useradd Command : Create Users in Linux (The Complete Guide)

Balamukunda Sahu

10 months ago

Today you will learn how to create users in Linux using the useradd command.

As a Linux administrator, it is your responsibility to create users and groups, manage password policy and its aging, look at account expiries, and so on.

I believe that user and group management is one of the tasks that a Linux administrator has to do every day, that is why he has to have complete knowledge of commands like useradd, usermod, userdel, groupadd, gpasswd, id Command, and so on.

Suggested Read: How to use the id command in Linux

In this article, I am explaining the complete features of the useradd command and in future articles, I will publish the article above other user and group management commands.

So let’s get to the topic.

Linux is a multipurpose operating system. This means that you can log in with as many users as you want and do your work.

Key features of useradd command:

Create new users
Set Specific User ID (UID) and Group ID (GID)
Can set specific expiry date
Change default user configuration
Create a new user with a changed Home Directory
Create a new user without Home Directory
Add user to multiple Secondary/Supplementary groups
Create a new user with Specific Login Shell
Can set custom comments

First of all, let’s focus on some of the most important options that we can use with the useradd.

Options	Explanation
-c --comment	Create a new user with Custom Comment
-d --home-dir	home directory of the new account
-D, --defaults	Print or change default useradd configuration
-e, --expiredate	Expiration date of the new account
-g, --gid	Name or ID of the primary group of the new account
-G, --groups	List of supplementary groups of the new account
-m, --create-home	Create the user's home directory
-M, --no-create-home	Do not create the user's home directory
-r, --system	Create a system account
-s, --shell	Login shell of the new account
-u, --uid	User ID of the new account
--help	Display help page of useradd Command.

Syntax:

You must follow the syntax given below to use the useradd command.

useradd [OPTIONS] USERNAME

1. How to create a New User

To create a new user in Linux you can run the useradd or adduser command.

Note: You have to run the useradd command as a root user because upon running this command, it makes changes to the following important configuration files whose owner is root.

/etc/passwd
/etc/shadow
/etc/gshadow
/etc/group

Here in this example, I am creating a user named user1.

~$ sudo useradd user1

The Linux operating system does not allow the user to login into the system without a password and the user remains disabled until you set the user’s password.

Type the following command to set a user’s password.

~$ sudo passwd user1
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

As soon as the user is successfully created, some entries occur in the /etc/passwd and /etc/shadow files, which is very important for any administrator to understand.

Let’s try to understand both these files.

Explaining /etc/passwd:

As I told you, each user’s entry resides in the /etc/passwd and /etc/shadow files.

A user’s entry in the /etc/passwd file is something like this.

It contains the seven most important pieces of information related to the user and they are separated by a colon(:).

user1:x:1014:1017:Balamukunda N. Sahu:/home/user1:/bin/sh

user1 – Username
x – Encrypted Password
1014 – User ID (UID)
1017 – Group ID (GID)
Balamukunda N. Sahu – This field is reserved for any comments related to the user for example Name, Mobile Number, etc.
/home/user1 – Home Directory
/bin/sh – Shell

Explaining /etc/shadow:

Similarly, the user’s entry in the /etc/shadow file is something like this.

It contains eight most important information related to the account and password policy. Each detail is separated by a colon(:).

user1:$6$Pc5/I7cQ$PamAirk6pJJXRBkur3zBBa5jxiTvwFMSONBPkntHHKYTbeNd9EJRvdnzEJm4sOYqJnovr/8skSRgSCbKZrCpi1:18659:0:99999:7:::

user1 – Username
$6$Pc5/I7cQ$PamAirk6pJJXRBkur3zBBa5jxiTvwFMSONBPkntHHKYTbeNd9EJRvdnzEJm4sOYqJnovr/8skSRgSCbKZrCpi1 – Encrypted Password
18659 – (Last password change) – This is the date the password was last changed. In Linux for new user accounts an era date(1st Jan 1970) has been set from which days are counted.
0 – (Minimum password age) – This value means that Next time the user has to wait for so many days before changing the password. The default value here is 0. This means that the user can change the password at any time.
99999 – (Maximum password age) – User must change the password after these days. The default value here is 99999. This means that the user can change the password after 99999 days.
7 – (Warning period) – This value means that Password will expire after so many days and during these days the user will receive a warning message to change the password.
(Inactivity period) – The days are after the password expires and before the account becomes inactive.
(Account expiration date) – This is the day that the account was disabled. In Linux for new user accounts an era date(1st Jan 1970) has been set from which days are counted.
Reserved for future use.

2. Create a system account

To create a system account pass the -r to useradd command.

~$ useradd -r sysaccount

Whether you create a system user, regular user, or a group, for everyone login.defs have a defined ID range.

The UID range defined in /etc/login.defs for system accounts is: 100 – 999.

This means that when we create a new system user, the UID assigned to it will be from this range(100-999).

In this example, I created a system user named sysaccount. Type the following command to check the UID.

~$ id sysaccount
uid=974(sysaccount) gid=972(sysaccount) groups=972(sysaccount)

As you can see, it is UID 972 assigned to the user which is within the defined range.

3. Create a user with Unencrypted Password

Type the following command to create a new user with an unencrypted password.

~$ sudo useradd -p Syste@123 user13

Type the following command to check the result.

~$ sudo cat /etc/shadow | grep user13
user13:Syste@123:18658:0:99999:7:::

Caution: This option is not recommended.

4. Create a new user with a Specific User ID (UID)

In Linux by default, each user is assigned a unique numeric value called UID(User Identifier).

login.defs is one of those files from which the useradd command takes inputs to create new user accounts.

Which UID value to assign to a User.
What is the Maximum and Minimum UID limits?

This is all defined in the /etc/login.defs file. Have a look at the following details taken from the /etc/login.defs file.

# Min/max values for automatic uid selection in useradd
#
UID_MIN			 1000
UID_MAX			60000
# System accounts
#SYS_UID_MIN		  100
#SYS_UID_MAX		  999

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN			 1000
GID_MAX			60000
# System accounts
#SYS_GID_MIN		  100
#SYS_GID_MAX		  999

So as soon as we run the useradd command to create a new user, the next available UID is assigned by taking the reference from login.defs.

So to create a new user with a specific User ID(UID) pass the -u option to useradd command.

Here I am creating a user named user3 with UID 1003.

~$ sudo useradd -u 1003 user3

Type the following command to verify that the UID is set correctly.

~$ id user3
uid=1003(user3) gid=1003(user3) groups=1003(user3)

You can also run the following command to verify this.

~$ cat /etc/passwd | grep user3
user3:x:1003:1003::/home/user3:/bin/sh

5. Create a new user with a Specific Group ID (GID)

Similarly, each group is assigned a unique numeric value called GID (Group Identifier).

To create a new user with a specific Group ID(GID) pass the -g option to useradd command.

Here you can mention either GID number or group name. It’s up to you but make sure that the group you are referring to is available in the system.

Type the following command to check the available groups.

cat /etc/group

Here I am creating a user named user4 with GID 1004.

Method #1 (Mention GID number) :

~$ sudo useradd -g 1004 user4

Method #2 (Mention Group name):

~$ sudo useradd -g group1 user4

Type the following command to verify that the GID is set correctly.

~$ id user4
uid=1004(user4) gid=1004(group1) groups=1004(group1)

You can also run the following command to verify this.

~$ cat /etc/passwd | grep user4
user4:x:1004:1004::/home/user4:/bin/sh

Let’s take a scenario.

Task: Create a new user with a custom UID and GID.

Answer: Type the following command to complete the task. Here I am creating a user named user9 with custom UID 1009 and custom GID 1008.

~$ sudo useradd -u 1009 -g 1008 user9

Type the following command to check the result.

~$ id user9
uid=1009(user9) gid=1008(group5) groups=1008(group5)

6. Create a new user with Home Directory

There are many Linux distributions in which the user’s home directory is not created by default when running the useradd command.

So in such cases, you can create a home directory by passing the -m option to the useradd command.

~$ useradd -m user12

7. Create a new user with a changed Home Directory

By default, the useradd command creates the home directory of users in /home.

But if you want to set a different directory instead of the default home directory for some reason, then it is possible.

In this example, I am creating a user named user2 whose home directory will be /division/users.

~$ sudo useradd -d /division/users/ user2

To see if the home directory has changed, type the following command.

~$ cat /etc/passwd | grep user2
user2:x:1002:1002::/division/users/:/bin/sh

8. Create a new user without Home Directory

Sometimes due to some requirement, we have to create users without a home directory.

But when we create a user, the useradd command automatically creates the user’s home directory as CREATE_HOME yes is set by default in the login.defs file.

So we have to force the command to create a user account without a home directory.

For doing this pass the -M option to useradd command. Here is an example.

