1USERADD(8) System Management Commands USERADD(8)
2
6 useradd - create a new user or update default new user information
7
9 useradd [options] LOGIN
10 useradd -D
12 useradd -D [options]
14
16 When invoked without the -D option, the useradd command creates a new
17 user account using the values specified on the command line plus the
18 default values from the system. Depending on command line options, the
19 useradd command will update system files and may also create the new
20 user´s home directory and copy initial files.
21 By default, a group will also be created for the new user (see -g, -N,
23 -U, and USERGROUPS_ENAB).
24
26 The options which apply to the useradd command are:
27 -b, --base-dir BASE_DIR
29 The default base directory for the system if -d HOME_DIR is not
30 specified. BASE_DIR is concatenated with the account name to
31 define the home directory. If the -m option is not used, BASE_DIR
32 must exist.
33 If this option is not specified, useradd will use the base
35 directory specified by the HOME variable in /etc/default/useradd,
36 or /home by default.
37 -c, --comment COMMENT
39 Any text string. It is generally a short description of the login,
40 and is currently used as the field for the user´s full name.
41 -d, --home HOME_DIR
43 The new user will be created using HOME_DIR as the value for the
44 user´s login directory. The default is to append the LOGIN name to
45 BASE_DIR and use that as the login directory name. The directory
46 HOME_DIR does not have to exist but will not be created if it is
47 missing.
48 -D, --defaults
50 See below, the subsection "Changing the default values".
51 -e, --expiredate EXPIRE_DATE
53 The date on which the user account will be disabled. The date is
54 specified in the format YYYY-MM-DD.
55 If not specified, useradd will use the default expiry date
57 specified by the EXPIRE variable in /etc/default/useradd, or an
58 empty string (no expiry) by default.
59 -f, --inactive INACTIVE
61 The number of days after a password expires until the account is
62 permanently disabled. A value of 0 disables the account as soon as
63 the password has expired, and a value of -1 disables the feature.
64 If not specified, useradd will use the default inactivity period
66 specified by the INACTIVE variable in /etc/default/useradd, or -1
67 by default.
68 -g, --gid GROUP
70 The group name or number of the user´s initial login group. The
71 group name must exist. A group number must refer to an already
72 existing group.
73 If not specified, the bahavior of useradd will depend on the
75 USERGROUPS_ENAB variable in /etc/login.defs. If this variable is
76 set to yes (or -U/--user-group is specified on the command line), a
77 group will be created for the user, with the same name as her
78 loginname. If the variable is set to no (or -N/--no-user-group is
79 specified on the command line), useradd will set the primary group
80 of the new user to the value specified by the GROUP variable in
81 /etc/default/useradd, or 100 by default.
82 -G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
84 A list of supplementary groups which the user is also a member of.
85 Each group is separated from the next by a comma, with no
86 intervening whitespace. The groups are subject to the same
87 restrictions as the group given with the -g option. The default is
88 for the user to belong only to the initial group.
89 -h, --help
91 Display help message and exit.
92 -k, --skel SKEL_DIR
94 The skeleton directory, which contains files and directories to be
95 copied in the user´s home directory, when the home directory is
96 created by useradd.
97 This option is only valid if the -m (or --create-home) option is
99 specified.
100 If this option is not set, the skeleton directory is defined by the
102 SKEL variable in /etc/default/useradd or, by default, /etc/skel.
103 -K, --key KEY=VALUE
105 Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK,
106 PASS_MAX_DAYS and others).
107 Example: -K PASS_MAX_DAYS=-1 can be used when creating system
109 account to turn off password ageing, even though system account has
110 no password at all. Multiple -K options can be specified, e.g.: -K
111 UID_MIN=100 -K UID_MAX=499
112 Note: -K UID_MIN=10,UID_MAX=499 doesn´t work yet.
114 -l, --no-log-init
116 Do not add the user to the lastlog and faillog databases.
117 By default, the user´s entries in the lastlog and faillog databases
119 are resetted to avoid reusing the entry from a previously deleted
120 user.
121 -m, --create-home
123 Create the user´s home directory if it does not exist. The files
124 and directories contained in the skeleton directory (which can be
125 defined with the -k option) will be copied to the home directory.
