In Linux we can create a new user account with the ‘useradd’ command. Here we will cover some examples of using the various syntax options with useradd in order to create a new local user account in Linux.
Create Local User Account
Here’s the most basic example of creating a local user account in Linux, in this case we run the useradd command and specify the username we want to create, which is “testaccount”.
[root@server ~]# useradd testaccount
Essentially this writes the required line of configuration to the /etc/passwd file, as shown below.
[root@server ~]# grep testaccount /etc/passwd testaccount:x:1001:1001::/home/testaccount:/bin/bash
At this point, the user account does not have a password set, so it is disabled by default and cannot be used. We can set a password by using the ‘passwd’ command, followed by the user account.
[root@server ~]# passwd testaccount Changing password for user testaccount. New password: Retype new password: passwd: all authentication tokens updated successfully.
After setting the password, the configuration containing the hashed password is written to the /etc/shadow file.
[root@server ~]# grep testaccount /etc/shadow testaccount:$1$qZu9sWPN$/lN1U3qmpZ7xFKNACkEhu1:16968:0:99999:7:::
Additional Options
So far above we have covered the most simple way of creating a local user account in Linux, however the ‘useradd’ command provides us with many additional and useful options.
Add To Group
When running the useradd command, we can add the user account to a group with the -g or -G flag. The -g flag will change the user’s primary group id (GID), which by default will be created the same as the username. The -G flag on the other hand is generally much more useful, it allows us to specify a list of supplementary groups that the user account should be a member of.
[root@server ~]# groupadd testgroup1 [root@server ~]# groupadd testgroup2 [root@server ~]# useradd testaccount -G testgroup1,testgroup2
In this example, we first use ‘groupadd’ to create two groups named testgroup1 and testgroup2, the groups we want to add our user to need to exist first. Once the two groups have been created, we create the ‘testaccount’ user and add it in as a member to both of these groups. When adding a user to any supplementary group, the /etc/group file will be modified to reflect this.
[root@server ~]# grep testgroup /etc/group testgroup1:x:1002:testaccount testgroup2:x:1003:testaccount
See our post on adding user accounts to groups in Linux for further information.
Define a Shell
In most Linux distributions, when an account is created with the ‘useradd’ command the default shell of /bin/bash will be set. This can differ based on your distribution however, so you can explicitly set the shell with the -s flag as shown below.
[root@server ~]# useradd testaccount -s /sbin/nologin [root@server ~]# grep testaccount /etc/passwd testaccount:x:1001:1001::/home/testaccount:/sbin/nologin
This simply updates the shell field in the /etc/passwd file. The /sbin/nologin shell essentially denies an account from logging into the system as it has no shell defined.
Account Expiry
By default when a user account is created the password will never expire which is a bad security practice, we can define when the account should expire and require the password to be changed with the -e option, followed by the date to expire the account in the format of YYYY-MM-DD
[root@server ~]# useradd testaccount -e 2017-11-30
Specify User ID (UID)
The UID is automatically set to the next available number when using ‘useradd’ however we can explicitly set a user ID that is not currently in use with the -u option.
[root@server ~]# useradd testaccount -u 1337 [root@server ~]# id testaccount uid=1337(testaccount) gid=1337(testaccount) groups=1337(testaccount)
Note that by setting the UID to a specific value, the next user account you create will be incremented up from this value even if you had lower values available.
Comment
There is a field in the /etc/passwd file that allows for a comment to be put in place.
[root@kdc ~]# useradd testaccount -c "comment" [root@kdc ~]# grep testaccount /etc/passwd testaccount:x:1339:1339:comment:/home/testaccount:/bin/bash
Next Steps
Don’t worry if you haven’t added your user account to any groups upon creation of the account, as user accounts can be modified after creation with the ‘usermod’ command.
Remove a User Account
While the goal here has been to create user accounts for the purposes of testing, you probably don’t want to keep these in place. User accounts can be removed with the userdel command.
Summary
As shown it is very easy to create a local user account in Linux through the command line with the ‘useradd’ command. There are a number of additional options available with ‘useradd’ that allow us to customise and specify the options that we want an account to have, making it quite customizable.
This is OLD!!
For newer ‘nix distributions, it’s more likely:
adduser
If, after using “useradd” [like I did, on the advice of this outdated site], no new directory [named after the User] showed up under “/home“, then that’s a sign your distro nolonger supports “useradd“.
BUT, “useradd” DOES, actually, add a user, it just doesn’t do a complete job of it. So, be sure to remove that user with:
userdel
before using “adduser“