Linux How To: Add A User Account

Posted by on June 29, 2016 Leave a comment (1) Go to comments

In Linux we can create a new user account with the ‘useradd’ command. Here we will cover some examples of using the various syntax options with useradd in order to create a new local user account in Linux.

Create Local User Account

Here’s the most basic example of creating a local user account in Linux, in this case we run the useradd command and specify the username we want to create, which is “testaccount”.

[root@server ~]# useradd testaccount

Essentially this writes the required line of configuration to the /etc/passwd file, as shown below.

[root@server ~]# grep testaccount /etc/passwd
testaccount:x:1001:1001::/home/testaccount:/bin/bash

At this point, the user account does not have a password set, so it is disabled by default and cannot be used. We can set a password by using the ‘passwd’ command, followed by the user account.

[root@server ~]# passwd testaccount
Changing password for user testaccount.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

After setting the password, the configuration containing the hashed password is written to the /etc/shadow file.

[root@server ~]# grep testaccount /etc/shadow
testaccount:$1$qZu9sWPN$/lN1U3qmpZ7xFKNACkEhu1:16968:0:99999:7:::

Additional Options

So far above we have covered the most simple way of creating a local user account in Linux, however the ‘useradd’ command provides us with many additional and useful options.

Add To Group

When running the useradd command, we can add the user account to a group with the -g or -G flag. The -g flag will change the user’s primary group id (GID), which by default will be created the same as the username. The -G flag on the other hand is generally much more useful, it allows us to specify a list of supplementary groups that the user account should be a member of.

[root@server ~]# groupadd testgroup1
[root@server ~]# groupadd testgroup2
[root@server ~]# useradd testaccount -G testgroup1,testgroup2

In this example, we first use ‘groupadd’ to create two groups named testgroup1 and testgroup2, the groups we want to add our user to need to exist first. Once the two groups have been created, we create the ‘testaccount’ user and add it in as a member to both of these groups. When adding a user to any supplementary group, the /etc/group file will be modified to reflect this.

[root@server ~]# grep testgroup /etc/group
testgroup1:x:1002:testaccount
testgroup2:x:1003:testaccount

See our post on adding user accounts to groups in Linux for further information.

Define a Shell

In most Linux distributions, when an account is created with the ‘useradd’ command the default shell of /bin/bash will be set. This can differ based on your distribution however, so you can explicitly set the shell with the -s flag as shown below.

[root@server ~]# useradd testaccount -s /sbin/nologin
[root@server ~]# grep testaccount /etc/passwd
testaccount:x:1001:1001::/home/testaccount:/sbin/nologin

This simply updates the shell field in the /etc/passwd file. The /sbin/nologin shell essentially denies an account from logging into the system as it has no shell defined.

Account Expiry

By default when a user account is created the password will never expire which is a bad security practice, we can define when the account should expire and require the password to be changed with the -e option, followed by the date to expire the account in the format of YYYY-MM-DD

[root@server ~]# useradd testaccount -e 2017-11-30

Specify User ID (UID)

The UID is automatically set to the next available number when using ‘useradd’ however we can explicitly set a user ID that is not currently in use with the -u option.

[root@server ~]# useradd testaccount -u 1337
[root@server ~]# id testaccount
uid=1337(testaccount) gid=1337(testaccount) groups=1337(testaccount)

Note that by setting the UID to a specific value, the next user account you create will be incremented up from this value even if you had lower values available.

Comment

There is a field in the /etc/passwd file that allows for a comment to be put in place.

[root@kdc ~]# useradd testaccount -c "comment"
[root@kdc ~]# grep testaccount /etc/passwd
testaccount:x:1339:1339:comment:/home/testaccount:/bin/bash

Next Steps

Don’t worry if you haven’t added your user account to any groups upon creation of the account, as user accounts can be modified after creation with the ‘usermod’ command.

Remove a User Account

While the goal here has been to create user accounts for the purposes of testing, you probably don’t want to keep these in place. User accounts can be removed with the userdel command.

Summary

As shown it is very easy to create a local user account in Linux through the command line with the ‘useradd’ command. There are a number of additional options available with ‘useradd’ that allow us to customise and specify the options that we want an account to have, making it quite customizable.

How To, Linux
  1. ReverseEMF February 19, 2019 at 3:06 am

    This is OLD!!

    For newer ‘nix distributions, it’s more likely:

    adduser

    If, after using “useradd” [like I did, on the advice of this outdated site], no new directory [named after the User] showed up under “/home“, then that’s a sign your distro nolonger supports “useradd“.

    BUT, “useraddDOES, actually, add a user, it just doesn’t do a complete job of it. So, be sure to remove that user with:
    userdel
    before using “adduser

    Reply

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>