1USERADD(8) System Management Commands USERADD(8)
2
6 useradd - create a new user or update default new user information
7
9 useradd [options] LOGIN
10 useradd -D
12 useradd -D [options]
14
16 When invoked without the -D option, the useradd command creates a new
17 user account using the values specified on the command line plus the
18 default values from the system. Depending on command line options, the
19 useradd command will update system files and may also create the new
20 user's home directory and copy initial files.
21 By default, a group will also be created for the new user (see -g, -N,
23 -U, and USERGROUPS_ENAB).
24
26 The options which apply to the useradd command are:
27 -b, --base-dir BASE_DIR
29 The default base directory for the system if -d HOME_DIR is not
30 specified. BASE_DIR is concatenated with the account name to
31 define the home directory. If the -m option is not used, BASE_DIR
32 must exist.
33 If this option is not specified, useradd will use the base
35 directory specified by the HOME variable in /etc/default/useradd,
36 or /home by default.
37 -c, --comment COMMENT
39 Any text string. It is generally a short description of the login,
40 and is currently used as the field for the user's full name.
41 -d, --home-dir HOME_DIR
43 The new user will be created using HOME_DIR as the value for the
44 user's login directory. The default is to append the LOGIN name to
45 BASE_DIR and use that as the login directory name. The directory
46 HOME_DIR does not have to exist but will not be created if it is
47 missing.
48 -D, --defaults
50 See below, the subsection "Changing the default values".
51 -e, --expiredate EXPIRE_DATE
53 The date on which the user account will be disabled. The date is
54 specified in the format YYYY-MM-DD.
55 If not specified, useradd will use the default expiry date
57 specified by the EXPIRE variable in /etc/default/useradd, or an
58 empty string (no expiry) by default.
59 -f, --inactive INACTIVE
61 The number of days after a password expires until the account is
62 permanently disabled. A value of 0 disables the account as soon as
63 the password has expired, and a value of -1 disables the feature.
64 If not specified, useradd will use the default inactivity period
66 specified by the INACTIVE variable in /etc/default/useradd, or -1
67 by default.
68 -g, --gid GROUP
70 The group name or number of the user's initial login group. The
71 group name must exist. A group number must refer to an already
72 existing group.
73 If not specified, the behavior of useradd will depend on the
75 USERGROUPS_ENAB variable in /etc/login.defs. If this variable is
76 set to yes (or -U/--user-group is specified on the command line), a
77 group will be created for the user, with the same name as her
78 loginname. If the variable is set to no (or -N/--no-user-group is
79 specified on the command line), useradd will set the primary group
80 of the new user to the value specified by the GROUP variable in
81 /etc/default/useradd, or 100 by default.
82 -G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
84 A list of supplementary groups which the user is also a member of.
85 Each group is separated from the next by a comma, with no
86 intervening whitespace. The groups are subject to the same
87 restrictions as the group given with the -g option. The default is
88 for the user to belong only to the initial group.
89 -h, --help
91 Display help message and exit.
92 -k, --skel SKEL_DIR
94 The skeleton directory, which contains files and directories to be
95 copied in the user's home directory, when the home directory is
96 created by useradd.
97 This option is only valid if the -m (or --create-home) option is
99 specified.
100 If this option is not set, the skeleton directory is defined by the
102 SKEL variable in /etc/default/useradd or, by default, /etc/skel.
103 If possible, the ACLs and extended attributes are copied.
105 -K, --key KEY=VALUE
107 Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK,
108 PASS_MAX_DAYS and others).
109 Example: -K PASS_MAX_DAYS=-1 can be used when creating system
111 account to turn off password aging, even though system account has
112 no password at all. Multiple -K options can be specified, e.g.:
113 -K UID_MIN=100 -K UID_MAX=499
114 -l, --no-log-init
116 Do not add the user to the lastlog and faillog databases.
117 By default, the user's entries in the lastlog and faillog databases
119 are reset to avoid reusing the entry from a previously deleted
120 user.
121 -m, --create-home
123 Create the user's home directory if it does not exist. The files
124 and directories contained in the skeleton directory (which can be
125 defined with the -k option) will be copied to the home directory.
126 By default, if this option is not specified and CREATE_HOME is not
128 enabled, no home directories are created.
129 The directory where the user's home directory is created must exist
131 and have proper SELinux context and permissions. Otherwise the
132 user's home directory cannot be created or accessed.
133 -M, --no-create-home
135 Do no create the user's home directory, even if the system wide
136 setting from /etc/login.defs (CREATE_HOME) is set to yes.
137 -N, --no-user-group
139 Do not create a group with the same name as the user, but add the
140 user to the group specified by the -g option or by the GROUP
141 variable in /etc/default/useradd.
142 The default behavior (if the -g, -N, and -U options are not
144 specified) is defined by the USERGROUPS_ENAB variable in
145 /etc/login.defs.
146 -o, --non-unique
148 Allow the creation of a user account with a duplicate (non-unique)
149 UID.
150 This option is only valid in combination with the -u option.
152 -p, --password PASSWORD
154 The encrypted password, as returned by crypt(3). The default is to
155 disable the password.
