1USERADD(8)                System Management Commands                USERADD(8)
2
3
4

NAME

6       useradd - create a new user or update default new user information
7

SYNOPSIS

9       useradd [options] LOGIN
10
11       useradd -D
12
13       useradd -D [options]
14

DESCRIPTION

16       When invoked without the -D option, the useradd command creates a new
17       user account using the values specified on the command line plus the
18       default values from the system. Depending on command line options, the
19       useradd command will update system files and may also create the new
20       user's home directory and copy initial files.
21
22       By default, a group will also be created for the new user (see -g, -N,
23       -U, and USERGROUPS_ENAB).
24

OPTIONS

26       The options which apply to the useradd command are:
27
28       -b, --base-dir BASE_DIR
29           The default base directory for the system if -d HOME_DIR is not
30           specified.  BASE_DIR is concatenated with the account name to
31           define the home directory. If the -m option is not used, BASE_DIR
32           must exist.
33
34           If this option is not specified, useradd will use the base
35           directory specified by the HOME variable in /etc/default/useradd,
36           or /home by default.
37
38       -c, --comment COMMENT
39           Any text string. It is generally a short description of the login,
40           and is currently used as the field for the user's full name.
41
42       -d, --home-dir HOME_DIR
43           The new user will be created using HOME_DIR as the value for the
44           user's login directory. The default is to append the LOGIN name to
45           BASE_DIR and use that as the login directory name. The directory
46           HOME_DIR does not have to exist but will not be created if it is
47           missing.
48
49       -D, --defaults
50           See below, the subsection "Changing the default values".
51
52       -e, --expiredate EXPIRE_DATE
53           The date on which the user account will be disabled. The date is
54           specified in the format YYYY-MM-DD.
55
56           If not specified, useradd will use the default expiry date
57           specified by the EXPIRE variable in /etc/default/useradd, or an
58           empty string (no expiry) by default.
59
60       -f, --inactive INACTIVE
61           The number of days after a password expires until the account is
62           permanently disabled. A value of 0 disables the account as soon as
63           the password has expired, and a value of -1 disables the feature.
64
65           If not specified, useradd will use the default inactivity period
66           specified by the INACTIVE variable in /etc/default/useradd, or -1
67           by default.
68
69       -g, --gid GROUP
70           The group name or number of the user's initial login group. The
71           group name must exist. A group number must refer to an already
72           existing group.
73
74           If not specified, the behavior of useradd will depend on the
75           USERGROUPS_ENAB variable in /etc/login.defs. If this variable is
76           set to yes (or -U/--user-group is specified on the command line), a
77           group will be created for the user, with the same name as her
78           loginname. If the variable is set to no (or -N/--no-user-group is
79           specified on the command line), useradd will set the primary group
80           of the new user to the value specified by the GROUP variable in
81           /etc/default/useradd, or 100 by default.
82
83       -G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
84           A list of supplementary groups which the user is also a member of.
85           Each group is separated from the next by a comma, with no
86           intervening whitespace. The groups are subject to the same
87           restrictions as the group given with the -g option. The default is
88           for the user to belong only to the initial group.
89
90       -h, --help
91           Display help message and exit.
92
93       -k, --skel SKEL_DIR
94           The skeleton directory, which contains files and directories to be
95           copied in the user's home directory, when the home directory is
96           created by useradd.
97
98           This option is only valid if the -m (or --create-home) option is
99           specified.
100
101           If this option is not set, the skeleton directory is defined by the
102           SKEL variable in /etc/default/useradd or, by default, /etc/skel.
103
104           If possible, the ACLs and extended attributes are copied.
105
106       -K, --key KEY=VALUE
107           Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK,
108           PASS_MAX_DAYS and others).
109
110           Example: -K PASS_MAX_DAYS=-1 can be used when creating system
111           account to turn off password aging, even though system account has
112           no password at all. Multiple -K options can be specified, e.g.:
113           -K UID_MIN=100  -K UID_MAX=499
114
115       -l, --no-log-init
116           Do not add the user to the lastlog and faillog databases.
117
118           By default, the user's entries in the lastlog and faillog databases
119           are reset to avoid reusing the entry from a previously deleted
120           user.
121
122       -m, --create-home
123           Create the user's home directory if it does not exist. The files
124           and directories contained in the skeleton directory (which can be
125           defined with the -k option) will be copied to the home directory.
126
127           By default, if this option is not specified and CREATE_HOME is not
