In this guide we are going to explore how to use useradd to manage users in Linux. useradd allows you to add users in linux with specific properties, limitations, or comments.
useradd command is a low-level utility that is used for adding/creating user accounts in Linux and other Unix-like operating systems.
Linux is a multi-user system, which means that more than one person can interact with the same system at the same time. These users needs to be created before they use the system.
When invoked, useradd creates a new user account according to the options specified on the command line and the default values set in the /etc/default/useradd file. useradd also reads the content of the /etc/login.defs file. This file contains configuration for the shadow password suite such as password expiration policy, ranges of user IDs used when creating system and regular users, and more.
Only root or users with sudo privileges can use the useradd command to create new user account. When invoked, useradd creates a new user account according to the options specified on the command line and the default values set in the /etc/default/useradd file.
- It edits /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files for the newly created user accounts.
- Creates and populates a home directory for the new user.
- Sets permissions and ownerships to the home directory.
# Table of Content
- Create a New User
- Add a New User and Create Home Directory
- Create a User with Different Home Directory
- User with a Specific User ID
- User with a Specific User ID
- Add a User to Multiple Groups
- User without Home Directory
- User with Account Expiry Date
- User with Password Expiry Date
- Adding Custom Comments to user
- Specifying a User Login Shell
- Creating a System User
- Chaining the arguments
- Changing the Default useradd Values
- Deleting a User From Linux
- Adding a Group in Linux
- Change User’s Group
# 1. Create a New User
Basic syntax of the useradd command is:
# sudo useradd [options] username
Example:
sudo useradd citizix
When we add a new user in Linux with the useradd command, it gets created in a locked state and to unlock that user account, we need to set a password for that account with the passwd command.
$ sudo passwd citizix
Changing password for user citizix.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
An entry is automatically added to the /etc/passwd file:
$ cat /etc/passwd | grep citizix
citizix:x:1001:1001::/home/citizix:/bin/bash
The fields in the /etc/passwd are separated by colon : and they represent the following:
- Username: User login name used to login into the system. It should be between 1 to 32 characters long.
- Password: User password (or x character) stored in /etc/shadow file in encrypted format.
- User ID (UID): Every user must have a User ID (UID) User Identification Number. By default, UID 0 is reserved for the root user and UID’s ranging from 1-99 are reserved for other predefined accounts. Further UID’s ranging from 100-999 are reserved for system accounts and groups.
- Group ID (GID): The primary Group ID (GID) Group Identification Number stored in the /etc/group file.
- User Info: This field is optional and allows you to define extra information about the user. For example, user full name. This field is filled by the ‘finger’ command.
- Home Directory: The absolute location of the user’s home directory.
- Shell: The absolute location of a user’s shell i.e. /bin/bash.
# 2. Add a New User and Create Home Directory
Use the -m (--create-home) option to create the user home directory as /home/username:
sudo useradd -m username
The command above creates the new user’s home directory and copies files from /etc/skel directory to the user’s home directory.
# 3. Create a User with Different Home Directory
By default, the useradd will create a home directory in with the same name as the username. To create a different home directory use the -d argument with the path to that directory.
This command creates home directory /opt/citizixone for user citizixone.
sudo useradd -d /opt/citizixone citizixone
Check in /etc/passwd
$ cat /etc/passwd | grep citizixone
citizixone:x:1002:1002::/opt/citizixone:/bin/bash
# 4. User with a Specific User ID
If you need to specify a user id for the user being created use the argument -u (--uid) like this:
sudo useradd -u 1009 citizix
# 5. Specific Group ID
To specify a group id, use the -g (--gid) option like in this example:
sudo useradd -g citizix citizixtwo
Verify the user’s GID with this command:
$ sudo id citizixtwo
uid=1003(citizixtwo) gid=1001(citizix) groups=1001(citizix)
$ cat /etc/passwd | grep citizixtwo
citizixtwo:x:1003:1001::/home/citizixtwo:/bin/bash
# 6. Add a User to Multiple Groups
If you want to add a user to multiple groups, use the -G (--groups) option like in this example:
Append the user citizix to groups admins, webadmin, developers:
sudo usermod -a -G admins,webadmin,developers citizix
Create a user citizixtwo adding it to groups admins, webadmin, developers:
sudo useradd -G admins,webadmin,developers citizix
Use these commands to verify that the users are added to the groups successfully:
sudo id citizix
sudo id citizixtwo
# 7. User without Home Directory
If you want to create a user without a home directory, use the -M option:
sudo useradd -M citizix
# 8. User with Account Expiry Date
Sometimes you want to create a user with expiry date. Use this command to create a user citizixfour that will expire on 2021-12-30:
sudo useradd -e 2021-12-30 citizixfour
To verify the age of the account and password use the chage command:
$ sudo chage -l citizixfour
Last password change : Oct 08, 2021
Password expires : never
Password inactive : never
Account expires : Dec 30, 2021
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
# 9. User with Password Expiry Date
The -f argument is used to define the number of days that the user is inactivated after a password expires. A value of `` inactivate the user account as soon as the password has expired. By default, the password expiry value set to -1 means never expire.
