Useradd is a basic Linux command to add new users. We will review how to add new users in Linux with useradd command. A Linux user must belong to a group. If we don't specify the group info for the new user, this info will be chosen by OS. Understanding New User defaults. How Useradd works? Choose Group Info for New User. The following two files define the default info when users are created by the useradd command. The useradd command performs the below tasks:.
It creates and opens a new home directory. It allows us to set ownerships and permissions to the home directory. Suppose I add another account, this time for Timmy. Comparing the two users, sonny and timmy , shows that both users and their respective primary groups were created by using the getent command.
This is because the default behavior is to assign the next available UID to the user and then attempt to assign the same number to the primary group. However, if that number is already used, the next available GID is assigned to the group. To explain what happened, I hypothesize that a group with GID already exists and enter a command to confirm. This is an example where a system administrator would need to take more control of the user-creation process. To resolve this issue, I must first determine the next available user and group ID that will match.
The commands getent group and getent passwd will be helpful in determining the next available number. This number can be passed with the -u argument. NFS is easier to administer when all client and server systems have the same ID configured for a given user. I cover this in a bit more detail in my article on using autofs to mount NFS shares. Very often though, other account parameters need to be specified for a user. Here are brief examples of the most common customizations you may need to use.
The comment option is a plain-text field for providing a short description or other information using the -c argument. A user can be assigned one primary group and multiple secondary groups. The -g argument specifies the name or GID of the primary group.
If it's not specified, useradd creates a primary group with the user's same name as demonstrated above. The -G uppercase argument is used to pass a comma-separated list of groups that the user will be placed into; these are known as secondary groups. However, different aspects of the home directory can be overridden with the following arguments. The -b sets another directory where user homes can be placed. These are usually shell configuration files, but they can be anything that a system administrator would like to make available to all new users.
The -s argument can be used to specify the shell. The default is used if nothing else is specified. For example, in the following, shell bash is defined in the default configuration file, but Wally has requested zsh.
Security is an essential part of user management, so there are several options available with the useradd command. The encrypted password, as returned by crypt. The default is to disable the password. Note: This option is not recommended because the password or encrypted password will be visible by users listing the processes for example, with the ps command.
You should make sure the password respects the system's password policy. Create a system account. You have to specify the -m options if you want a home directory for a system account to be created. The name of the user's login shell. The numerical value of the user's ID. This value must be unique, unless the -o option is used. The value must be non-negative. Create a group with the same name as the user, and add the user to this group. The SELinux user for the user's login. The default is to leave this field blank, which causes the system to select the default SELinux user.
The path prefix for a new user's home directory. The date on which the user account is disabled. The number of days after a password has expired before the account will be disabled. The named group must exist, and a numerical group ID must have an existing entry. The name of a new user's login shell.
Indicate if a home directory should be created by default for new users. This setting does not apply to system users, and can be overridden on the command line.
Range of group IDs used for the creation of regular groups by useradd , groupadd , or newusers. The mail spool directory.
This is needed to manipulate the mailbox when its corresponding user account is modified or deleted. If not specified, a compile -time default is used. Maximum members per group entry. The default value is 0 , meaning that there are no limits in the number of members in a group. This feature split group helps to limit the length of lines in the group file. This is useful to make sure that lines for NIS groups are not larger than characters.
0コメント