156 Note: This option is not recommended because the password (or
158 encrypted password) will be visible by users listing the processes.
159 You should make sure the password respects the system's password
161 policy.
162 -r, --system
164 Create a system account.
165 System users will be created with no aging information in
167 /etc/shadow, and their numeric identifiers are chosen in the
168 SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead
169 of UID_MIN-UID_MAX (and their GID counterparts for the creation of
170 groups).
171 Note that useradd will not create a home directory for such a user,
173 regardless of the default setting in /etc/login.defs (CREATE_HOME).
174 You have to specify the -m options if you want a home directory for
175 a system account to be created.
176 -R, --root CHROOT_DIR
178 Apply changes in the CHROOT_DIR directory and use the configuration
179 files from the CHROOT_DIR directory.
180 -P, --prefix PREFIX_DIR
182 Apply changes in the PREFIX_DIR directory and use the configuration
183 files from the PREFIX_DIR directory. This option does not chroot
184 and is intended for preparing a cross-compilation target. Some
185 limitations: NIS and LDAP users/groups are not verified. PAM
186 authentication is using the host files. No SELINUX support.
187 -s, --shell SHELL
189 The name of the user's login shell. The default is to leave this
190 field blank, which causes the system to select the default login
191 shell specified by the SHELL variable in /etc/default/useradd, or
192 an empty string by default.
193 -u, --uid UID
195 The numerical value of the user's ID. This value must be unique,
196 unless the -o option is used. The value must be non-negative. The
197 default is to use the smallest ID value greater than or equal to
198 UID_MIN and greater than every other user.
199 See also the -r option and the UID_MAX description.
201 -U, --user-group
203 Create a group with the same name as the user, and add the user to
204 this group.
205 The default behavior (if the -g, -N, and -U options are not
207 specified) is defined by the USERGROUPS_ENAB variable in
208 /etc/login.defs.
209 -Z, --selinux-user SEUSER
211 The SELinux user for the user's login. The default is to leave this
212 field blank, which causes the system to select the default SELinux
213 user.
214 Changing the default values
216 When invoked with only the -D option, useradd will display the current
217 default values. When invoked with -D plus other options, useradd will
218 update the default values for the specified options. Valid
219 default-changing options are:
220 -b, --base-dir BASE_DIR
222 The path prefix for a new user's home directory. The user's name
223 will be affixed to the end of BASE_DIR to form the new user's home
224 directory name, if the -d option is not used when creating a new
225 account.
226 This option sets the HOME variable in /etc/default/useradd.
228 -e, --expiredate EXPIRE_DATE
230 The date on which the user account is disabled.
231 This option sets the EXPIRE variable in /etc/default/useradd.
233 -f, --inactive INACTIVE
235 The number of days after a password has expired before the account
236 will be disabled.
237 This option sets the INACTIVE variable in /etc/default/useradd.
239 -g, --gid GROUP
241 The group name or ID for a new user's initial group (when the
242 -N/--no-user-group is used or when the USERGROUPS_ENAB variable is
243 set to no in /etc/login.defs). The named group must exist, and a
244 numerical group ID must have an existing entry.
245 This option sets the GROUP variable in /etc/default/useradd.
247 -s, --shell SHELL
249 The name of a new user's login shell.
250 This option sets the SHELL variable in /etc/default/useradd.
252
254 The system administrator is responsible for placing the default user
255 files in the /etc/skel/ directory (or any other skeleton directory
256 specified in /etc/default/useradd or on the command line).
257
259 You may not add a user to a NIS or LDAP group. This must be performed
260 on the corresponding server.
261 Similarly, if the username already exists in an external user database
263 such as NIS or LDAP, useradd will deny the user account creation
264 request.
265 Usernames may contain only lower and upper case letters, digits,
267 underscores, or dashes. They can end with a dollar sign. Dashes are not
268 allowed at the beginning of the username. Fully numeric usernames and
269 usernames . or .. are also disallowed. It is not recommended to use
270 usernames beginning with . character as their home directories will be
271 hidden in the ls output. In regular expression terms:
272 [a-zA-Z0-9_.][a-zA-Z0-9_.-]*[$]?
273 Usernames may only be up to 32 characters long.
275
277 The following configuration variables in /etc/login.defs change the
278 behavior of this tool:
279 CREATE_HOME (boolean)
281 Indicate if a home directory should be created by default for new
282 users.
283 This setting does not apply to system users, and can be overridden
285 on the command line.
286 GID_MAX (number), GID_MIN (number)
288 Range of group IDs used for the creation of regular groups by
289 useradd, groupadd, or newusers.
290 The default value for GID_MIN (resp. GID_MAX) is 1000 (resp.
292 60000).
293 MAIL_DIR (string)
295 The mail spool directory. This is needed to manipulate the mailbox
296 when its corresponding user account is modified or deleted. If not
297 specified, a compile-time default is used.
298 MAIL_FILE (string)
300 Defines the location of the users mail spool files relatively to
301 their home directory.
302 The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and
304 userdel to create, move, or delete the user's mail spool.
305 If MAIL_CHECK_ENAB is set to yes, they are also used to define the MAIL
307 environment variable.
308 MAX_MEMBERS_PER_GROUP (number)
310 Maximum members per group entry. When the maximum is reached, a new
311 group entry (line) is started in /etc/group (with the same name,
312 same password, and same GID).
313 The default value is 0, meaning that there are no limits in the
315 number of members in a group.
316 This feature (split group) permits to limit the length of lines in
318 the group file. This is useful to make sure that lines for NIS
319 groups are not larger than 1024 characters.
320 If you need to enforce such limit, you can use 25.
322 Note: split groups may not be supported by all tools (even in the
324 Shadow toolsuite). You should not use this variable unless you
325 really need it.
326 PASS_MAX_DAYS (number)
328 The maximum number of days a password may be used. If the password
329 is older than this, a password change will be forced. If not
330 specified, -1 will be assumed (which disables the restriction).
331 PASS_MIN_DAYS (number)
333 The minimum number of days allowed between password changes. Any
334 password changes attempted sooner than this will be rejected. If
335 not specified, -1 will be assumed (which disables the restriction).
336 PASS_WARN_AGE (number)
338 The number of days warning given before a password expires. A zero
339 means warning is given only upon the day of expiration, a negative
340 value means no warning is given. If not specified, no warning will
341 be provided.
342 SUB_GID_MIN (number), SUB_GID_MAX (number), SUB_GID_COUNT (number)
344 If /etc/subuid exists, the commands useradd and newusers (unless
345 the user already have subordinate group IDs) allocate SUB_GID_COUNT
346 unused group IDs from the range SUB_GID_MIN to SUB_GID_MAX for each
347 new user.
348 The default values for SUB_GID_MIN, SUB_GID_MAX, SUB_GID_COUNT are
350 respectively 100000, 600100000 and 65536.
351 SUB_UID_MIN (number), SUB_UID_MAX (number), SUB_UID_COUNT (number)
353 If /etc/subuid exists, the commands useradd and newusers (unless
354 the user already have subordinate user IDs) allocate SUB_UID_COUNT
355 unused user IDs from the range SUB_UID_MIN to SUB_UID_MAX for each
356 new user.
357 The default values for SUB_UID_MIN, SUB_UID_MAX, SUB_UID_COUNT are
359 respectively 100000, 600100000 and 65536.
360 SYS_GID_MAX (number), SYS_GID_MIN (number)
362 Range of group IDs used for the creation of system groups by
363 useradd, groupadd, or newusers.
364 The default value for SYS_GID_MIN (resp. SYS_GID_MAX) is 101
366 (resp. GID_MIN-1).
367 SYS_UID_MAX (number), SYS_UID_MIN (number)
369 Range of user IDs used for the creation of system users by useradd
370 or newusers.
371 The default value for SYS_UID_MIN (resp. SYS_UID_MAX) is 101
373 (resp. UID_MIN-1).
374 UID_MAX (number), UID_MIN (number)
376 Range of user IDs used for the creation of regular users by useradd
377 or newusers.
378 The default value for UID_MIN (resp. UID_MAX) is 1000 (resp.
380 60000).
381 UMASK (number)
383 The file mode creation mask is initialized to this value. If not
384 specified, the mask will be initialized to 022.
385 useradd and newusers use this mask to set the mode of the home
387 directory they create
388 It is also used by login to define users' initial umask. Note that
390 this mask can be overridden by the user's GECOS line (if
391 QUOTAS_ENAB is set) or by the specification of a limit with the K
392 identifier in limits(5).
393 USERGROUPS_ENAB (boolean)
395 Enable setting of the umask group bits to be the same as owner bits
396 (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid
397 is the same as gid, and username is the same as the primary group
398 name.
399 If set to yes, userdel will remove the user's group if it contains
401 no more members, and useradd will create by default a group with
402 the name of the user.
403
405 /etc/passwd
406 User account information.
407 /etc/shadow
409 Secure user account information.
410 /etc/group
412 Group account information.
413 /etc/gshadow
415 Secure group account information.
416 /etc/default/useradd
418 Default values for account creation.
419 /etc/skel/
421 Directory containing default files.
422 /etc/subgid
424 Per user subordinate group IDs.
425 /etc/subuid
427 Per user subordinate user IDs.
428 /etc/login.defs
430 Shadow password suite configuration.
431
433 The useradd command exits with the following values:
434 0
436 success
437 1
439 can't update password file
440 2
442 invalid command syntax
443 3
445 invalid argument to option
446 4
448 UID already in use (and no -o)
449 6
451 specified group doesn't exist
452 9
454 username already in use
455 10
457 can't update group file
458 12
460 can't create home directory
461 14
463 can't update SELinux user mapping
464
466 chfn(1), chsh(1), passwd(1), crypt(3), groupadd(8), groupdel(8),
467 groupmod(8), login.defs(5), newusers(8), subgid(5), subuid(5),
468 userdel(8), usermod(8).
469shadow-utils 4.6 02/02/2019 USERADD(8)