Never Ending Security

It starts all here

Useradd Commands Cheatsheet

useradd Practical Examples

In Linux, a ‘useradd‘ command is a low-level utility that is used for adding/creating user accounts. The ‘adduser‘ is much similar to useradd command, because and it shares symbolic link to it. In some Linux distributions, useradd command may comes with lightly difference version.

When you run ‘useradd‘ command in Linux terminal, it performs following things:

  1. It edits /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files for the newly created User account.
  2. Creates and populate a home directory for the new user.
  3. Sets permissions and ownerships to home directory.

Basic syntax of command is:

useradd [options] username

How to Add a New User in Linux

To add a new user, all you have to do is issue ‘useradd‘ or ‘adduser‘ command followed by ‘username’. The ‘username’ is a user login name and it will be used by user to login into the system.

For example, to add a new user called ‘cyberpunk‘, use the following command.

[root@n0where ~]# useradd cyberpunk

When we add a new user in Linux with ‘useradd‘ command, the user is in a locked state. In order to unlock that user account, you need to set a password for that account with ‘passwd‘ command.

[root@n0where ~]# passwd cyberpunk
Changing password for user cyberpunk.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

Once a new user created, record is  automatically added to the ‘/etc/passwd‘ file. This file is used to store users information and it looks like:


This record is consisted of seven colon-separated fields and each field has a specific meaning :

  1. Username: used for system login
  2. Password: User password (or x character if the system uses /etc/shadow file )
  3. User ID (UID): Every user have a unique User ID (UID) or User Identification Number. By default UID 0 is reserved for root user and UID’s 1-99 are reserved for other predefined accounts. UID’s 100-999 are reserved for system accounts and groups.
  4. Group ID (GID): The primary Group ID (GID) Group Identification Number stored in /etc/group file.
  5. User Info: This field is optional and allow you to define extra information about the user. For example, user full name. This field is filled by ‘finger’ command.
  6. Home Directory: The absolute location of user’s home directory.
  7. Shell: The absolute location of a user’s shell i.e. /bin/bash.

Create a user with specific Home

By default ‘useradd‘ command creates a user’s home directory under /home directory with username. In the previous example useradd creates home directory for the user ‘cyberpunk‘ in ‘/home/cyberpunk‘.

By using ‘-d‘ switch with useradd command we can change this default behaviour. The following command will create a user ‘cyberpunk‘ with a home directory ‘/nowhere/team‘.

[root@n0where ~]# useradd -d /nowhere/team cyberpunk

Looking at the passwd file we can now see that the home directory is what we specified with -d switch.

[root@n0where ~]# cat /etc/passwd | grep cyberpunk


Create a User with Specific User ID

In Linux, every user has its own UID (Unique Identification Number). By default, whenever we create a new user accounts Linux increment and assign UserID. We can assign a custom UID to the user with ‘-u‘ switch. In the following example we will create a user ‘cyberpunk‘ with a custom UserID ‘999‘.

[root@n0where ~]# useradd -u 999 cyberpunk

Verify that the user created with a defined UserID (999).

[root@n0where ~]# cat /etc/passwd | grep cyberpunk


NOTE: Make sure that the User ID value is a unique number. You cannot have two user with the same UID.

Create a User with Specific Group ID

Just like a UID value, every user has its own GID (Group Identification Number). We can create users with specific group ID’s by specifying the ID after the -g switch.

This command will add user ‘cyberpunk‘ with a specific UID and GID simultaneously:

[root@n0where ~]# useradd -u 1000 -g 500 cyberpunk

Verify assigned UID and GID id in ‘/etc/passwd‘ file.

[root@n0where ~]# cat /etc/passwd | grep cyberpunk


Add a User to Multiple Groups

The ‘-G‘ switch is used to add a user to additional groups. Each group name is separated by a comma, with no spaces.

In this example, we are adding a user ‘cyberpunk‘ into multiple groups like adminswebadmin and developer.

[root@n0where ~]# useradd -G admins,webadmin,developers cyberpunk

Next, verify that the multiple groups assigned to the user with id command.

[root@n0where ~]# id cyberpunk

uid=1001(cyberpunk) gid=1001(cyberpunk)

Add a User without Home Directory

In some situations, we may not want to assign a home directory for a user [ ie security reasons]. For this we can use ‘-M‘ switch. For example, the following command will create a user ‘cyberpunk‘ without a home directory.

[root@n0where ~]# useradd -M cyberpunk

Now, let’s verify that the user is created without home directory, using ls command.

[root@n0where ~]# ls -l /home/cyberpunk

ls: cannot access /home/cyberpunk: No such file or directory

Create a User with Account Expiry Date

By default, when we add user’s with ‘useradd‘ command user account never get expires. This means that the expiry date is set to 0 (means never expired).

If we want to set the expiry date we would use ‘-e‘ switch, that sets date in YYYY-MM-DD format. This is useful for creating temporary accounts for a specific period of time.

Here’s the example – create a user ‘cyberpunk‘ with account expiry date i.e. 27th October 2014 in YYYY-MM-DD format.

[root@n0where ~]# useradd -e 2014-10-27 cyberpunk

Verify the age value for the account and password with ‘chage‘ command:

[root@n0where ~]# chage -l cyberpunk

Last password change                        : Sept 12, 2014
Password expires                        : never
Password inactive                       : never
Account expires                         : Oct 27, 2014
Minimum number of days between password change              : 0
Maximum number of days between password change              : 99999
Number of days of warning before password expires       : 7

Create a User with Password Expiry Date

The ‘-f‘ switch is used to define the number of days after a password expires. By default, the password expiry value set to -1 means never expire.

The following example, we will set a account password expiry date  45 days on a user ‘cyberpunk’ using ‘-e‘ and ‘-f‘ options.

[root@n0where ~]# useradd -e 2014-10-27 -f 45 cyberpunk

Add a User with Custom Comments

The ‘-c‘ switch allows you to add custom comments, such as user’s full namephone number, etc to /etc/passwd file. The comment can be added as a single line without any spaces.

For example, the following command will add a user ‘cyberpunk‘ and it will insert that user’s full name, Darth Ra, into the comment field.

[root@n0where ~]# useradd -c "Darth Ra" cyberpunk

You can see the comment in ‘/etc/passwd‘ file

[root@n0where ~]# tail -1 /etc/passwd

cyberpunk:x:1006:1008:Darth Ra:/home/cyberpunk:/bin/sh

Change User Login Shell

We can assign different login shells to a each user with ‘-s‘ option.

In this example, we will add a user ‘cyberpunk‘ without login shell i.e. ‘/sbin/nologin‘ shell.

[root@n0where ~]# useradd -s /sbin/nologin cyberpunk

You can check assigned shell to the user in ‘/etc/passwd‘ file.

[root@n0where ~]# tail -1 /etc/passwd


For more information and options about useradd, run ‘useradd‘ command on the terminal to see available options.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s