In this guide we are going to explore how to use
useradd to manage users in Linux.
useradd allows you to add users in linux with specific properties, limitations, or comments.
useradd command is a low-level utility that is used for adding/creating user accounts in Linux and other Unix-like operating systems.
Linux is a multi-user system, which means that more than one person can interact with the same system at the same time. These users needs to be created before they use the system.
useradd creates a new user account according to the options specified on the command line and the default values set in the
useradd also reads the content of the
/etc/login.defs file. This file contains configuration for the shadow password suite such as password expiration policy, ranges of user IDs used when creating system and regular users, and more.
Only root or users with sudo privileges can use the useradd command to create new user account. When invoked, useradd creates a new user account according to the options specified on the command line and the default values set in the
- It edits /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files for the newly created user accounts.
- Creates and populates a home directory for the new user.
- Sets permissions and ownerships to the home directory.
Table of Content
- Create a New User
- Add a New User and Create Home Directory
- Create a User with Different Home Directory
- User with a Specific User ID
- User with a Specific User ID
- Add a User to Multiple Groups
- User without Home Directory
- User with Account Expiry Date
- User with Password Expiry Date
- Adding Custom Comments to user
- Specifying a User Login Shell
- Creating a System User
- Chaining the arguments
- Changing the Default useradd Values
- Deleting a User From Linux
- Adding a Group in Linux
- Change User’s Group
1. Create a New User
Basic syntax of the useradd command is:
# sudo useradd [options] username
sudo useradd citizix
When we add a new user in Linux with the useradd command, it gets created in a locked state and to unlock that user account, we need to set a password for that account with the passwd command.
$ sudo passwd citizix Changing password for user citizix. New password: Retype new password: passwd: all authentication tokens updated successfully.
An entry is automatically added to the /etc/passwd file:
$ cat /etc/passwd | grep citizix citizix:x:1001:1001::/home/citizix:/bin/bash
The fields in the
/etc/passwd are separated by colon
: and they represent the following:
- Username: User login name used to login into the system. It should be between 1 to 32 characters long.
- Password: User password (or x character) stored in /etc/shadow file in encrypted format.
- User ID (UID): Every user must have a User ID (UID) User Identification Number. By default, UID 0 is reserved for the root user and UID’s ranging from 1-99 are reserved for other predefined accounts. Further UID’s ranging from 100-999 are reserved for system accounts and groups.
- Group ID (GID): The primary Group ID (GID) Group Identification Number stored in the /etc/group file.
- User Info: This field is optional and allows you to define extra information about the user. For example, user full name. This field is filled by the ‘finger’ command.
- Home Directory: The absolute location of the user’s home directory.
- Shell: The absolute location of a user’s shell i.e. /bin/bash.
2. Add a New User and Create Home Directory
--create-home) option to create the user home directory as
sudo useradd -m username
The command above creates the new user’s home directory and copies files from
/etc/skel directory to the user’s home directory.
3. Create a User with Different Home Directory
By default, the useradd will create a home directory in with the same name as the username. To create a different home directory use the
-d argument with the path to that directory.
This command creates home directory
/opt/citizixone for user citizixone.
sudo useradd -d /opt/citizixone citizixone
$ cat /etc/passwd | grep citizixone citizixone:x:1002:1002::/opt/citizixone:/bin/bash
4. User with a Specific User ID
If you need to specify a user id for the user being created use the argument
--uid) like this:
sudo useradd -u 1009 citizix
5. Specific Group ID
To specify a group id, use the
--gid) option like in this example:
sudo useradd -g citizix citizixtwo
Verify the user’s GID with this command:
$ sudo id citizixtwo uid=1003(citizixtwo) gid=1001(citizix) groups=1001(citizix) $ cat /etc/passwd | grep citizixtwo citizixtwo:x:1003:1001::/home/citizixtwo:/bin/bash
6. Add a User to Multiple Groups
If you want to add a user to multiple groups, use the
--groups) option like in this example:
Append the user
citizix to groups
sudo usermod -a -G admins,webadmin,developers citizix
Create a user
citizixtwo adding it to groups
sudo useradd -G admins,webadmin,developers citizix
Use these commands to verify that the users are added to the groups successfully:
sudo id citizix sudo id citizixtwo
7. User without Home Directory
If you want to create a user without a home directory, use the
sudo useradd -M citizix
8. User with Account Expiry Date
Sometimes you want to create a user with expiry date. Use this command to create a user
citizixfour that will expire on
sudo useradd -e 2021-12-30 citizixfour
To verify the age of the account and password use the
$ sudo chage -l citizixfour Last password change : Oct 08, 2021 Password expires : never Password inactive : never Account expires : Dec 30, 2021 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
9. User with Password Expiry Date
-f argument is used to define the number of days that the user is inactivated after a password expires. A value of
0 inactivate the user account as soon as the password has expired. By default, the password expiry value set to
-1 means never expire.
Here in this example, we will set an account password expiry date to be
45 days on a user
sudo useradd -e 2021-12-30 -f 45 citizixfive sudo chage -l citizixfive
10. Adding Custom Comments to user
--comment) option adds a short description for the new user. Typically the user’s full name or the contact information are added as a comment.
sudo useradd -c "Citizix User" citizixsix
$ cat /etc/passwd | grep citizixsix citizixsix:x:1006:1006:Citizix User:/home/citizixsix:/bin/bash
11. Specifying a User Login Shell
--shell) option is used to specify a login shell. We can either use one of the installed shells like
bin/zsh or for users who have nothing to do with the login shell we can do
/sbin/nologin to specify that there is no login shell:
# Specify /bin/zsh sudo useradd -s /bin/zsh citizix # Specify no login sudo useradd -s /sbin/nologin citizix
12. Creating a System User
Sometimes we need System users that will be used by either the system or applications that we install in the system.
--system) argument to define a system user:
sudo useradd -r grafana
13. Chaining the arguments
We can also chain the arguments when creating a user.
Check this example creating a user while creating a specified home directory
/var/www/citizix and defining a custom login shell
/bin/zsh and adding a comment
Citizix Web User:
sudo useradd -m -d /var/www/citizix -s /bin/zsh -c "Citizix Web User" -U citizix
14. Changing the Default useradd Values
useradd defaults are stored in the file
Checkout content of
$ cat /etc/default/useradd # useradd defaults file GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes
You can also query them using the argument
$ sudo useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes
To update or change these values, either edit the file or use the
useradd -D passing the values.
Example changing the login shell from
sudo useradd -D -s /bin/zsh
Let’s verify that it was updated:
$ sudo useradd -D | grep -i shell SHELL=/bin/zsh
15. Deleting a User From Linux
To delete a user, use the
sudo userdel citizixfive
16. Adding a Group in Linux
To manually create a group, use the command.
This creates a group
sftp-users in our system:
sudo groupadd sftp-users
Let us confirm that the group was created
$ sudo grep sftp-users /etc/group sftp-users:x:1007:
Use the command
-G for other groups (
-G adds the user to a new group but also keeps them in the old one (append).
id command to confirm
sudo id citizix
17. Change User’s Group
To create a user and change its primary group to the one specified, use the
sudo useradd -g citizix citizixseven
We have explored how to do basic operations with the
useradd commands. We managed to create users, add them to groups and modify them or delete them.
You can use the manpages to learn more about the useradd command:
To check all options for the useradd, type the command in terminal with no option:
$ useradd Usage: useradd [options] LOGIN useradd -D useradd -D [options] Options: -b, --base-dir BASE_DIR base directory for the home directory of the new account -c, --comment COMMENT GECOS field of the new account -d, --home-dir HOME_DIR home directory of the new account -D, --defaults print or change default useradd configuration -e, --expiredate EXPIRE_DATE expiration date of the new account -f, --inactive INACTIVE password inactivity period of the new account -g, --gid GROUP name or ID of the primary group of the new account -G, --groups GROUPS list of supplementary groups of the new account -h, --help display this help message and exit -k, --skel SKEL_DIR use this alternative skeleton directory -K, --key KEY=VALUE override /etc/login.defs defaults -l, --no-log-init do not add the user to the lastlog and faillog databases -m, --create-home create the user's home directory -M, --no-create-home do not create the user's home directory -N, --no-user-group do not create a group with the same name as the user -o, --non-unique allow to create users with duplicate (non-unique) UID -p, --password PASSWORD encrypted password of the new account -r, --system create a system account -R, --root CHROOT_DIR directory to chroot into -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files -s, --shell SHELL login shell of the new account -u, --uid UID user ID of the new account -U, --user-group create a group with the same name as the user -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping