We all are aware about the most popular command called ‘useradd‘ or ‘adduser‘ in Linux. There are times
when a Linux System Administrator asked to create user accounts on Linux
with some specific properties, limitations or comments.
In
Linux, a ‘useradd‘ command is a low-level
utility that is used for adding/creating user accounts in Linux and other Unix-likeoperating systems. The ‘adduser‘ is much similar to useraddcommand, because it is just a
symbolic link to it.
In some other Linux distributions, useradd command may
comes with lightly difference version. I suggest you to read your
documentation, before using our instructions to create new user accounts
in Linux.
When we run ‘useradd‘ command in Linux terminal, it performs following major things:
1.
It edits /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow
files for the newly created User account.
2.
Creates and populate a home directory for the new user.
3.
Sets permissions and ownerships to home directory.
Basic
syntax of command is:
useradd [options]
username
In this blog we will show you the most used 15 useradd commands with their
practical examples in Linux. We have divided the
section into two parts from Basic to Advance usage of
command.
1. How to Add a New User
in Linux
To
add/create a new user, all you’ve to follow the command ‘useradd‘ or ‘adduser‘ with ‘username’. The
‘username’ is a user login name, that is used by user to login into the system.
Only one user can be added and
that username must be unique (different from other username already exists on
the system).
For
example, to add a new user called ‘manish‘, use the following
command.
When
we add a new user in Linux with ‘useradd‘ command it gets
created in locked state and to unlock that user account, we need to set a
password for that account with ‘passwd‘ command.
Changing password for user manish.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
Once
a new user created, it’s entry automatically added to the ‘/etc/passwd‘ file. The file is used to
store users information and the entry should be.
The above entry contains a set
of seven colon-separated fields, each field has it’s own meaning. Let’s see
what are these fields:
1.
Username:
User login name used to login into system. It should be between 1 to 32
charcters long.
2.
Password:
User password (or x character) stored in /etc/shadow file in encrypted format.
3.
User ID (UID): Every user must have a User ID (UID) User Identification
Number. By default UID 0 is reserved for root user and UID’s ranging from 1-99
are reserved for other predefined accounts. Further UID’s ranging from 100-999
are reserved for system accounts and groups.
4.
Group ID (GID): The primary Group ID (GID) Group Identification Number
stored in /etc/group file.
5.
User Info: This field is optional and allow you to define extra
information about the user. For example, user full name. This field is filled
by ‘finger’ command.
6.
Home Directory: The absolute location of user’s home directory.
7.
Shell:
The absolute location of a user’s shell i.e. /bin/bash.
2. Create a User with Different Home
Directory
By
default ‘useradd‘ command creates a
user’s home directory under /home directory
with username. Thus, for example, we’ve seen above the default home directory
for the user ‘manish‘ is ‘/home/manish‘.
However,
this action can be changed by using ‘-d‘ option along with the
location of new home directory (i.e. /data/projects). For
example, the following command will create a user ‘trump‘ with a home directory ‘/data/projects‘.
You can see the user home
directory and other user related information like user id, group id, shell and
comments.
trump:x:505:505::/data/projects:/bin/bash
3. Create a User with Specific User ID
In
Linux, every user has its own UID (Unique Identification Number). By
default, whenever we create a new user accounts in Linux, it assigns userid 500, 501, 502 and so on…
But,
we can create user’s with custom userid with ‘-u‘
option. For example, the following command will create a user ‘rahul‘ with custom userid ‘999‘.
Now,
let’s verify that the user created with a defined userid (999) using following command.
rahul:x:999:999::/home/manish:/bin/bash
NOTE: Make
sure the value of a user ID must be unique from any other already created users
on the system.
4. Create a User with Specific Group
ID
Similarly,
every user has its own GID (Group Identification Number). We
can create users with specific group ID’s as well with -g option.
Here
in this example, we will add a user ‘satish‘ with a specific UID and GID simultaneously with the
help of ‘-u‘ and ‘-g‘ options.
Now,
see the assigned user id and group id in ‘/etc/passwd‘ file.
satish:x:1000:500::/home/satish:/bin/bash
5. Add a User to Multiple Groups
The
‘-G‘ option is used to add a user to
additional groups. Each group name is separated by a comma, with no intervening
spaces.
Here
in this example, we are adding a user ‘manish‘ into multiple groups
like admins, webadmin and developer.
Next, verify that the multiple
groups assigned to the user with id command.
uid=1001(manish) gid=1001(manish)
groups=1001(manish),500(admins),501(webadmin),502(developers)
context=root:system_r:unconfined_t:SystemLow-SystemHigh
6. Add a User without Home Directory
In
some situations, where we don’t want to assign a home directories for a user’s,
due to some security reasons. In such situation, when a user logs into a system
that has just restarted, its home directory will be root. When such user uses su command, its login directory will be the previous user home directory.
To
create user’s without their home directories, ‘-M‘ is
used. For example, the following command will create a user ‘om‘ without a home directory.
Now, let’s verify that the user
is created without home directory, using ls command.
ls: cannot access /home/om: No such file or directory
7. Create a User with Account Expiry
Date
By
default, when we add user’s with ‘useradd‘ command user account
never get expires i.e their expiry date is set to 0 (means never expired).
However,
we can set the expiry date using ‘-e‘ option, that sets date in YYYY-MM-DD format. This is helpful
for creating temporary accounts for a specific period of time.
Here
in this example, we create a user ‘rip‘ with account expiry date i.e. 27th April 2014 in YYYY-MM-DD format.
Next,
verify the age of account and password with ‘chage‘
command for user ‘rip‘ after setting account expiry
date.
Last password change : Mar 28, 2014
Password expires : never
Password inactive : never
Account expires : Mar 27, 2014
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
8. Create a User with Password Expiry
Date
The
‘-f‘ argument is used to define the number of
days after a password expires. A value of 0 inactive
the user account as soon as the password has expired. By default, the password
expiry value set to -1 means never expire.
Here
in this example, we will set a account password expiry date i.e. 45 days on a user ‘manish’ using ‘-e‘ and ‘-f‘
options.
9. Add a User with Custom Comments
The
‘-c‘ option allows you to add custom comments,
such as user’s full name, phone number, etc to /etc/passwd file. The comment can be
added as a single line without any spaces.
For
example, the following command will add a user ‘mansi‘ and would insert that user’s
full name, Manis Khurana, into
the comment field.
You
can see your comments in ‘/etc/passwd‘ file
in comments section.
mansi:x:1006:1008:Manis Khurana:/home/mansi:/bin/sh
10. Change User Login Shell:
Sometimes,
we add users which has nothing to do with login shell or sometimes we require
to assign different shells to our users. We can assign different login shells
to a each user with ‘-s‘ option.
Here
in this example, will add a user ‘manish‘ without login shell
i.e. ‘/sbin/nologin‘ shell.
You
can check assigned shell to the user in ‘/etc/passwd‘ file.
manish:x:1002:1002::/home/manish:/sbin/nologin
No comments:
Post a Comment