126 The home directories are created by default on RHEL/Fedora systems
128 because of /etc/login.defs (CREATE_HOME) setting.
129 -M
131 Do no create the user´s home directory, even if the system wide
132 setting from /etc/login.defs (CREATE_HOME) is set to yes.
133 -N, --no-user-group
135 Do not create a group with the same name as the user, but add the
136 user to the group specified by the -g option or by the GROUP
137 variable in /etc/default/useradd.
138 The default behavior (if the -g, -N, and -U options are not
140 specified) is defined by the USERGROUPS_ENAB variable in
141 /etc/login.defs.
142 -o, --non-unique
144 Allow the creation of a user account with a duplicate (non-unique)
145 UID.
146 This option is only valid in combination with the -o option.
148 -p, --password PASSWORD
150 The encrypted password, as returned by crypt(3). The default is to
151 disable the password.
152 Note: This option is not recommended because the password (or
155 encrypted password) will be visible by users listing the processes.
156 You should make sure the password respects the system´s password
158 policy.
159 -r, --system
161 Create a system account.
162 System users will be created with no aging information in
164 /etc/shadow, and their numeric identifiers are choosen in the
165 SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead
166 of UID_MIN-UID_MAX (and their GID counterparts for the creation of
167 groups).
168 Note that useradd will not create a home directory for such an
170 user, regardless of the default setting in /etc/login.defs
171 (CREATE_HOME). You have to specify the -m options if you want a
172 home directory for a system account to be created.
173 -s, --shell SHELL
175 The name of the user´s login shell. The default is to leave this
176 field blank, which causes the system to select the default login
177 shell specified by the SHELL variable in /etc/default/useradd, or
178 an empty string by default.
179 -u, --uid UID
181 The numerical value of the user´s ID. This value must be unique,
182 unless the -o option is used. The value must be non-negative. The
183 default is to use the smallest ID value greater than 999 and
184 greater than every other user. Values between 0 and 999 are
185 typically reserved for system accounts.
186 -U, --user-group
188 Create a group with the same name as the user, and add the user to
189 this group.
190 The default behavior (if the -g, -N, and -U options are not
192 specified) is defined by the USERGROUPS_ENAB variable in
193 /etc/login.defs.
194 -Z, --selinux-user SEUSER
196 The SELinux user for the user´s login. The default is to leave this
197 field blank, which causes the system to select the default SELinux
198 user.
199 Changing the default values
201 When invoked with only the -D option, useradd will display the current
202 default values. When invoked with -D plus other options, useradd will
203 update the default values for the specified options. Valid
204 default-changing options are:
205 -b, --base-dir BASE_DIR
207 The path prefix for a new user´s home directory. The user´s name
208 will be affixed to the end of BASE_DIR to form the new user´s home
209 directory name, if the -d option is not used when creating a new
210 account.
211 This option sets the HOME variable in /etc/default/useradd.
213 -e, --expiredate EXPIRE_DATE
215 The date on which the user account is disabled.
216 This option sets the EXPIRE variable in /etc/default/useradd.
218 -f, --inactive INACTIVE
220 The number of days after a password has expired before the account
221 will be disabled.
222 This option sets the INACTIVE variable in /etc/default/useradd.
224 -g, --gid GROUP
226 The group name or ID for a new user´s initial group (when the
227 -N/--no-user-group is used or when the USERGROUPS_ENAB variable is
228 set to no in /etc/login.defs. The named group must exist, and a
229 numerical group ID must have an existing entry.
230 This option sets the GROUP variable in /etc/default/useradd.
232 -s, --shell SHELL
234 The name of a new user´s login shell.
235 This option sets the SHELL variable in /etc/default/useradd.
237
239 The system administrator is responsible for placing the default user
240 files in the /etc/skel/ directory (or any other skeleton directory
241 specified in /etc/default/useradd or on the command line).
242
244 You may not add a user to a NIS or LDAP group. This must be performed
245 on the corresponding server.
246 Similarly, if the username already exists in an external user database
248 such as NIS or LDAP, useradd will deny the user account creation
249 request.
250 Usernames may only be up to 32 characters long.
252
254 The following configuration variables in /etc/login.defs change the
255 behavior of this tool:
256 CREATE_HOME (boolean)
258 Indicate if a home directory should be created by default for new
259 users.
260 This setting does not apply to system users, and can be overriden
262 on the command line.
263 GID_MAX (number), GID_MIN (number)
265 Range of group IDs used for the creation of regular groups by
266 useradd, groupadd, or newusers.
267 MAIL_DIR (string)
269 The mail spool directory. This is needed to manipulate the mailbox
270 when its corresponding user account is modified or deleted. If not
271 specified, a compile-time default is used.
272 MAIL_FILE (string)
274 Defines the location of the users mail spool files relatively to
275 their home directory.
276 The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and
278 userdel to create, move, or delete the user´s mail spool.
279 If MAIL_CHECK_ENAB is set to yes, they are also used to define the MAIL
281 environment variable.
282 MAX_MEMBERS_PER_GROUP (number)
284 Maximum members per group entry. When the maximum is reached, a new
285 group entry (line) is started in /etc/group (with the same name,
286 same password, and same GID).
287 The default value is 0, meaning that there are no limits in the
289 number of members in a group.
290 This feature (split group) permits to limit the length of lines in
292 the group file. This is useful to make sure that lines for NIS
293 groups are not larger than 1024 characters.
294 If you need to enforce such limit, you can use 25.
296 Note: split groups may not be supported by all tools (even in the
298 Shadow toolsuite). You should not use this variable unless you
299 really need it.
300 PASS_MAX_DAYS (number)
302 The maximum number of days a password may be used. If the password
303 is older than this, a password change will be forced. If not
304 specified, -1 will be assumed (which disables the restriction).
305 PASS_MIN_DAYS (number)
307 The minimum number of days allowed between password changes. Any
308 password changes attempted sooner than this will be rejected. If
309 not specified, -1 will be assumed (which disables the restriction).
310 PASS_WARN_AGE (number)
312 The number of days warning given before a password expires. A zero
313 means warning is given only upon the day of expiration, a negative
314 value means no warning is given. If not specified, no warning will
315 be provided.
316 SYS_GID_MAX (number), SYS_GID_MIN (number)
318 Range of group IDs used for the creation of system groups by
319 useradd, groupadd, or newusers.
320 SYS_UID_MAX (number), SYS_UID_MIN (number)
322 Range of user IDs used for the creation of system users by useradd
323 or newusers.
324 UID_MAX (number), UID_MIN (number)
326 Range of user IDs used for the creation of regular users by useradd
327 or newusers.
328 UMASK (number)
330 The file mode creation mask is initialized to this value. If not
331 specified, the mask will be initialized to 022.
332 useradd and newusers use this mask to set the mode of the home
335 directory they create
336 It is also used by login to define users´ initial umask. Note that
338 this mask can be overriden by the user´s GECOS line (if QUOTAS_ENAB
339 is set) or by the specification of a limit with the K identifier in
340 limits(5).
341 USERGROUPS_ENAB (boolean)
343 Enable setting of the umask group bits to be the same as owner bits
344 (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid
345 is the same as gid, and username is the same as the primary group
346 name.
347 If set to yes, userdel will remove the user´s group if it contains
349 no more members, and useradd will create by default a group with
350 the name of the user.
351
353 /etc/passwd
354 User account information.
355 /etc/shadow
357 Secure user account information.
358 /etc/group
360 Group account information.
361 /etc/gshadow
363 Secure group account information.
364 /etc/default/useradd
366 Default values for account creation.
367 /etc/skel/
369 Directory containing default files.
370 /etc/login.defs
372 Shadow password suite configuration.
373
375 The useradd command exits with the following values:
376 0
378 success
379 1
381 can´t update password file
382 2
384 invalid command syntax
385 3
387 invalid argument to option
388 4
390 UID already in use (and no -o)
391 6
393 specified group doesn´t exist
394 9
396 username already in use
397 10
399 can´t update group file
400 12
402 can´t create home directory
403 13
405 can´t create mail spool
406
408 chfn(1), chsh(1), passwd(1), crypt(3), groupadd(8), groupdel(8),
409 groupmod(8), login.defs(5), newusers(8), userdel(8), usermod(8).
410System Management Commands 07/24/2009 USERADD(8)