Administration – Adding User Accounts

To add new users, you can use the useradd command. The only option that is required to add a new user is the user name you are adding. You can see some of the default settings for adding a new user by entering the -D option:

Show useradd default values
$ useradd -D
GROUP=100 Set group ID to 100 (users)
HOME=/home Set base home directory to /home
INACTIVE=-1 Password expiration is disabled (-1)
EXPIRE= Don’t set date to disable user account
SHELL=/bin/sh Set the default shell to /bin/bash
SKEL=/etc/skel Copy default config files from /etc/skel to $HOME
CREATE_MAIL_SPOOL=no Create a mail spool directory

Linux systems override the default group (100) and create a new group for every user. By default, the user ID assigned to the first user created is 1000 and the group ID is also 1000. The group name is the same as the user name. The home directory is the user name appended to /home. So, for example, if you created the first regular user account on the system as follows:

$ sudo useradd -m marvin

The result would be a new user account with a marvin user name (UID 1001) and marvin group name (GID 1001). The -m option tells useradd to create a home directory of /home/willz, and copy a set of configuration files (each beginning with a “.”) to the home directory from /etc/skel. The account would remain active indefinitely (no expiration date). Add a password as follows, and in most cases that’s all you need to do to have a working user account.

$ sudo passwd marvin
Changing password for user marvin
New UNIX password: ********
Retype new UNIX password: ********
passwd: all authentication tokens updated successfully.

NOTE: Remember to use strong, non–dictionary-based passwords.

There are many options you can enter to override the defaults when you create a user. Combine the different options as you choose. Here are some examples:

Use specific UID and GID for user
$ sudo useradd -u 1101 -g 1300 skolmes

Create /var/x/jj home directory
$ sudo useradd -m -d /home/jj jones

Add user to support and sales groups
$ sudo useradd -G support,sales timd

Add user’s full name to comment field
$ sudo useradd -c “Marvin G. Soto” msoto

Assign a new default shell (tcsh); you must install this shell
$ sudo useradd -s /bin/tcsh marvin

Add account to expire April 07, 2009
$ sudo useradd -e 2009-04-07 marvin

Create a disabled account
$ sudo useradd -f 0 marvin

Keep user from shelling in
$ sudo useradd -s /sbin/nologin marvin

Prevent creation of home directory, no -m
$ sudo useradd marvin

Before you can add a user to a group, that group must exist. A user must belong to one initial group that can be defined with –g and can also belong to supplementary groups, defined with –G. To list the group(s) that a user belongs to, use the groups command:

List the groups that a user belongs to marvin ftpusers
$ groups marvin

The add account to expire example (-e) is useful for setting an expiration date for a user that you know to be temporary. Change the default shell to nologin when you want a user to be able to access the computer (via FTP, POP3, and so on), but you don’t want to allow access to a regular Linux login shell. Likewise, the last example, with no -m to create a home directory, might allow a user to access a machine, but not have a home directory. Note that in all the examples, unless you provide the –m option, the useradd command will not create the home directory for the user.

Changing useradd Defaults

The default values you get when you create a new user account with useradd (default shell, GID, expire dates, and so on) are set by values in the /etc/login.defs and /etc/default/useradd files. You can edit those files to change defaults or run the useradd command with the -D option to list or selectively change values:

List default settings for useradd
$ useradd -D

Set default base dir and shell
$ sudo useradd -D -b /home2 -s /bin/csh

Set all new users to expire in 2009
$ sudo useradd -D -e 2009-04-07
As noted earlier, files and directories from the /etc/skel directory are copied to the new user’s home directory when the account is created when you pass the –m option. Those files include some bash shell files and a link to an example directory. You can add other files and directories to /etc/skel so that each new user gets them. For example, if you are configuring a web server, you might create public_html and public_ftp directories for users to add web pages and files they want to share.

Advertisements

About msotela

This blog is for anyone who wants to access the power of a Linux system as a systems administrator or user. You may be a Linux enthusiast, a Linux professional, or possibly a computer professional who is increasingly finding the Windows systems in your data center supplanted by Linux boxes.

Posted on September 23, 2009, in Unix/Linux. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: