In Linux we can create a new user account with the ‘useradd’ command. Here we will cover some examples of using the various syntax options with useradd in order to create a new local user account in Linux.
Create Local User Account
Here’s the most basic example of creating a local user account in Linux, in this case we run the useradd command and specify the username we want to create, which is “testaccount”.
[[email protected] ~]# useradd testaccount
Essentially this writes the required line of configuration to the /etc/passwd file, as shown below.
[[email protected] ~]# grep testaccount /etc/passwd testaccount:x:1001:1001::/home/testaccount:/bin/bash
At this point, the user account does not have a password set, so it is disabled by default and cannot be used. We can set a password by using the ‘passwd’ command, followed by the user account.
[[email protected] ~]# passwd testaccount Changing password for user testaccount. New password: Retype new password: passwd: all authentication tokens updated successfully.
After setting the password, the configuration containing the hashed password is written to the /etc/shadow file.
[[email protected] ~]# grep testaccount /etc/shadow testaccount:$1$qZu9sWPN$/lN1U3qmpZ7xFKNACkEhu1:16968:0:99999:7:::
So far above we have covered the most simple way of creating a local user account in Linux, however the ‘useradd’ command provides us with many additional and useful options.
Add To Group
When running the useradd command, we can add the user account to a group with the -g or -G flag. The -g flag will change the user’s primary group id (GID), which by default will be created the same as the username. The -G flag on the other hand is generally much more useful, it allows us to specify a list of supplementary groups that the user account should be a member of.
[[email protected] ~]# groupadd testgroup1 [[email protected] ~]# groupadd testgroup2 [[email protected] ~]# useradd testaccount -G testgroup1,testgroup2
In this example, we first use ‘groupadd’ to create two groups named testgroup1 and testgroup2, the groups we want to add our user to need to exist first. Once the two groups have been created, we create the ‘testaccount’ user and add it in as a member to both of these groups. When adding a user to any supplementary group, the /etc/group file will be modified to reflect this.
[[email protected] ~]# grep testgroup /etc/group testgroup1:x:1002:testaccount testgroup2:x:1003:testaccount
See our post on adding user accounts to groups in Linux for further information.
Define a Shell
In most Linux distributions, when an account is created with the ‘useradd’ command the default shell of /bin/bash will be set. This can differ based on your distribution however, so you can explicitly set the shell with the -s flag as shown below.
[[email protected] ~]# useradd testaccount -s /sbin/nologin [[email protected] ~]# grep testaccount /etc/passwd testaccount:x:1001:1001::/home/testaccount:/sbin/nologin
This simply updates the shell field in the /etc/passwd file. The /sbin/nologin shell essentially denies an account from logging into the system as it has no shell defined.
By default when a user account is created the password will never expire which is a bad security practice, we can define when the account should expire and require the password to be changed with the -e option, followed by the date to expire the account in the format of YYYY-MM-DD
[[email protected] ~]# useradd testaccount -e 2017-11-30
Specify User ID (UID)
The UID is automatically set to the next available number when using ‘useradd’ however we can explicitly set a user ID that is not currently in use with the -u option.
[[email protected] ~]# useradd testaccount -u 1337 [[email protected] ~]# id testaccount uid=1337(testaccount) gid=1337(testaccount) groups=1337(testaccount)
Note that by setting the UID to a specific value, the next user account you create will be incremented up from this value even if you had lower values available.
There is a field in the /etc/passwd file that allows for a comment to be put in place.
[[email protected] ~]# useradd testaccount -c "comment" [[email protected] ~]# grep testaccount /etc/passwd testaccount:x:1339:1339:comment:/home/testaccount:/bin/bash
Don’t worry if you haven’t added your user account to any groups upon creation of the account, as user accounts can be modified after creation with the ‘usermod’ command.
Remove a User Account
While the goal here has been to create user accounts for the purposes of testing, you probably don’t want to keep these in place. User accounts can be removed with the userdel command.
As shown it is very easy to create a local user account in Linux through the command line with the ‘useradd’ command. There are a number of additional options available with ‘useradd’ that allow us to customise and specify the options that we want an account to have, making it quite customizable.