In this tutorial, you will learn how to create user account using useradd/adduser commands in Linux. User management is one of the most common task in Linux system administration. Creating users, setting up their environments, setting passwords, managing their groups, deleting users etc are all tasks surrounding user management in Linux. Having the ability to manage users in LInux is one of the most paramount basic skill in Linux administration.
Note that user account management in Linux requires elevated privileges; the use of root account or a standard account with sudo rights.
Below is what we are going to cover in regards to user account creation in Linux;
Table of Contents
Creating User Accounts using useradd/adduser commands in Linux
There are various way in which you can create user accounts in Linux. If you are using desktop based system, you can do user account creation from the GUI (or console if you want), while on the headless servers you can do user account creation from the console, here in called the terminal. In this tutorial, we will focus on creating user management in Linux from terminal.
Linux provides various commands for creating user accounts, with the most common ones being useradd and adduser utilities.
Using useradd command in Linux
The command line syntax for useradd utility is;
useradd [-c comment] [-d home-dir] [-e expire-date] [-f inactive-days] [-g default-group] [-G group[,...]] [-m [-k skeleton-dir] | -M] [-p password] [-s shell] [-u UID [-o]] [-r] [-N] usernameIn its simplest form, you would simply run the useradd as shown below to create a user;
useradd USERNAMEFor example, to create an account for user johndoe;
useradd johndoeThis creates a user account with the default options defined on the /etc/login.defs file. You can view the defaults from the passwd database. The useradd command default options are also defined in /etc/default/useradd file.
getent passwd johndoejohndoe:x:1002:1002::/home/johndoe:/bin/shBy default, a group will also be created for the new user with the same group ID (GID) as user ID (UID) and same group name as username;
getent group johndoejohndoe:x:1002:You can pass multiple options to the useradd utility to customize your user account during creation. For example, see the command below;
useradd -m -c "Jane Doe" -s /bin/bash -g level1 -G level1,level2 janedoeWhere the options:
-m: tells the useradd command to create user’s home directory (/home/janedoe).-c: defines a short description of the user, and is currently used as the field for the user’s full name (Jane Doe).-s: defines a custom user’s login shell, bash is used above. Check /etc/login.defs for the default value, usually /bin/sh-g: defines a custom primary group for user instead of creating a group similar to login name (username). The group must already be existing.-G: adds a user to additional groups specified. Groups must also be already existing.
To list the default options defined on the useradd defaults file, /etc/default/useradd;
useradd -DFor a complete description of other command line options, refer to man useradd.
Using adduser command in Linux
adduser command, unlike useradd command, helps you to interactively add user account to your linux system. You would simply execute it from your Linux terminal as follows;
adduser <username>For example, to create a user called janedoe;
adduser janedoeOn Debian based systems, this command will run interactively asking you about various details about the user;
Adding user `janedoe' ...
Adding new group `janedoe' (1002) ...
Adding new user `janedoe' (1001) with group `janedoe' ...
Creating home directory `/home/janedoe' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for janedoe
Enter the new value, or press ENTER for the default
Full Name []: Jane Doe
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] yBoth adduser and useradd commands copies the initial user profile/environment settings defined under the /etc/skel directory to the user login/home directory.
By default, adduser command uses the default settings defined under /etc/adduser.conf file.
You can specify various options on the command line;
adduser --home /home/janedoe --shell /bin/bash --gecos "" janedoeOn RHEL derivatives, the adduser command is a symbolic link to useradd command and will just run non-interactively as useradd command.
ls -alh /usr/sbin/adduserlrwxrwxrwx. 1 root root 7 Nov 8 2019 /usr/sbin/adduser -> useraddSetting User Account Password in Linux
Before a user account becomes usable, you need to have set a password for it. useradd command doesn’t prompt for password. adduser command however, prompts you to set the password.
You can set/reset user account password using passwd utility.
As as administrator/super user (root), you can set user password as simple as executing the command;
passwd usernameThere are other account details you can control using the passwd utility. Read more on man passwd about the command line options.
As a standard user, you can only reset your own password. While resetting a password, you need to supply your old password.
With useradd command, you can specify your password on the command line using the -p ENCRYPTED_PASSWORD option.
You can generate an encrypted password using openssl or other tools such as crypt.
See example command below to use openssl with passwd command to generate encrypted password.
openssl passwd passwordThis will generate an hash for password password.
QqjgPLfXQD8ZkYou can then pass this to -p option as the hash;
useradd -m -p QqjgPLfXQD8Zk usernameYou can simply achieve this using one command;
useradd -m -p $(openssl passwd password) usernameViewing User Account Information in Linux
There are two files that stores user information records in Linux;
/etc/passwd: Stores general user information such as username, user ID, group ID, location of home directory, login shell, the Geckos information. The file can be read by standard users./etc/shadow: Stores user password information such as expiry date, the password hash…The file cannot be read by standard users.
Viewing General User Account Information
To view the general user information from the passwd database, use the getent tool.
getent passwdThis will list all the users and their account information. If you want to view specific user account information, you can grep the user or simply pass the username as the argument.
getent passwd | grep janedoeor
getent passwd janedoejanedoe:x:1002:1002::/home/janedoe:/bin/bashWhere:
| Field No. | Field | Description |
| 1 | janedoe | Account username |
| 2 | x | letter x is a placeholder for user’s encrypted password which is stored in shadow file. |
| 3 | 1002 | User ID |
| 4 | 1002 | Group ID |
| 5 | (blank) | This field should contain general user information (GECOS) such as real name (Jane Doe), phone number, location |
| 6 | /home/janedoe | This is the home directory for the user |
| 7 | /bin/bash | This is the shell assigned to the user |
Viewing User Account Password Information in Linux
To view user’s password information, you can similarly read from the shadow database using the getent command.
getent shadow janedowjanedoe:!!:18478:0:99999:7:::| Field No | Field Value | Description |
| 1 | janedoe | Account Username |
| 2 | !!/!/*/blank/ password hash | two exclamation marks (!!): No password set for the accountone exclamation marks (!): shows that the account is lockedan asterisk (*): Indicates that the account doesn’t accept login.blank: The password has been deleted for the account and thus, you can login without being prompted for the password.hash: An encrypted password has been set for the account |
| 3 | 18478 | Last password change date. Expressed in number of days since 01/01/1970. Value of -1 means the feature is disabled. |
| 4 | 0 | Number of days before password can be changes. 0 shows that password can be changed at any time. |
| 5 | 99999 | How long in days after which the password must be changed. 99999 indicates that the account doesn’t expire and hence the password can be kept for as many years. |
| 6 | 7 | Number of warning days before a password expires. This show 7 days |
| 7 | Number of days an account can stay after it has expired before it is disabled/deactivated completely. | |
| 8 | How long in days, since 01/01/1970 since the account is disabled |
And that is how easy it is to create and view user account information in Linux.
The commands that we used in this tutorial, supports other wide number of command line options. Be sure to check the man pages of each individual command to get a comprehensive description of these options.
Reference
- man useradd
- man adduser
- man passwd
Other Related Tutorials
Using Find Command to Search for Files and Directories in Linux
Delete Lines Matching a Specific Pattern in a File using SED
Delete Lines Matching Specific Pattern in a File using VIM
How to check Hardware information, block devices and filesystems on a Linux System
