How to manage users with useradd in linux

In this guide we are going to explore how to use useradd to manage users in Linux. useradd allows you to add users in linux with specific properties, limitations, or comments.

useradd command is a low-level utility that is used for adding/creating user accounts in Linux and other Unix-like operating systems.

Linux is a multi-user system, which means that more than one person can interact with the same system at the same time. These users needs to be created before they use the system.

When invoked, useradd creates a new user account according to the options specified on the command line and the default values set in the /etc/default/useradd file. useradd also reads the content of the /etc/login.defs file. This file contains configuration for the shadow password suite such as password expiration policy, ranges of user IDs used when creating system and regular users, and more.

Only root or users with sudo privileges can use the useradd command to create new user account. When invoked, useradd creates a new user account according to the options specified on the command line and the default values set in the /etc/default/useradd file.

It edits /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files for the newly created user accounts.
Creates and populates a home directory for the new user.
Sets permissions and ownerships to the home directory.

Table of Content

Create a New User
Add a New User and Create Home Directory
Create a User with Different Home Directory
User with a Specific User ID
User with a Specific User ID
Add a User to Multiple Groups
User without Home Directory
User with Account Expiry Date
User with Password Expiry Date
Adding Custom Comments to user
Specifying a User Login Shell
Creating a System User
Chaining the arguments
Changing the Default useradd Values
Deleting a User From Linux
Adding a Group in Linux
Change User’s Group

1. Create a New User

Basic syntax of the useradd command is:

# sudo useradd [options] username

Example:

sudo useradd citizix

When we add a new user in Linux with the useradd command, it gets created in a locked state and to unlock that user account, we need to set a password for that account with the passwd command.

$ sudo passwd citizix
Changing password for user citizix.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

An entry is automatically added to the /etc/passwd file:

$ cat /etc/passwd | grep citizix
citizix:x:1001:1001::/home/citizix:/bin/bash

The fields in the /etc/passwd are separated by colon : and they represent the following:

Username: User login name used to login into the system. It should be between 1 to 32 characters long.
Password: User password (or x character) stored in /etc/shadow file in encrypted format.
User ID (UID): Every user must have a User ID (UID) User Identification Number. By default, UID 0 is reserved for the root user and UID’s ranging from 1-99 are reserved for other predefined accounts. Further UID’s ranging from 100-999 are reserved for system accounts and groups.
Group ID (GID): The primary Group ID (GID) Group Identification Number stored in the /etc/group file.
User Info: This field is optional and allows you to define extra information about the user. For example, user full name. This field is filled by the ‘finger’ command.
Home Directory: The absolute location of the user’s home directory.
Shell: The absolute location of a user’s shell i.e. /bin/bash.

2. Add a New User and Create Home Directory

Use the -m (--create-home) option to create the user home directory as /home/username:

sudo useradd -m username

The command above creates the new user’s home directory and copies files from /etc/skel directory to the user’s home directory.

3. Create a User with Different Home Directory

By default, the useradd will create a home directory in with the same name as the username. To create a different home directory use the -d argument with the path to that directory.

This command creates home directory /opt/citizixone for user citizixone.

sudo useradd -d /opt/citizixone citizixone

Check in /etc/passwd

$ cat /etc/passwd | grep citizixone
citizixone:x:1002:1002::/opt/citizixone:/bin/bash

4. User with a Specific User ID

If you need to specify a user id for the user being created use the argument -u (--uid) like this:

sudo useradd -u 1009 citizix

5. Specific Group ID

To specify a group id, use the -g (--gid) option like in this example:

sudo useradd -g citizix citizixtwo

Verify the user’s GID with this command:

$ sudo id citizixtwo
uid=1003(citizixtwo) gid=1001(citizix) groups=1001(citizix)

$ cat /etc/passwd | grep citizixtwo
citizixtwo:x:1003:1001::/home/citizixtwo:/bin/bash

6. Add a User to Multiple Groups

If you want to add a user to multiple groups, use the -G (--groups) option like in this example:

Append the user citizix to groups admins, webadmin, developers:

sudo usermod -a -G admins,webadmin,developers citizix

Create a user citizixtwo adding it to groups admins, webadmin, developers:

sudo useradd -G admins,webadmin,developers citizix

Use these commands to verify that the users are added to the groups successfully:

sudo id citizix
sudo id citizixtwo

7. User without Home Directory

If you want to create a user without a home directory, use the -M option:

sudo useradd -M citizix

8. User with Account Expiry Date

Sometimes you want to create a user with expiry date. Use this command to create a user citizixfour that will expire on 2021-12-30:

sudo useradd -e 2021-12-30 citizixfour

To verify the age of the account and password use the chage command:

$ sudo chage -l citizixfour
Last password change                    : Oct 08, 2021
Password expires                    : never
Password inactive                   : never
Account expires                     : Dec 30, 2021
Minimum number of days between password change      : 0
Maximum number of days between password change      : 99999
Number of days of warning before password expires   : 7

9. User with Password Expiry Date

The -f argument is used to define the number of days that the user is inactivated after a password expires. A value of `` inactivate the user account as soon as the password has expired. By default, the password expiry value set to -1 means never expire.

Here in this example, we will set an account password expiry date to be 45 days on a user citizixfive using -e and -f options.

sudo useradd -e 2021-12-30 -f 45 citizixfive
sudo chage -l citizixfive

10. Adding Custom Comments to user

The -c (--comment) option adds a short description for the new user. Typically the user’s full name or the contact information are added as a comment.

sudo useradd -c "Citizix User" citizixsix

Check the /etc/passwd

$ cat /etc/passwd | grep citizixsix
citizixsix:x:1006:1006:Citizix User:/home/citizixsix:/bin/bash

The -s (--shell) option is used to specify a login shell. We can either use one of the installed shells like /bin/bash or bin/zsh or for users who have nothing to do with the login shell we can do /sbin/nologin to specify that there is no login shell:

# Specify /bin/zsh
sudo useradd -s /bin/zsh citizix

# Specify no login
sudo useradd -s /sbin/nologin citizix

12. Creating a System User

Sometimes we need System users that will be used by either the system or applications that we install in the system.
Use the -r (--system) argument to define a system user:

sudo useradd -r grafana

13. Chaining the arguments

We can also chain the arguments when creating a user.

Check this example creating a user while creating a specified home directory /var/www/citizix and defining a custom login shell /bin/zsh and adding a comment Citizix Web User:

sudo useradd -m -d /var/www/citizix -s /bin/zsh -c "Citizix Web User" -U citizix

14. Changing the Default useradd Values

The useradd defaults are stored in the file /etc/default/useradd.

Checkout content of /etc/default/useradd:

$ cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

You can also query them using the argument -D for useradd command:

$ sudo useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

To update or change these values, either edit the file or use the useradd -D passing the values.

Example changing the login shell from /bin/bash to /bin/zsh

sudo useradd -D -s /bin/zsh

Let’s verify that it was updated:

$ sudo useradd -D | grep -i shell
SHELL=/bin/zsh

15. Deleting a User From Linux

To delete a user, use the userdel command:

sudo userdel citizixfive

16. Adding a Group in Linux

To manually create a group, use the command.

This creates a group sftp-users in our system:

sudo groupadd sftp-users

Let us confirm that the group was created

$ sudo grep sftp-users /etc/group
sftp-users:x:1007:

Use the command -G for other groups (-G adds the user to a new group but also keeps them in the old one (append).

Use the id command to confirm

sudo id citizix

17. Change User’s Group

To create a user and change its primary group to the one specified, use the -g option:

sudo useradd -g citizix citizixseven

Conclusion

We have explored how to do basic operations with the useradd commands. We managed to create users, add them to groups and modify them or delete them.

You can use the manpages to learn more about the useradd command:

man useradd

To check all options for the useradd, type the command in terminal with no option:

$ useradd
Usage: useradd [options] LOGIN
       useradd -D
       useradd -D [options]

Options:
  -b, --base-dir BASE_DIR       base directory for the home directory of the
                                new account
  -c, --comment COMMENT         GECOS field of the new account
  -d, --home-dir HOME_DIR       home directory of the new account
  -D, --defaults                print or change default useradd configuration
  -e, --expiredate EXPIRE_DATE  expiration date of the new account
  -f, --inactive INACTIVE       password inactivity period of the new account
  -g, --gid GROUP               name or ID of the primary group of the new
                                account
  -G, --groups GROUPS           list of supplementary groups of the new
                                account
  -h, --help                    display this help message and exit
  -k, --skel SKEL_DIR           use this alternative skeleton directory
  -K, --key KEY=VALUE           override /etc/login.defs defaults
  -l, --no-log-init             do not add the user to the lastlog and
                                faillog databases
  -m, --create-home             create the user&#039;s home directory
  -M, --no-create-home          do not create the user&#039;s home directory
  -N, --no-user-group           do not create a group with the same name as
                                the user
  -o, --non-unique              allow to create users with duplicate
                                (non-unique) UID
  -p, --password PASSWORD       encrypted password of the new account
  -r, --system                  create a system account
  -R, --root CHROOT_DIR         directory to chroot into
  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files
  -s, --shell SHELL             login shell of the new account
  -u, --uid UID                 user ID of the new account
  -U, --user-group              create a group with the same name as the user
  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping