This example will show you how to create users in Linux, looking at the two different available commands: the default utility, useradd; and a script that acts as more friendly front-end for the default utility, which is named adduser.
For this example, Linux Mint 17.03 has been used.
1. How users are organized
The existing users of the system are registered in the file /etc/passwd. This file defines who has legit access to the system. This is an example of a line of the file:
julen:x:1000:1000:Julen Pardo:/home/julen:/bin/bash
Which follows the following format:
username:password:uid:gid:real_name:home_directory:command_shell
- The
usernameis the account name for the login. - The
passwordfield is actually not used in modern systems. The users credentials are stored in/etc/shadowfile. - The
uid(user id) andgid(group id) are the unique identifiers of the user and the group it belongs to, respectively. - The
real_nameis that, the user’s real name. - The
home_directoryis the working directory of each user, usually/home/<username>. - Finally, the
command_shellis the program that is ran at login. Usually, this is the path to a shell. If not set,/bin/shis used.
It’s better not to touch manually this file to add (or modify/remove) users. To add users, we should use the methods that we will see in this tutorial.
2. Using native binary: useradd
useradd is the native, low level, binary of Linux systems. Its use is very simple:
sudo useradd [options] username # superuser privileges are needed.
So, we could create a user named john_doe:
sudo useradd john_doe
Now, a new user named john_doe has been created in the users database. We can check it in the /etc/passwd file:
grep "john_doe" /etc/passwd
Which will show:
john_doe:x:1002:1005::/home/john_doe:
2.1. Setting a password
We have created a user without a password! We can check it in the /etc/shadow file:
grep "john_doe" /etc/shadow
Returning:
john_doe:!:17018:0:99999:7:::
That exclamation mark ! means that no password is set for the user.
Setting a password for each user is not an advice, but mandatory. For this, we have two options: create the user and then set the password (with passwd command), or specify it at creation time with -p (--password) option. The recommended option is the first one, since the second one has two obvious downsides:
- The password is visible in the command line.
- We are not asked for confirmation, so we won’t notice if we make a miss typing the password.
Use always the passwd command to set the passwords. We only have to run it specifying the user, as in the following example:
sudo passwd john_doe
And we will be asked to set the password (with confirmation).
2.2. Creating the home directory
Now that we have this new user, we can try to login in the system with it:
sudo -u john_doe -i # Login with user john_doe.
But we will get an error:
sudo: unable to change directory to /home/john_doe: No such file or directory
This is because useradd sets the home directory for new users, but it does not create it by default. We can fix it by creating manually the directory, but is better to create the home directory at user creation time. This is achieved passing the -m (--create-home) option to useradd:
sudo userdel john_doe # To delete it. sudo useradd john_doe -m
This will create a directory for the new user. The default behavior for this option is to create the directory with the same name as the created user, in the /home directory.
2.3. Setting a different home directory
For some reason, we might want to set the home directory in a different place from /home. This is allowed using the -b (--base-dir) option. For example:
sudo useradd john_doe -b /tmp
Will create the following entry in /etc/passwd:
john_doe:x:1002:1005::/tmp/john_doe:
Note that we only have specified the directory where the home directory will be placed, not the home directory name itself.
When we use this option, we also have to tell userrad to create the home directory, as in the example of the previous section:
sudo useradd john_doe -b /tmp -m
2.4. Setting the shell
You may have noticed that the in the line for our user, the value for the shell is not set. Usually, we would want to use /bin/bash instead of the default /bin/sh. To specify the shell, we have to use the -s (--shell) option:
sudo useradd john_doe -m -s /bin/bash
2.5. Other options
Let’s see other common options for useradd command.
2.5.1. Specifying the primary group
The default behavior when creating a user is to create a group for it, with the same name, and set it as primary. But we have the option to avoid this and specify a group name (or gid) to be the primary of the creating user. For this, -g (--gid) option is used, as in the following example:
sudo useradd john_doe -g developers
And john_doe will be created with developers as primary group. We can check it with the groups command:
groups john_doe
2.5.2. Setting secondary groups
Similarly to the primary group, we may want to set secondary group(s) for a user at creation time. This time, -G (-groups) option has to be used, specifying the list of groups separated by commas, without whitespaces, e.g.:
sudo useradd john_doe -G developers,another_secondary
2.5.3. Setting an expiration date
This option is useful when we have to create accounts for users that we know beforehand have to have access to the system only until a certain date. For this, we have to use the -e (--expiredate) option, specifying the date in YYYY-MM-DD format. Let’s see it with an example:
sudo useradd john_doe -e 2017-01-01
2.5.4. Setting personal information
Actually, we can set any type of additional comments, but this option is usually used to specify personal information, such as real name. We have to use the -c (--comment) option, specifying the information between quotes (single or double, doesn’t matter) if the comment contains whitespaces, e.g.:
sudo useradd john_doe -c 'John Doe'
Will generate the following entry:
john_doe:x:1002:1005:John Doe:/home/john_doe:
3. Using a user-friendly wrapper for useradd: adduser
With useradd, we have seen that creating users is not actually difficult, but, by default, it doesn’t perform some actions that can be supposed as essential, like creating the home directory. We can even create a user without a password, and do not notice it.
To make user creation easier and in a more comfortable way, adduser was created. This is just a Perl script for an interactive use of useradd.
If we try to create a user with adduser, e.g.:
sudo adduser john_doe
And we will see that, only typing that, adduser does many things for us:
Adding user `john_doe’ …
Adding new group `john_doe’ (1001) …
Adding new user `john_doe’ (1002) with group `john_doe’ …
Creating home directory `/home/john_doe’ …
Copying files from `/etc/skel’ …
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for john_doe
Enter the new value, or press ENTER for the default
Full Name []: John Doe
Room Number []: 1
Work Phone []: 111-111-111
Home Phone []: 222-222-222
Other []: 333-333-333
Is the information correct? [Y/n] Y
(In italic the values specified by hand).
That is, apart from creating the home directory and setting the password with passwd, also allows to set personal information about the user. And also sets /bin/bash for the shell. This is the line that has been added in /etc/passwd for the user we have just created:
john_doe:x:1002:1001:John Doe,1,111-111-111,222-222-222,333-333-333:/home/john_doe:/bin/bash
3.1. Changing the options
Even if adduser does makes more comfortable the user creation, we can change the options. Let’s see the equivalents for adduser that we have seen for useradd.
The format is the same as with useradd:
sudo adduser <username> [option1] <value1>...[optionN] <valueN>
- Changing the home directory:
--home - Changing the shell:
--shell - Specifying the primary group:
--ingroup
The adduser utility does not provide options for setting secondary groups and and an expiration date.
4. Summary
This example has shown how to create users in Linux systems, with two different commands: useradd and adduser. As we have seen, adduser can be considered a better (in terms of usability) option, since it performs two essential actions that useradd does not perform by default: create a home directory, and set a password. Even if a user creation can require more options, those two are always fundamental.
