Today you will learn how to create users in Linux using the useradd command.
As a Linux administrator, it is your responsibility to create users and groups, manage password policy and its aging, look at account expiries, and so on.
I believe that user and group management is one of the tasks that a Linux administrator has to do every day, that is why he has to have complete knowledge of commands like useradd
, usermod
, userdel
, groupadd
, gpasswd
, id
Command, and so on.
Suggested Read: How to use the id command in Linux
In this article, I am explaining the complete features of the useradd command and in future articles, I will publish the article above other user and group management commands.
So let’s get to the topic.
Linux is a multipurpose operating system. This means that you can log in with as many users as you want and do your work.
Key features of useradd command:
- Create new users
- Set Specific User ID (UID) and Group ID (GID)
- Can set specific expiry date
- Change default user configuration
- Create a new user with a changed Home Directory
- Create a new user without Home Directory
- Add user to multiple Secondary/Supplementary groups
- Create a new user with Specific Login Shell
- Can set custom comments
First of all, let’s focus on some of the most important options that we can use with the useradd
.
Options | Explanation |
---|---|
-c --comment | Create a new user with Custom Comment |
-d --home-dir | home directory of the new account |
-D, --defaults | Print or change default useradd configuration |
-e, --expiredate | Expiration date of the new account |
-g, --gid | Name or ID of the primary group of the new account |
-G, --groups | List of supplementary groups of the new account |
-m, --create-home | Create the user's home directory |
-M, --no-create-home | Do not create the user's home directory |
-r, --system | Create a system account |
-s, --shell | Login shell of the new account |
-u, --uid | User ID of the new account |
--help | Display help page of useradd Command. |
Syntax:
You must follow the syntax given below to use the useradd
command.
useradd [OPTIONS] USERNAME
1. How to create a New User
To create a new user in Linux you can run the useradd
or adduser
command.
Note: You have to run the useradd
command as a root user because upon running this command, it makes changes to the following important configuration files whose owner is root.
- /etc/passwd
- /etc/shadow
- /etc/gshadow
- /etc/group
Here in this example, I am creating a user named user1.
~$ sudo useradd user1
The Linux operating system does not allow the user to login into the system without a password and the user remains disabled until you set the user’s password.
Type the following command to set a user’s password.
~$ sudo passwd user1
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
As soon as the user is successfully created, some entries occur in the /etc/passwd
and /etc/shadow
files, which is very important for any administrator to understand.
Let’s try to understand both these files.
Explaining /etc/passwd:
As I told you, each user’s entry resides in the /etc/passwd
and /etc/shadow
files.
A user’s entry in the /etc/passwd
file is something like this.
It contains the seven most important pieces of information related to the user and they are separated by a colon(:
).
user1:x:1014:1017:Balamukunda N. Sahu:/home/user1:/bin/sh
user1
– Usernamex
– Encrypted Password1014
– User ID (UID)1017
– Group ID (GID)Balamukunda N. Sahu
– This field is reserved for any comments related to the user for example Name, Mobile Number, etc./home/user1
– Home Directory/bin/sh
– Shell
Explaining /etc/shadow:
Similarly, the user’s entry in the /etc/shadow
file is something like this.
It contains eight most important information related to the account and password policy. Each detail is separated by a colon(:
).
user1:$6$Pc5/I7cQ$PamAirk6pJJXRBkur3zBBa5jxiTvwFMSONBPkntHHKYTbeNd9EJRvdnzEJm4sOYqJnovr/8skSRgSCbKZrCpi1:18659:0:99999:7:::
user1
– Username$6$Pc5/I7cQ$PamAirk6pJJXRBkur3zBBa5jxiTvwFMSONBPkntHHKYTbeNd9EJRvdnzEJm4sOYqJnovr/8skSRgSCbKZrCpi1
– Encrypted Password18659
– (Last password change) – This is the date the password was last changed. In Linux for new user accounts an era date(1st Jan 1970) has been set from which days are counted.0
– (Minimum password age) – This value means that Next time the user has to wait for so many days before changing the password. The default value here is0
. This means that the user can change the password at any time.99999
– (Maximum password age) – User must change the password after these days. The default value here is99999
. This means that the user can change the password after99999
days.7
– (Warning period) – This value means that Password will expire after so many days and during these days the user will receive a warning message to change the password.- (Inactivity period) – The days are after the password expires and before the account becomes inactive.
- (Account expiration date) – This is the day that the account was disabled. In Linux for new user accounts an era date(1st Jan 1970) has been set from which days are counted.
- Reserved for future use.
2. Create a system account
To create a system account pass the -r
to useradd command.
~$ useradd -r sysaccount
Whether you create a system user, regular user, or a group, for everyone login.defs
have a defined ID range.
The UID range defined in /etc/login.defs
for system accounts is: 100
– 999
.
This means that when we create a new system user, the UID assigned to it will be from this range(100-999
).
In this example, I created a system user named sysaccount. Type the following command to check the UID.
~$ id sysaccount
uid=974(sysaccount) gid=972(sysaccount) groups=972(sysaccount)
As you can see, it is UID 972 assigned to the user which is within the defined range.
3. Create a user with Unencrypted Password
Type the following command to create a new user with an unencrypted password.
~$ sudo useradd -p Syste@123 user13
Type the following command to check the result.
~$ sudo cat /etc/shadow | grep user13
user13:Syste@123:18658:0:99999:7:::
Caution: This option is not recommended.
4. Create a new user with a Specific User ID (UID)
In Linux by default, each user is assigned a unique numeric value called UID(User Identifier).
login.defs
is one of those files from which the useradd command takes inputs to create new user accounts.
- Which UID value to assign to a User.
- What is the Maximum and Minimum UID limits?
This is all defined in the /etc/login.defs
file. Have a look at the following details taken from the /etc/login.defs
file.
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
#SYS_UID_MIN 100
#SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
#SYS_GID_MIN 100
#SYS_GID_MAX 999
So as soon as we run the useradd command to create a new user, the next available UID is assigned by taking the reference from login.defs
.
So to create a new user with a specific User ID(UID) pass the -u
option to useradd command.
Here I am creating a user named user3 with UID 1003
.
~$ sudo useradd -u 1003 user3
Type the following command to verify that the UID is set correctly.
~$ id user3
uid=1003(user3) gid=1003(user3) groups=1003(user3)
You can also run the following command to verify this.
~$ cat /etc/passwd | grep user3
user3:x:1003:1003::/home/user3:/bin/sh
5. Create a new user with a Specific Group ID (GID)
Similarly, each group is assigned a unique numeric value called GID (Group Identifier).
To create a new user with a specific Group ID(GID) pass the -g
option to useradd command.
Here you can mention either GID number or group name. It’s up to you but make sure that the group you are referring to is available in the system.
Type the following command to check the available groups.
cat /etc/group
Here I am creating a user named user4 with GID 1004
.
Method #1 (Mention GID number) :
~$ sudo useradd -g 1004 user4
Method #2 (Mention Group name):
~$ sudo useradd -g group1 user4
Type the following command to verify that the GID is set correctly.
~$ id user4
uid=1004(user4) gid=1004(group1) groups=1004(group1)
You can also run the following command to verify this.
~$ cat /etc/passwd | grep user4
user4:x:1004:1004::/home/user4:/bin/sh
Let’s take a scenario.
Task: Create a new user with a custom UID and GID.
Answer: Type the following command to complete the task. Here I am creating a user named user9 with custom UID 1009 and custom GID 1008.
~$ sudo useradd -u 1009 -g 1008 user9
Type the following command to check the result.
~$ id user9
uid=1009(user9) gid=1008(group5) groups=1008(group5)
6. Create a new user with Home Directory
There are many Linux distributions in which the user’s home directory is not created by default when running the useradd command.
So in such cases, you can create a home directory by passing the -m
option to the useradd
command.
~$ useradd -m user12
7. Create a new user with a changed Home Directory
By default, the useradd
command creates the home directory of users in /home.
But if you want to set a different directory instead of the default home directory for some reason, then it is possible.
In this example, I am creating a user named user2 whose home directory will be /division/users
.
~$ sudo useradd -d /division/users/ user2
To see if the home directory has changed, type the following command.
~$ cat /etc/passwd | grep user2
user2:x:1002:1002::/division/users/:/bin/sh
8. Create a new user without Home Directory
Sometimes due to some requirement, we have to create users without a home directory.
But when we create a user, the useradd command automatically creates the user’s home directory as CREATE_HOME yes
is set by default in the login.defs
file.
So we have to force the command to create a user account without a home directory.
For doing this pass the -M
option to useradd
command. Here is an example.
~$ useradd -M admin
Type the following command to check whether the home directory has been created or not.
~$ cd /home/admin
bash: cd: /home/admin: No such file or directory
9. Create a new User and add it to Multiple Groups
To add a user to multiple Secondary/Supplementary groups pass the -G
option to useradd command.
Here in this example, I am creating a user named user5 and adding in groups named group1, group2, group3, group4.
~$ sudo useradd -G group1,group2,group3,group4 user5
Type the following command to check the result.
~$ id user5
uid=1005(user5) gid=1009(user5) groups=1009(user5),1004(group1),1005(group2),1006(group3),1007(group4)
10. Create a user account with a specific expiry date
To create a new user with a specific expiry date pass the -e
option to useradd
.
The date format you need to follow is YYYY-MM-DD.
In this example, I am creating a user named user10 with an expiration date of 2021-01-31
.
~$ sudo useradd -e 2021-01-31 user10
Type the following command to check whether the expiry date is set.
~$ sudo chage -l user10
Last password change : Jan 31, 2021
Password expires : never
Password inactive : never
Account expires : Jan 31, 2021
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
There is another method by which we can do some advanced work related to this.
By using some syntax of /etc/login.defs
configuration file we can enable features like password expire, system timeout, password change warning, etc.
Let’s take a Scenario.
Task: Create a new user with the following features:
- Password must expire in 10 days
- Allow password to be entered 4 times before system lock
~$ useradd -K LOGIN_RETRIES=4 -K PASS_MAX_DAYS=10 testuser
11. Create a new user with Custom Comment (Short Description)
Custom comment means a short description that you want to mention while creating a user, such as Full Name, Mobile Number, Address of the user, etc.
To create a new user with a custom comment pass the -c
option to useradd
.
In this example, I am creating a user named bmsahu and mentioning my Full Name in the custom comment.
~$ sudo useradd -c "Balamukunda N. Sahu" bmsahu
Type the following command to check whether the comment is set.
~$ cat /etc/passwd | grep bmsahu
bmsahu:x:1011:1014:Balamukunda N. Sahu:/home/bmsahu:/bin/sh
12. Create a new user with Specific Login Shell
When we create a new user, the useradd command refers to the /etc/default/useradd
file for the default login shell settings.
You can create a new user with a specific login shell. To do so pass the -s
option to usermod
command.
In this example, I am creating a user named user12 with login shell /bin/dash
.
~$ sudo useradd -s /bin/dash user12
Type the following command to check the result.
~$ cat /etc/passwd | grep user12
user12:x:1012:1015::/home/user12:/bin/dash
13. Change default useradd configuration
Some of the user’s default settings such as the user’s home directory, login shell, mail spool settings are all defined in the /etc/default/useradd
file.
Type the following command to list the default user settings.
~$ useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
If you want to change these default settings you can. There are two methods to change this.
First, you can make changes by editing the /etc/default/useradd
file directly or you can change through commands.
Here is the example:
Let’s change the login shell from /bin/bash
to /bin/sh
.
~$ useradd -D -s /bin/sh
Type the following command to check the result.
~$ useradd -D | grep -i shell
SHELL=/bin/sh
14. Create a new user with a password inactivity/expiry period
To create a new user with password expiry days pass the -f
option to useradd
.
In this example, I am creating a user named user50 whose password will expire in 30 days
~]# useradd -f 30 user50
We can check whether the password expiry days is set or not in the /etc/shadow
file.
~$ cat /etc/shadow | grep user50
user50:!!:18660:0:99999:7:30::
Scenario
Let’s take a Scenario that will make your concept more clear.
Question: Create a new user with the following options :
- Custom Comment
- Specific UID and GID
- Changed Home directory
- Add user to multiple Secondary Groups
- Specific expiry date
- and Specific Login Shell
Answer:
Type the following command to complete the given task.
~$ useradd -u 1100 -g 1002 -c "Balamukunda N. Sahu" -G group1,group2,group3,group4,group5 -d /accounts/users/ -e 2021-02-02 -s /bin/bash user15
15. Help/Manual page access
Use the following commands to access the Manual Page/Help Page of useradd
command.
~$ useradd --help
~$ man useradd
You can visit at following websites to get more information on useradd
.
Conclusion
I hope you have learned something from this article and you may have found that useradd
is a very important command in Linux.
I have tried my best to include all the features of useradd
command in this guide.
Now I’d like to hear your thoughts.
Was this guide useful to you?
Or maybe you have some queries.
Have I not included any command in this guide?
Leave a comment below.