128           enabled, no home directories are created.
129
130           The directory where the user's home directory is created must exist
131           and have proper SELinux context and permissions. Otherwise the
132           user's home directory cannot be created or accessed.
133
134       -M, --no-create-home
135           Do no create the user's home directory, even if the system wide
136           setting from /etc/login.defs (CREATE_HOME) is set to yes.
137
138       -N, --no-user-group
139           Do not create a group with the same name as the user, but add the
140           user to the group specified by the -g option or by the GROUP
141           variable in /etc/default/useradd.
142
143           The default behavior (if the -g, -N, and -U options are not
144           specified) is defined by the USERGROUPS_ENAB variable in
145           /etc/login.defs.
146
147       -o, --non-unique
148           Allow the creation of a user account with a duplicate (non-unique)
149           UID.
150
151           This option is only valid in combination with the -u option.
152
153       -p, --password PASSWORD
154           The encrypted password, as returned by crypt(3). The default is to
155           disable the password.
156
157           Note: This option is not recommended because the password (or
158           encrypted password) will be visible by users listing the processes.
159
160           You should make sure the password respects the system's password
161           policy.
162
163       -r, --system
164           Create a system account.
165
166           System users will be created with no aging information in
167           /etc/shadow, and their numeric identifiers are chosen in the
168           SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead
169           of UID_MIN-UID_MAX (and their GID counterparts for the creation of
170           groups).
171
172           Note that useradd will not create a home directory for such a user,
173           regardless of the default setting in /etc/login.defs (CREATE_HOME).
174           You have to specify the -m options if you want a home directory for
175           a system account to be created.
176
177       -R, --root CHROOT_DIR
178           Apply changes in the CHROOT_DIR directory and use the configuration
179           files from the CHROOT_DIR directory.
180
181       -P, --prefix PREFIX_DIR
182           Apply changes in the PREFIX_DIR directory and use the configuration
183           files from the PREFIX_DIR directory. This option does not chroot
184           and is intended for preparing a cross-compilation target. Some
185           limitations: NIS and LDAP users/groups are not verified. PAM
186           authentication is using the host files. No SELINUX support.
187
188       -s, --shell SHELL
189           The name of the user's login shell. The default is to leave this
190           field blank, which causes the system to select the default login
191           shell specified by the SHELL variable in /etc/default/useradd, or
192           an empty string by default.
193
194       -u, --uid UID
195           The numerical value of the user's ID. This value must be unique,
196           unless the -o option is used. The value must be non-negative. The
197           default is to use the smallest ID value greater than or equal to
198           UID_MIN and greater than every other user.
199
200           See also the -r option and the UID_MAX description.
201
202       -U, --user-group
203           Create a group with the same name as the user, and add the user to
204           this group.
205
206           The default behavior (if the -g, -N, and -U options are not
207           specified) is defined by the USERGROUPS_ENAB variable in
208           /etc/login.defs.
209
210       -Z, --selinux-user SEUSER
211           The SELinux user for the user's login. The default is to leave this
212           field blank, which causes the system to select the default SELinux
213           user.
214
215   Changing the default values
216       When invoked with only the -D option, useradd will display the current
217       default values. When invoked with -D plus other options, useradd will
218       update the default values for the specified options. Valid
219       default-changing options are:
220
221       -b, --base-dir BASE_DIR
222           The path prefix for a new user's home directory. The user's name
223           will be affixed to the end of BASE_DIR to form the new user's home
224           directory name, if the -d option is not used when creating a new
225           account.
226
227           This option sets the HOME variable in /etc/default/useradd.
228
229       -e, --expiredate EXPIRE_DATE
230           The date on which the user account is disabled.
231
232           This option sets the EXPIRE variable in /etc/default/useradd.
233
234       -f, --inactive INACTIVE
235           The number of days after a password has expired before the account
236           will be disabled.
237
238           This option sets the INACTIVE variable in /etc/default/useradd.
239
240       -g, --gid GROUP
241           The group name or ID for a new user's initial group (when the
242           -N/--no-user-group is used or when the USERGROUPS_ENAB variable is
243           set to no in /etc/login.defs). The named group must exist, and a
244           numerical group ID must have an existing entry.
245
246           This option sets the GROUP variable in /etc/default/useradd.
247
248       -s, --shell SHELL
249           The name of a new user's login shell.
250
251           This option sets the SHELL variable in /etc/default/useradd.
252

NOTES

254       The system administrator is responsible for placing the default user
255       files in the /etc/skel/ directory (or any other skeleton directory
256       specified in /etc/default/useradd or on the command line).
257

CAVEATS

259       You may not add a user to a NIS or LDAP group. This must be performed
260       on the corresponding server.
261
262       Similarly, if the username already exists in an external user database
263       such as NIS or LDAP, useradd will deny the user account creation
264       request.
265
266       Usernames may contain only lower and upper case letters, digits,
267       underscores, or dashes. They can end with a dollar sign. Dashes are not
268       allowed at the beginning of the username. Fully numeric usernames and
269       usernames . or .. are also disallowed. It is not recommended to use
270       usernames beginning with . character as their home directories will be
271       hidden in the ls output. In regular expression terms:
272       [a-zA-Z0-9_.][a-zA-Z0-9_.-]*[$]?
273
274       Usernames may only be up to 32 characters long.
275

CONFIGURATION

277       The following configuration variables in /etc/login.defs change the
278       behavior of this tool:
279
280       CREATE_HOME (boolean)
281           Indicate if a home directory should be created by default for new
282           users.
283
284           This setting does not apply to system users, and can be overridden
285           on the command line.
286
287       GID_MAX (number), GID_MIN (number)
288           Range of group IDs used for the creation of regular groups by
289           useradd, groupadd, or newusers.
290
291           The default value for GID_MIN (resp.  GID_MAX) is 1000 (resp.
292           60000).
293
294       MAIL_DIR (string)
295           The mail spool directory. This is needed to manipulate the mailbox
296           when its corresponding user account is modified or deleted. If not
297           specified, a compile-time default is used.
298
299       MAIL_FILE (string)
300           Defines the location of the users mail spool files relatively to
301           their home directory.
302
303       The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and
304       userdel to create, move, or delete the user's mail spool.
305
306       If MAIL_CHECK_ENAB is set to yes, they are also used to define the MAIL
307       environment variable.
308
309       MAX_MEMBERS_PER_GROUP (number)
310           Maximum members per group entry. When the maximum is reached, a new
311           group entry (line) is started in /etc/group (with the same name,
312           same password, and same GID).
313
314           The default value is 0, meaning that there are no limits in the
315           number of members in a group.
316
317           This feature (split group) permits to limit the length of lines in
318           the group file. This is useful to make sure that lines for NIS
319           groups are not larger than 1024 characters.
320
321           If you need to enforce such limit, you can use 25.
322
323           Note: split groups may not be supported by all tools (even in the
324           Shadow toolsuite). You should not use this variable unless you
325           really need it.
326
327       PASS_MAX_DAYS (number)
328           The maximum number of days a password may be used. If the password
329           is older than this, a password change will be forced. If not
330           specified, -1 will be assumed (which disables the restriction).
331
332       PASS_MIN_DAYS (number)
333           The minimum number of days allowed between password changes. Any
334           password changes attempted sooner than this will be rejected. If
335           not specified, -1 will be assumed (which disables the restriction).
336
337       PASS_WARN_AGE (number)
338           The number of days warning given before a password expires. A zero
339           means warning is given only upon the day of expiration, a negative
340           value means no warning is given. If not specified, no warning will
341           be provided.
342
343       SUB_GID_MIN (number), SUB_GID_MAX (number), SUB_GID_COUNT (number)
344           If /etc/subuid exists, the commands useradd and newusers (unless
345           the user already have subordinate group IDs) allocate SUB_GID_COUNT
346           unused group IDs from the range SUB_GID_MIN to SUB_GID_MAX for each
347           new user.
348
349           The default values for SUB_GID_MIN, SUB_GID_MAX, SUB_GID_COUNT are
350           respectively 100000, 600100000 and 10000.
351
352       SUB_UID_MIN (number), SUB_UID_MAX (number), SUB_UID_COUNT (number)
353           If /etc/subuid exists, the commands useradd and newusers (unless
354           the user already have subordinate user IDs) allocate SUB_UID_COUNT
355           unused user IDs from the range SUB_UID_MIN to SUB_UID_MAX for each
356           new user.
357
358           The default values for SUB_UID_MIN, SUB_UID_MAX, SUB_UID_COUNT are
359           respectively 100000, 600100000 and 10000.
360
361       SYS_GID_MAX (number), SYS_GID_MIN (number)
362           Range of group IDs used for the creation of system groups by
363           useradd, groupadd, or newusers.
364
365           The default value for SYS_GID_MIN (resp.  SYS_GID_MAX) is 101
366           (resp.  GID_MIN-1).
367
368       SYS_UID_MAX (number), SYS_UID_MIN (number)
369           Range of user IDs used for the creation of system users by useradd
370           or newusers.
371
372           The default value for SYS_UID_MIN (resp.  SYS_UID_MAX) is 101
373           (resp.  UID_MIN-1).
374
375       UID_MAX (number), UID_MIN (number)
376           Range of user IDs used for the creation of regular users by useradd
377           or newusers.
378
379           The default value for UID_MIN (resp.  UID_MAX) is 1000 (resp.
380           60000).
381
382       UMASK (number)
383           The file mode creation mask is initialized to this value. If not
384           specified, the mask will be initialized to 022.
385
386           useradd and newusers use this mask to set the mode of the home
387           directory they create
388
389           It is also used by login to define users' initial umask. Note that
390           this mask can be overridden by the user's GECOS line (if
391           QUOTAS_ENAB is set) or by the specification of a limit with the K
392           identifier in limits(5).
393
394       USERGROUPS_ENAB (boolean)
395           Enable setting of the umask group bits to be the same as owner bits
396           (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid
397           is the same as gid, and username is the same as the primary group
398           name.
399
400           If set to yes, userdel will remove the user's group if it contains
401           no more members, and useradd will create by default a group with
402           the name of the user.
403

FILES

405       /etc/passwd
406           User account information.
407
408       /etc/shadow
409           Secure user account information.
410
411       /etc/group
412           Group account information.
413
414       /etc/gshadow
415           Secure group account information.
416
417       /etc/default/useradd
418           Default values for account creation.
419
420       /etc/skel/
421           Directory containing default files.
422
423       /etc/subgid
424           Per user subordinate group IDs.
425
426       /etc/subuid
427           Per user subordinate user IDs.
428
429       /etc/login.defs
430           Shadow password suite configuration.
431

EXIT VALUES

433       The useradd command exits with the following values:
434
435       0
436           success
437
438       1
439           can't update password file
440
441       2
442           invalid command syntax
443
444       3
445           invalid argument to option
446
447       4
448           UID already in use (and no -o)
449
450       6
451           specified group doesn't exist
452
453       9
454           username already in use
455
456       10
457           can't update group file
458
459       12
460           can't create home directory
461
462       14
463           can't update SELinux user mapping
464

SEE ALSO

466       chfn(1), chsh(1), passwd(1), crypt(3), groupadd(8), groupdel(8),
467       groupmod(8), login.defs(5), newusers(8), subgid(5), subuid(5),
468       userdel(8), usermod(8).
469
470
471
472shadow-utils 4.6                  11/08/2018                        USERADD(8)
Impressum