3.4. Managing Users via Command-Line Tools

When managing users via command line, the following commands are used: useradd, usermod, userdel, or passwd. The files affected include /etc/passwd which stores user accounts information and /etc/shadow, which stores secure user account information.

3.4.1. Creating Users

The useradd utility creates new users and adds them to the system. Following the short procedure below, you will create a default user account with its UID, automatically create a home directory where default user settings will be stored, /home/username/, and set the default shell to /bin/bash.
  1. Run the following command at a shell prompt as root substituting username with the name of your choice:
    useradd username
  2. By setting a password unlock the account to make it accessible. Type the password twice when the program prompts you to.
    passwd

Example 3.1. Creating a User with Default Settings

~]# useradd robert
~]# passwd robert
Changing password for user robert
New password: 
Re-type new password:
passwd: all authentication tokens updated successfully.
Running the useradd robert command creates an account named robert. If you run cat /etc/passwd to view the content of the /etc/passwd file, you can learn more about the new user from the line displayed to you:
robert:x:502:502::/home/robert:/bin/bash
robert has been assigned a UID of 502, which reflects the rule that the default UID values from 0 to 499 are typically reserved for system accounts. GID, group ID of User Private Group, equals to UID. The home directory is set to /home/robert and login shell to /bin/bash. The letter x signals that shadow passwords are used and that the hashed password is stored in /etc/shadow.
If you want to change the basic default setup for the user while creating the account, you can choose from a list of command-line options modifying the behavior of useradd (see the useradd(8) man page for the whole list of options). As you can see from the basic syntax of the command, you can add one or more options:
useradd [option(s)] username
As a system administrator, you can use the -c option to specify, for example, the full name of the user when creating them. Use -c followed by a string, which adds a comment to the user:
useradd -c "string" username

Example 3.2. Specifying a User's Full Name when Creating a User

~]# useradd -c "Robert Smith" robert
~]# cat /etc/passwd
robert:x:502:502:Robert Smith:/home/robert:/bin/bash
A user account has been created with user name robert, sometimes called the login name, and full name Robert Smith.
If you do not want to create the default /home/username/ directory for the user account, set a different one instead of it. Execute the command below:
useradd -d home_directory

Example 3.3. Adding a User with non-default Home Directory

~]# useradd -d /home/dir_1 robert
robert's home directory is now not the default /home/robert but /home/dir_1/.
If you do not want to create the home directory for the user at all, you can do so by running useradd with the -M option. However, when such a user logs into a system that has just booted and their home directory does not exist, their login directory will be the root directory. If such a user logs into a system using the su command, their login directory will be the current directory of the previous user.
useradd -M username
If you need to copy a directory content to the /home directory while creating a new user, make use of the -m and -k options together followed by the path.

Example 3.4. Creating a User while Copying Contents to the Home Directory

The following command copies the contents of a directory named /dir_1 to /home/jane, which is the default home directory of a new user jane:
~]# useradd -m -k /dir_1 jane
As a system administrator, you may need to create a temporary account. Using the useradd command, this means creating an account for a certain amount of time only and disabling it at a certain date. This is a particularly useful setting as there is no security risk resulting from forgetting to delete a certain account. For this, the -e option is used with the specified expire_date in the YYYY-MM-DD format.

Note

Do not confuse account expiration and password expiration. Account expiration is a particular date, after which it is impossible to log in to the account in any way, as the account no longer exists. Password expiration, the maximum password age and date of password creation or last password change, is the date, when it is not possible to log in using the password (but other ways exist, such as logging in using an SSH key).
useradd -e YYYY-MM-DD username

Example 3.5. Setting the Account Expiration Date

~]# useradd -e 2015-11-05 emily
The account emily will be created now and automatically disabled on 5 November, 2015.
User's login shell defaults to /bin/bash, but can be changed by the -s option to any other shell different from bash, ksh, csh, tsh, for example.
useradd -s login_shell username

Example 3.6. Adding a User with Non-default Shell

~]# useradd -s /bin/ksh robert
This command creates the user robert which has the /bin/ksh shell.
The -r option creates a system account, which is an account for administrative use that has some, but not all, root privileges. Such accounts have a UID lower than the value of UID_MIN defined in /etc/login.defs, typically 500 and above for ordinary users.
useradd -r username