Overview
The useradd command is the primary tool for creating new user accounts in a Linux system. It allows administrators to define specific details such as the account name, User ID (UID), group memberships, home directory, and the default login shell.
It is important to note that when a user is first created with this command, the account is in a “locked” or “no password” state. To allow a user to log in, you must set a password separately using the passwd command.
Specifications (Arguments and Options)
Syntax
BASH
# Creating a user
useradd [options] [username]
# Viewing or changing default settings
useradd -D [options]
Main Options for User Creation
| Option | Description |
| -c [comment] | Sets the GECOS field (e.g., full name or contact info). |
| -d [dir] | Specifies the path for the home directory (default is /home/username). |
| -m | Automatically creates the home directory if it does not exist. |
| -g [GID/name] | Defines the primary group for the user. |
| -G [groups] | Defines secondary (supplementary) groups, separated by commas. |
| -s [shell] | Sets the default login shell (e.g., /bin/bash). |
| -u [UID] | Specifies a numerical User ID (UID). |
| -U | Creates a group with the same name as the user and sets it as the primary group. |
| -e [YYYY-MM-DD] | Sets an expiration date for the account. |
| -f [days] | Sets the number of days before an account is disabled after a password expires. |
| -k [dir] | Specifies the skeleton directory used to populate the new home directory. |
| -r | Creates a system account (typically with a lower UID). |
Main Options for Changing Default Settings (-D)
Using useradd -D allows you to modify the default values applied to any future users created without specific flags.
| Option | Description |
| -s [shell] | Changes the default login shell for all new users. |
| -g [group] | Changes the default primary group. |
| -d [dir] | Changes the base path for home directories (e.g., /home). |
| -e [date] | Changes the default account expiration date. |
| -f [days] | Changes the default inactivity period for account disabling. |
Basic Usage
In a standard server management scenario, you should always include the -m option to ensure a workspace is prepared for the new user.
BASH
# Add a new developer account named 'dev_tester' with a home directory
sudo useradd -m dev_tester
# Verify the created account information
id dev_tester
Example Output:
uid=1001(dev_tester) gid=1001(dev_tester) groups=1001(dev_tester)
At this stage, the user cannot log in because no password has been assigned.
Practical Commands
Creating a User with Detailed Configurations
In a professional environment, such as setting up a new member of the infrastructure team, you might need to specify a shell, a primary group, and administrative access groups.
BASH
# Create 'admin_engineer' with Bash, primary group 'ops', and secondary access to 'wheel' and 'docker'
sudo useradd -m -d /home/admin_engineer -s /bin/bash -g ops -G wheel,docker admin_engineer
# Check the account details and password file entry
id admin_engineer
grep admin_engineer /etc/passwd
Example Output:
uid=1002(admin_engineer) gid=2000(ops) groups=2000(ops),10(wheel),999(docker)
admin_engineer:x:1002:2000::/home/admin_engineer:/bin/bash
Managing Default System Settings
If you find yourself constantly typing -s /bin/bash, it is more efficient to change the system-wide default for the useradd command.
BASH
# Display current default settings
useradd -D
# Change the default login shell to /bin/zsh
sudo useradd -D -s /bin/zsh
# Verify the change
useradd -D
Customization Points
Home Directory Creation (-m)
On many distributions, especially those not based on RHEL, useradd does not create a home directory by default. If the account is intended for interactive human use, always include the -m flag to avoid login errors related to missing directories.
Shell Selection (-s)
The default shell in many environments is /bin/sh, which lacks many modern features like command history and auto-completion. Specifying /bin/bash or /usr/bin/zsh ensures a more productive environment for the user.
Important Notes
Password Requirement
A user created via useradd is effectively disabled until a password is set. You must immediately follow up with the passwd command to activate the account.
BASH
sudo passwd admin_engineer
useradd vs. adduser
While Debian and Ubuntu offer a friendly interactive script called adduser, useradd is the underlying low-level command. For shell scripts and automation, useradd is the preferred choice due to its consistent behavior across different distributions.
Group Prerequisites
When using -g or -G, the groups must already exist in the system. If you need to create a new group for a project, use the groupadd command before running useradd.
Advanced Applications
Creating Non-Login System Accounts
For security reasons, accounts used to run services like web servers or databases should not have login capabilities.
BASH
# Create a system user for a web service without a home directory or login shell
sudo useradd -r -s /sbin/nologin -d /var/www/html -M web_service_user
The -M flag prevents the creation of a home directory, while /sbin/nologin ensures that even if a password is set, the account cannot access a shell prompt.
Summary
The useradd command serves as the fundamental building block for user management within a Linux environment. By mastering the core flags for creating home directories, assigning default shells, and managing group permissions, you can effectively control access to your server infrastructure. Always remember that account creation is a two-step process that requires the passwd command to enable user access and maintain system security through proper authentication.
