Useradd command – adding users to Linux

U

How often we add new users to a Linux system depends on the nature of the system we use: it can be a personal computer, where we rarely make changes, or a Linux server with many users. This article describes how to add a new user to a Linux system using the useradd command.

The basic syntax of the useradd command is:

useradd [-c comment] [-d home-dir] [-e expires-date] [-f inactive-days]
[-g default-group] [-G group [,…]] [-m [-k skeleton-dir] | -M] ↵
[-p password] [-s shell] [-u UID [-o]] [-r] [-N] username

In its simplest form, the command is used only by writing useradd username, where username is the name of the account we want to create. The rest of the parameters are used to change the system default values, which are stored in the /etc/login.defs file.

The comment parameter

The -c comment parameter adds a comment field to the newly created user. Some system administrators store public information about users in this field, such as the user’s office address or phone number. Others store only the full user name or even no information.

Home director

The -d home_dir parameter specifies the new user’s home directory if it is not the default on the system – /home/username.

Account expiration date

The -e due_date parameter sets the date when your new account expires. The date will be YYYY-MM-DD, although many systems also support other structures such as MM-DD-YYYY.

Inactive days

An account becomes completely inactive after passing a certain number of days after the password expires. The -f inactive_days parameter sets this number of days. The -1 value disables the option (it goes back to the default value).

The default group

You can set the group name or the GID (Group IDentification number) to be the default group for the new user using the -g group_option parameter. The default value of this parameter varies from distribution to distribution (it may be the same group name as the username or the group ‘users’).

Additional groups

The -G groups[,…] parameter sets the name or GIDs of one or more groups to which the user belongs. These groups do not have to be the default ones, and multiple comma-separated values can be specified.

Home director

The /etc/login.defs file specifies whether or not to create a home directory for new users (via CREATE_HOME or DEFAULT_HOME parameters – it depends on the distribution). If the above mentioned parameters in the /etc/login.defs file are set to yes, then the -m option in the useradd command will have no effect. If they are set to no, then the -m option switches this specification and a home directory will be created for the new user.

Normally, the default configuration (including the subdirectories) are copied from the /etc/skel directory.

No home directory

The -M option forces the system not to create a home directory even if this action is set in the /etc/login.defs file. This option can be used (often with the -u option described below, or -d described above) if the new user will take control of an existing user’s home directory – let’s say, for example, that a new employee will replace the one who left.

Specifying the hash password

The -p password parameter specifies the pre-hashed password for the new user’s password. The password value is added, unchanged, to /etc/passwd or /etc/shadow. That means if you add a non-hashed password, it will not work as you probably will expect. In practice, this parameter is used more extensively in scripts, where we can hash a password (using crypt) and then the hash value of the useradd command password can be sent. If this parameter is not used, the new user account will be disabled – it can be activated by adding a password. Adding or changing the user password will be done with the passwd command.

The terms encryption and hashed are often confused. A hash password is created using a mathematical process in one sense: generating a control amount from which the original value can not be deducted (the password in this case). If a password has been encrypted, it can then be decrypted, and the characters of the original password can be obtained. Linux passwords are hashed, even if we sometimes see the used encryption term (in the wrong way).

Shell default

The -s shell option sets the new user’s default shell. On most systems, it is /bin/bash, but one can easily specify other default shell.

UID

The -u UID parameter creates a new user with a specified UID (User IDentification number) value other than the one that will come default from the system. The value must be an integer, typically greater than 1000 for user accounts (some distributions allow lower values, eg over 500) – system accounts typically have values less than 200 or 100.

The -o option allows the UID number to be reused, so two user accounts can be associated with a single UID – it is only valid in combination with -u.

System accounts

The -r parameter specifies that the new account will be one of the system – will have a UID value less than UID_MIN specified in the /etc/login.defs file. The useradd command will also not create a home directory for these system users.

No User Group

In some distributions (such as those based on Red Hat), the system creates a group with the same name as the new user added – it will also be the default group for that user. The -N parameter disables this behavior.

An example of using the useradd command:

Let’s suppose that we have a hard disk mounted in the /home2 dir. We want to add a new user named John who has the home directory on the new drive in /home2. We also want to join group1, group2 and group3 – group3 is the default group.

We will write the command as below:

useradd -m -d /home2/john -g group3 -G group1,group2,group3 john

Recent Posts

Archives

Categories