~$ useradd -M admin

Type the following command to check whether the home directory has been created or not.

~$ cd /home/admin
bash: cd: /home/admin: No such file or directory

9. Create a new User and add it to Multiple Groups

To add a user to multiple Secondary/Supplementary groups pass the -G option to useradd command.

Here in this example, I am creating a user named user5 and adding in groups named group1, group2, group3, group4.

~$ sudo useradd -G group1,group2,group3,group4 user5

Type the following command to check the result.

~$ id user5
uid=1005(user5) gid=1009(user5) groups=1009(user5),1004(group1),1005(group2),1006(group3),1007(group4)

10. Create a user account with a specific expiry date

To create a new user with a specific expiry date pass the -e option to useradd.

The date format you need to follow is YYYY-MM-DD.

In this example, I am creating a user named user10 with an expiration date of 2021-01-31.

~$ sudo useradd -e 2021-01-31 user10

Type the following command to check whether the expiry date is set.

~$ sudo chage -l user10
Last password change					: Jan 31, 2021
Password expires					: never
Password inactive					: never
Account expires						: Jan 31, 2021
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

There is another method by which we can do some advanced work related to this.

By using some syntax of /etc/login.defs configuration file we can enable features like password expire, system timeout, password change warning, etc.

Let’s take a Scenario.

Task: Create a new user with the following features:

Password must expire in 10 days
Allow password to be entered 4 times before system lock

~$ useradd -K LOGIN_RETRIES=4 -K PASS_MAX_DAYS=10 testuser

11. Create a new user with Custom Comment (Short Description)

Custom comment means a short description that you want to mention while creating a user, such as Full Name, Mobile Number, Address of the user, etc.

To create a new user with a custom comment pass the -c option to useradd.

In this example, I am creating a user named bmsahu and mentioning my Full Name in the custom comment.

~$ sudo useradd -c "Balamukunda N. Sahu" bmsahu

Type the following command to check whether the comment is set.

~$ cat /etc/passwd | grep bmsahu
bmsahu:x:1011:1014:Balamukunda N. Sahu:/home/bmsahu:/bin/sh

12. Create a new user with Specific Login Shell

When we create a new user, the useradd command refers to the /etc/default/useradd file for the default login shell settings.

You can create a new user with a specific login shell. To do so pass the -s option to usermod command.

In this example, I am creating a user named user12 with login shell /bin/dash.

~$ sudo useradd -s /bin/dash user12

Type the following command to check the result.

~$ cat /etc/passwd | grep user12
user12:x:1012:1015::/home/user12:/bin/dash

13. Change default useradd configuration

Some of the user’s default settings such as the user’s home directory, login shell, mail spool settings are all defined in the /etc/default/useradd file.

Type the following command to list the default user settings.

~$ useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

If you want to change these default settings you can. There are two methods to change this.

First, you can make changes by editing the /etc/default/useradd file directly or you can change through commands.

Here is the example:

Let’s change the login shell from /bin/bash to /bin/sh.

~$ useradd -D -s /bin/sh

Type the following command to check the result.

~$ useradd -D | grep -i shell
SHELL=/bin/sh

14. Create a new user with a password inactivity/expiry period

To create a new user with password expiry days pass the -f option to useradd.

In this example, I am creating a user named user50 whose password will expire in 30 days

~]# useradd -f 30 user50

We can check whether the password expiry days is set or not in the /etc/shadow file.

~$ cat /etc/shadow | grep user50
user50:!!:18660:0:99999:7:30::

Scenario

Let’s take a Scenario that will make your concept more clear.

Question: Create a new user with the following options :

Custom Comment
Specific UID and GID
Changed Home directory
Add user to multiple Secondary Groups
Specific expiry date
and Specific Login Shell

Answer:

Type the following command to complete the given task.

~$ useradd -u 1100 -g 1002 -c "Balamukunda N. Sahu" -G group1,group2,group3,group4,group5 -d /accounts/users/ -e 2021-02-02 -s /bin/bash user15

15. Help/Manual page access

Use the following commands to access the Manual Page/Help Page of useradd command.

~$ useradd --help

~$ man useradd

You can visit at following websites to get more information on useradd.

useradd man page

Conclusion

I hope you have learned something from this article and you may have found that useradd is a very important command in Linux.

I have tried my best to include all the features of useradd command in this guide.

Now I’d like to hear your thoughts.

Was this guide useful to you?

Or maybe you have some queries.

Have I not included any command in this guide?