust exist.<\/p>\n

If this option is not specified, useradd will use the base
\ndirectory specified by the HOME variable in \/etc\/default\/useradd,
\nor \/home by default.<\/p>\n

-c, –comment COMMENT
\nAny text string. It is generally a short description of the
\nlogin, and is currently used as the field for the user’s full
\nname.<\/p>\n

-d, –home HOME_DIR
\nThe new user will be created using HOME_DIR as the value for the
\nuser’s login directory. The default is to append the LOGIN name
\nto BASE_DIR and use that as the login directory name. The
\ndirectory HOME_DIR does not have to exist but will not be created
\nif it is missing.<\/p>\n

-D, –defaults
\nSee below, the subsection “Changing the default values”.<\/p>\n

-e, –expiredate EXPIRE_DATE
\nThe date on which the user account will be disabled. The date is
\nspecified in the format YYYY-MM-DD.<\/p>\n

If not specified, useradd will use the default expiry date
\nspecified by the EXPIRE variable in \/etc\/default\/useradd, or an
\nempty string (no expiry) by default.<\/p>\n

-f, –inactive INACTIVE
\nThe number of days after a password expires until the account is
\npermanently disabled. A value of 0 disables the account as soon
\nas the password has expired, and a value of -1 disables the
\nfeature.<\/p>\n

If not specified, useradd will use the default inactivity period
\nspecified by the INACTIVE variable in \/etc\/default\/useradd, or -1
\nby default.<\/p>\n

-g, –gid GROUP
\nThe group name or number of the user’s initial login group. The
\ngroup name must exist. A group number must refer to an already
\nexisting group.<\/p>\n

If not specified, the behavior of useradd will depend on the
\nUSERGROUPS_ENAB variable in \/etc\/login.defs. If this variable is
\nset to yes (or -U\/–user-group is specified on the command line),
\na group will be created for the user, with the same name as her
\nloginname. If the variable is set to no (or -N\/–no-user-group is
\nspecified on the command line), useradd will set the primary
\ngroup of the new user to the value specified by the GROUP
\nvariable in \/etc\/default\/useradd, or 100 by default.<\/p>\n

-G, –groups GROUP1[,GROUP2,…[,GROUPN]]]
\nA list of supplementary groups which the user is also a member
\nof. Each group is separated from the next by a comma, with no
\nintervening whitespace. The groups are subject to the same
\nrestrictions as the group given with the -g option. The default
\nis for the user to belong only to the initial group.<\/p>\n

-h, –help
\nDisplay help message and exit.<\/p>\n

-k, –skel SKEL_DIR
\nThe skeleton directory, which contains files and directories to
\nbe copied in the user’s home directory, when the home directory
\nis created by useradd.<\/p>\n

This option is only valid if the -m (or –create-home) option is
\nspecified.<\/p>\n

If this option is not set, the skeleton directory is defined by
\nthe SKEL variable in \/etc\/default\/useradd or, by default,
\n\/etc\/skel.<\/p>\n

If possible, the ACLs and extended attributes are copied.<\/p>\n

-K, –key KEY=VALUE
\nOverrides \/etc\/login.defs defaults (UID_MIN, UID_MAX, UMASK,
\nPASS_MAX_DAYS and others).<\/p>\n

Example: -K PASS_MAX_DAYS=-1 can be used when creating system
\naccount to turn off password ageing, even though system account
\nhas no password at all. Multiple -K options can be specified,
\ne.g.: -K UID_MIN=100-K UID_MAX=499<\/p>\n

-l, –no-log-init
\nDo not add the user to the lastlog and faillog databases.<\/p>\n

By default, the user’s entries in the lastlog and faillog
\ndatabases are resetted to avoid reusing the entry from a
\npreviously deleted user.<\/p>\n

-m, –create-home
\nCreate the user’s home directory if it does not exist. The files
\nand directories contained in the skeleton directory (which can be
\ndefined with the -k option) will be copied to the home directory.<\/p>\n

By default, if this option is not specified and CREATE_HOME is
\nnot enabled, no home directories are created.<\/p>\n

-M
\nDo no create the user’s home directory, even if the system wide
\nsetting from \/etc\/login.defs (CREATE_HOME) is set to yes.<\/p>\n

-N, –no-user-group
\nDo not create a group with the same name as the user, but add the
\nuser to the group specified by the -g option or by the GROUP
\nvariable in \/etc\/default\/useradd.<\/p>\n

The default behavior (if the -g, -N, and -U options are not
\nspecified) is defined by the USERGROUPS_ENAB variable in
\n\/etc\/login.defs.<\/p>\n

-o, –non-unique
\nAllow the creation of a user account with a duplicate
\n(non-unique) UID.<\/p>\n

This option is only valid in combination with the -u option.<\/p>\n

-p, –password PASSWORD
\nThe encrypted password, as returned by crypt(3). The default is
\nto disable the password.<\/p>\n

Note: This option is not recommended because the password (or
\nencrypted password) will be visible by users listing the
\nprocesses.<\/p>\n

You should make sure the password respects the system’s password
\npolicy.<\/p>\n

-r, –system
\nCreate a system account.<\/p>\n

System users will be created with no aging information in
\n\/etc\/shadow, and their numeric identifiers are chosen in the
\nSYS_UID_MIN-SYS_UID_MAX range, defined in \/etc\/login.defs,
\ninstead of UID_MIN-UID_MAX (and their GID counterparts for the
\ncreation of groups).<\/p>\n

Note that useradd will not create a home directory for such an
\nuser, regardless of the default setting in \/etc\/login.defs
\n(CREATE_HOME). You have to specify the -m options if you want a
\nhome directory for a system account to be created.<\/p>\n

-R, –root CHROOT_DIR
\nApply changes in the CHROOT_DIR directory and use the
\nconfiguration files from the CHROOT_DIR directory.<\/p>\n

-s, –shell SHELL
\nThe name of the user’s login shell. The default is to leave this
\nfield blank, which causes the system to select the default login
\nshell specified by the SHELL variable in \/etc\/default\/useradd, or
\nan empty string by default.<\/p>\n

-u, –uid UID
\nThe numerical value of the user’s ID. This value must be unique,
\nunless the -o option is used. The value must be non-negative. The
\ndefault is to use the smallest ID value greater than or equal to
\nUID_MIN and greater than every other user.<\/p>\n

See also the -r option and the UID_MAX description.<\/p>\n

-U, –user-group
\nCreate a group with the same name as the user, and add the user
\nto this group.<\/p>\n

The default behavior (if the -g, -N, and -U options are not
\nspecified) is defined by the USERGROUPS_ENAB variable in
\n\/etc\/login.defs.<\/p>\n

-Z, –selinux-user SEUSER
\nThe SELinux user for the user’s login. The default is to leave
\nthis field blank, which causes the system to select the default
\nSELinux user.<\/p>\n

Changing the default values
\nWhen invoked with only the -D option, useradd will display the
\ncurrent default values. When invoked with -D plus other options,
\nuseradd will update the default values for the specified options.
\nValid default-changing options are:<\/p>\n

-b, –base-dir BASE_DIR
\nThe path prefix for a new user’s home directory. The user’s name
\nwill be affixed to the end of BASE_DIR to form the new user’s
\nhome directory name, if the -d option is not used when creating a
\nnew account.<\/p>\n

This option sets the HOME variable in \/etc\/default\/useradd.<\/p>\n

-e, –expiredate EXPIRE_DATE
\nThe date on which the user account is disabled.<\/p>\n

This option sets the EXPIRE variable in \/etc\/default\/useradd.<\/p>\n

-f, –inactive INACTIVE
\nThe number of days after a password has expired before the
\naccount will be disabled.<\/p>\n

This option sets the INACTIVE variable in \/etc\/default\/useradd.<\/p>\n

-g, –gid GROUP
\nThe group name or ID for a new user’s initial group (when the
\n-N\/–no-user-group is used or when the USERGROUPS_ENAB variable
\nis set to no in \/etc\/login.defs). The named group must exist, and
\na numerical group ID must have an existing entry.<\/p>\n

This option sets the GROUP variable in \/etc\/default\/useradd.<\/p>\n

-s, –shell SHELL
\nThe name of a new user’s login shell.<\/p>\n

This option sets the SHELL variable in \/etc\/default\/useradd.<\/p>\n

NOTES<\/p>\n

The system administrator is responsible for placing the default user
\nfiles in the \/etc\/skel\/ directory (or any other skeleton directory
\nspecified in \/etc\/default\/useradd or on the command line).<\/p>\n

CAVEATS<\/p>\n

You may not add a user to a NIS or LDAP group. This must be performed
\non the corresponding server.<\/p>\n

Similarly, if the username already exists in an external user
\ndatabase such as NIS or LDAP, useradd will deny the user account
\ncreation request.<\/p>\n

Usernames must start with a lower case letter or an underscore,
\nfollowed by lower case letters, digits, underscores, or dashes. They
\ncan end with a dollar sign. In regular expression terms:
\n[a-z_][a-z0-9_-]*[$]?<\/p>\n

Usernames may only be up to 32 characters long.<\/p>\n

CONFIGURATION<\/p>\n

The following configuration variables in \/etc\/login.defs change the
\nbehavior of this tool:<\/p>\n

CREATE_HOME (boolean)
\nIndicate if a home directory should be created by default for new
\nusers.<\/p>\n

This setting does not apply to system users, and can be
\noverridden on the command line.<\/p>\n

GID_MAX (number), GID_MIN (number)
\nRange of group IDs used for the creation of regular groups by
\nuseradd, groupadd, or newusers.<\/p>\n

The default value for GID_MIN (resp.\u00a0 GID_MAX) is 1000 (resp.
\n60000).<\/p>\n

MAIL_DIR (string)
\nThe mail spool directory. This is needed to manipulate the
\nmailbox when its corresponding user account is modified or
\ndeleted. If not specified, a compile-time default is used.<\/p>\n

MAIL_FILE (string)
\nDefines the location of the users mail spool files relatively to
\ntheir home directory.<\/p>\n

The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod,
\nand userdel to create, move, or delete the user’s mail spool.<\/p>\n

If MAIL_CHECK_ENAB is set to yes, they are also used to define the
\nMAIL environment variable.<\/p>\n

MAX_MEMBERS_PER_GROUP (number)
\nMaximum members per group entry. When the maximum is reached, a
\nnew group entry (line) is started in \/etc\/group (with the same
\nname, same password, and same GID).<\/p>\n

The default value is 0, meaning that there are no limits in the
\nnumber of members in a group.<\/p>\n

This feature (split group) permits to limit the length of lines
\nin the group file. This is useful to make sure that lines for NIS
\ngroups are not larger than 1024 characters.<\/p>\n

If you need to enforce such limit, you can use 25.<\/p>\n

Note: split groups may not be supported by all tools (even in the
\nShadow toolsuite). You should not use this variable unless you
\nreally need it.<\/p>\n

PASS_MAX_DAYS (number)
\nThe maximum number of days a password may be used. If the
\npassword is older than this, a password change will be forced. If
\nnot specified, -1 will be assumed (which disables the
\nrestriction).<\/p>\n

PASS_MIN_DAYS (number)
\nThe minimum number of days allowed between password changes. Any
\npassword changes attempted sooner than this will be rejected. If
\nnot specified, -1 will be assumed (which disables the
\nrestriction).<\/p>\n

PASS_WARN_AGE (number)
\nThe number of days warning given before a password expires. A
\nzero means warning is given only upon the day of expiration, a
\nnegative value means no warning is given. If not specified, no
\nwarning will be provided.<\/p>\n

SYS_GID_MAX (number), SYS_GID_MIN (number)
\nRange of group IDs used for the creation of system groups by
\nuseradd, groupadd, or newusers.<\/p>\n

The default value for SYS_GID_MIN (resp.\u00a0 SYS_GID_MAX) is 101
\n(resp.\u00a0 GID_MIN-1).<\/p>\n

SYS_UID_MAX (number), SYS_UID_MIN (number)
\nRange of user IDs used for the creation of system users by
\nuseradd or newusers.<\/p>\n

The default value for SYS_UID_MIN (resp.\u00a0 SYS_UID_MAX) is 101
\n(resp.\u00a0 UID_MIN-1).<\/p>\n

UID_MAX (number), UID_MIN (number)
\nRange of user IDs used for the creation of regular users by
\nuseradd or newusers.<\/p>\n

The default value for UID_MIN (resp.\u00a0 UID_MAX) is 1000 (resp.
\n60000).<\/p>\n

UMASK (number)
\nThe file mode creation mask is initialized to this value. If not
\nspecified, the mask will be initialized to 022.<\/p>\n

useradd and newusers use this mask to set the mode of the home
\ndirectory they create<\/p>\n

It is also used by login to define users’ initial umask. Note
\nthat this mask can be overridden by the user’s GECOS line (if
\nQUOTAS_ENAB is set) or by the specification of a limit with the K
\nidentifier in limits(5).<\/p>\n

USERGROUPS_ENAB (boolean)
\nEnable setting of the umask group bits to be the same as owner
\nbits (examples: 022 -> 002, 077 -> 007) for non-root users, if
\nthe uid is the same as gid, and username is the same as the
\nprimary group name.<\/p>\n

If set to yes, userdel will remove the user’s group if it
\ncontains no more members, and useradd will create by default a
\ngroup with the name of the user.<\/p>\n

FILES<\/p>\n

\/etc\/passwd
\nUser account information.<\/p>\n

\/etc\/shadow
\nSecure user account information.<\/p>\n

\/etc\/group
\nGroup account information.<\/p>\n

\/etc\/gshadow
\nSecure group account information.<\/p>\n

\/etc\/default\/useradd
\nDefault values for account creation.<\/p>\n

\/etc\/skel\/
\nDirectory containing default files.<\/p>\n

\/etc\/login.defs
\nShadow password suite configuration.<\/p>\n

EXIT VALUES<\/p>\n

The useradd command exits with the following values:<\/p>\n

0
\nsuccess<\/p>\n

1
\ncan’t update password file<\/p>\n

2
\ninvalid command syntax<\/p>\n

3
\ninvalid argument to option<\/p>\n

4
\nUID already in use (and no -o)<\/p>\n

6
\nspecified group doesn’t exist<\/p>\n

9
\nusername already in use<\/p>\n

10
\ncan’t update group file<\/p>\n

12
\ncan’t create home directory<\/p>\n

14
\ncan’t update SELinux user mapping<\/p>\n

SEE ALSO<\/p>\n

chfn(1), chsh(1), passwd(1), crypt(3), groupadd(8), groupdel(8),
\ngroupmod(8), login.defs(5), newusers(8), userdel(8), usermod(8).<\/p>\n

COLOPHON<\/p>\n

This page is part of the shadow-utils (utilities for managing
\naccounts and shadow password files) project.\u00a0 Information about the
\nproject can be found at \u27e8http:\/\/pkg-shadow.alioth.debian.org\/\u27e9.\u00a0 If
\nyou have a bug report for this manual page, see
\n\u27e8http:\/\/pkg-shadow.alioth.debian.org\/getinvolved.php\u27e9.\u00a0 This page was
\nobtained from the project’s upstream Subversion repository
\n(svn:\/\/anonscm.debian.org\/pkg-shadow\/) on 2014-12-30.\u00a0 If you dis\u2010
\ncover any rendering problems in this HTML version of the page, or you
\nbelieve there is a better or more up-to-date source for the page, or
\nyou have corrections or improvements to the information in this
\nCOLOPHON (which is not part of the original manual page), send a mail
\nto\u00a0man-pages@man7.org<\/p>\n

shadow-utils 4.1.5.1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 01\/27\/2014\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 USERADD(8)<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

<\/div>\n","protected":false},"excerpt":{"rendered":"

USERADD(8)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 System Management Commands\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 USERADD(8) NAME useradd – create a new user or update default new user information SYNOPSIS useradd [options] LOGIN useradd -D useradd -D [options] DESCRIPTION When invoked without the -D option, the useradd command creates a new user account using the values specified on the command line plus the default values from […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[8],"tags":[],"class_list":["post-373","post","type-post","status-publish","format-standard","hentry","category-shell"],"a3_pvc":{"activated":false,"total_views":0,"today_views":0},"_links":{"self":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/posts\/373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=373"}],"version-history":[{"count":0,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/posts\/373\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}