Here in this example, we will set an account password expiry date to be 45 days on a user citizixfive using -e and -f options.
sudo useradd -e 2021-12-30 -f 45 citizixfive
sudo chage -l citizixfive
# 10. Adding Custom Comments to user
The -c (--comment) option adds a short description for the new user. Typically the user’s full name or the contact information are added as a comment.
sudo useradd -c "Citizix User" citizixsix
Check the /etc/passwd
$ cat /etc/passwd | grep citizixsix
citizixsix:x:1006:1006:Citizix User:/home/citizixsix:/bin/bash
# 11. Specifying a User Login Shell
The -s (--shell) option is used to specify a login shell. We can either use one of the installed shells like /bin/bash or bin/zsh or for users who have nothing to do with the login shell we can do /sbin/nologin to specify that there is no login shell:
# Specify /bin/zsh
sudo useradd -s /bin/zsh citizix
# Specify no login
sudo useradd -s /sbin/nologin citizix# 12. Creating a System User
Sometimes we need System users that will be used by either the system or applications that we install in the system.
Use the -r (--system) argument to define a system user:
sudo useradd -r grafana
# 13. Chaining the arguments
We can also chain the arguments when creating a user.
Check this example creating a user while creating a specified home directory /var/www/citizix and defining a custom login shell /bin/zsh and adding a comment Citizix Web User:
sudo useradd -m -d /var/www/citizix -s /bin/zsh -c "Citizix Web User" -U citizix
# 14. Changing the Default useradd Values
The useradd defaults are stored in the file /etc/default/useradd.
Checkout content of /etc/default/useradd:
$ cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
You can also query them using the argument -D for useradd command:
$ sudo useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
To update or change these values, either edit the file or use the useradd -D passing the values.
Example changing the login shell from /bin/bash to /bin/zsh
sudo useradd -D -s /bin/zsh
Let’s verify that it was updated:
$ sudo useradd -D | grep -i shell
SHELL=/bin/zsh
# 15. Deleting a User From Linux
To delete a user, use the userdel command:
sudo userdel citizixfive
# 16. Adding a Group in Linux
To manually create a group, use the command.
This creates a group sftp-users in our system:
sudo groupadd sftp-users
Let us confirm that the group was created
$ sudo grep sftp-users /etc/group
sftp-users:x:1007:
Use the command -G for other groups (-G adds the user to a new group but also keeps them in the old one (append).
Use the id command to confirm
sudo id citizix
# 17. Change User’s Group
To create a user and change its primary group to the one specified, use the -g option:
sudo useradd -g citizix citizixseven
# Conclusion
We have explored how to do basic operations with the useradd commands. We managed to create users, add them to groups and modify them or delete them.
You can use the manpages to learn more about the useradd command:
man useradd
To check all options for the useradd, type the command in terminal with no option:
$ useradd
Usage: useradd [options] LOGIN
useradd -D
useradd -D [options]
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-D, --defaults print or change default useradd configuration
-e, --expiredate EXPIRE_DATE expiration date of the new account
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new
account
-G, --groups GROUPS list of supplementary groups of the new
account
-h, --help display this help message and exit
-k, --skel SKEL_DIR use this alternative skeleton directory
-K, --key KEY=VALUE override /etc/login.defs defaults
-l, --no-log-init do not add the user to the lastlog and
faillog databases
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-N, --no-user-group do not create a group with the same name as
the user
-o, --non-unique allow to create users with duplicate
(non-unique) UID
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-R, --root CHROOT_DIR directory to chroot into
-P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping