Mr Cloud Book

How to Create Users in Linux with useradd command?

mrcloudbook.com

·

The useradd command is one of the most fundamental tools for user management in Linux systems. It allows system administrators to create new user accounts, configure user properties, and set up the user environment. This guide provides a comprehensive overview of the useradd command, covering everything from basic usage to advanced configuration options.

Contents hide
What is useradd?
Creating Your First User
Common Options and Flags
Advanced Configuration
User Account Files
Practical Examples
Troubleshooting
Best Practices
Related Commands

What is useradd?

useradd is a low-level utility for adding new user accounts to a Linux system. It is the primary command-line tool used to:

  • Create new user accounts
  • Set user properties (UID, GID, home directory, shell, etc.)
  • Configure default user settings
  • Set up user environment

Key Characteristics

  • Low-level commanduseradd creates the account but doesn’t set a password (use passwd for that)
  • System-wide changes: Requires root/administrator privileges
  • Configurable defaults: Uses /etc/default/useradd for default settings
  • Minimal by default: Creates user with minimal configuration unless options are specified

Basic Syntax

useradd [OPTIONS] USERNAME

Requirements

  • Root privileges: Must run with sudo or as root user
  • Unique username: Username must not already exist
  • Valid username format: Typically lowercase letters, numbers, hyphens, and underscores

Creating Your First User

Simple User Creation

The most basic command creates a user with default settings:

sudo useradd john

What happens:

  • Creates user account “john”
  • Assigns next available UID (User ID)
  • Assigns default GID (Group ID)
  • Creates home directory (if default config allows)
  • Sets default shell (usually /bin/bash or /bin/sh)

Verify User Creation

Check if the user was created successfully:

# Check user information
id john

# View user details
getent passwd john

# Check if user exists
grep john /etc/passwd

Common Options and Flags

Essential Options

-m or --create-home

Creates the user’s home directory if it doesn’t exist.

sudo useradd -m john

Without -m:

  • User account is created
  • Home directory is NOT created
  • User must use / or temporary directories

With -m:

  • Home directory created at /home/john
  • Copies skeleton files from /etc/skel
  • Sets proper permissions

-d or --home-dir

Specifies a custom home directory path.

sudo useradd -m -d /home/johnsmith john

Example:

sudo useradd -m -d /var/www/john john
# Creates user with home directory at /var/www/john

-s or --shell

Sets the user’s default login shell.

sudo useradd -m -s /bin/bash john

Common shells:

  • /bin/bash – Bash shell (most common)
  • /bin/sh – POSIX shell
  • /bin/zsh – Z shell
  • /bin/fish – Fish shell
  • /usr/sbin/nologin – Prevents login (for system accounts)
  • /bin/false – Prevents login (for system accounts)

Example:

# Create user with zsh shell
sudo useradd -m -s /bin/zsh john

# Create system account that cannot login
sudo useradd -r -s /usr/sbin/nologin myservice

-u or --uid

Specifies a custom User ID (UID).

sudo useradd -m -u 1001 john

UID ranges:

  • 0: Root user
  • 1-999: System accounts
  • 1000-65534: Regular users
  • 65535: Usually reserved

Example:

# Create user with specific UID
sudo useradd -m -u 1500 john

# Check UID
id -u john  # Output: 1500

-g or --gid

Sets the primary group ID (GID) or group name.

# Using GID number
sudo useradd -m -g 1000 john

# Using group name
sudo useradd -m -g developers john

Important:

  • Group must exist before assigning
  • If not specified, creates a new group with same name as username

Example:

# First create the group
sudo groupadd developers

# Then create user with that group
sudo useradd -m -g developers john

-G or --groups

Adds user to additional supplementary groups.

sudo useradd -m -G sudo,developers,www-data john

Example:

# Create user in multiple groups
sudo useradd -m -G docker,sudo,developers john

# Verify groups
groups john
# Output: john : john sudo docker developers

-c or --comment

Sets the user’s full name or comment (GECOS field).

sudo useradd -m -c "John Smith" john

Example:

sudo useradd -m -c "John Smith - Developer" john

# View comment
getent passwd john | cut -d: -f5
# Output: John Smith - Developer

-e or --expiredate

Sets account expiration date.

sudo useradd -m -e 2024-12-31 john

Date formats:

  • YYYY-MM-DD (e.g., 2024-12-31)
  • YYYY/MM/DD
  • Days since epoch

Example:

# Account expires on December 31, 2024
sudo useradd -m -e 2024-12-31 john

# Check expiration
chage -l john | grep "Account expires"

-f or --inactive

Sets the number of days after password expiration before account is disabled.

sudo useradd -m -f 30 john

Values:

  • 0: Account disabled immediately after password expires
  • -1: No expiration (default)
  • N: Account disabled N days after password expiration

-k or --skel

Specifies skeleton directory (files to copy to home directory).

sudo useradd -m -k /etc/custom-skel john

Default: /etc/skel

Example:

# Create custom skeleton directory
sudo mkdir -p /etc/custom-skel
sudo cp .bashrc .vimrc /etc/custom-skel/

# Create user with custom skeleton
sudo useradd -m -k /etc/custom-skel john

-r or --system

Creates a system account (UID < 1000, no home directory by default).

sudo useradd -r myservice

System account characteristics:

  • UID typically < 1000
  • No home directory (unless -m is specified)
  • Usually has /usr/sbin/nologin shell
  • Used for services and daemons

Example:

# Create system account for a service
sudo useradd -r -s /usr/sbin/nologin myservice

# Create system account with home directory
sudo useradd -r -m -d /var/lib/myservice myservice

-M or --no-create-home

Explicitly prevents home directory creation.

sudo useradd -M john

Use cases:

  • System accounts
  • Users who don’t need home directories
  • Special purpose accounts

Advanced Configuration

Combining Multiple Options

Create a fully configured user account:

sudo useradd -m \
  -d /home/johnsmith \
  -s /bin/bash \
  -u 1500 \
  -g developers \
  -G sudo,docker,www-data \
  -c "John Smith - Senior Developer" \
  -e 2025-12-31 \
  john

What this does:

  • Creates user “john”
  • Creates home directory at /home/johnsmith
  • Sets shell to /bin/bash
  • Assigns UID 1500
  • Sets primary group to “developers”
  • Adds to groups: sudo, docker, www-data
  • Sets full name comment
  • Sets expiration date

Setting Defaults

View and modify default useradd settings:

# View current defaults
useradd -D

# View defaults in readable format
cat /etc/default/useradd

Common default settings:

  • GROUP=100 – Default group
  • HOME=/home – Default home directory base
  • INACTIVE=-1 – Password expiration
  • EXPIRE= – Account expiration
  • SHELL=/bin/bash – Default shell
  • SKEL=/etc/skel – Skeleton directory
  • CREATE_MAIL_SPOOL=yes – Create mail spool

Modify defaults:

# Set default shell
sudo useradd -D -s /bin/zsh

# Set default home directory base
sudo useradd -D -b /home/users

# Set default group
sudo useradd -D -g 1000

# Set default skeleton directory
sudo useradd -D -k /etc/custom-skel

User Account Files

Understanding where user information is stored:

/etc/passwd

Contains user account information.

Format:

username:password:x:UID:GID:GECOS:home_directory:shell

Example entry:

john:x:1000:1000:John Smith:/home/john:/bin/bash

Fields:

  1. username – Login name
  2. password – Usually ‘x’ (stored in /etc/shadow)
  3. UID – User ID
  4. GID – Primary Group ID
  5. GECOS – Full name/comment
  6. home_directory – Home directory path
  7. shell – Default shell

/etc/shadow

Contains encrypted passwords and password aging information.

Format:

username:encrypted_password:last_password_change:min_days:max_days:warn_days:inactive_days:expiration_date:reserved

View (requires root):

sudo cat /etc/shadow | grep john

/etc/group

Contains group information.

Format:

group_name:password:GID:user_list

Example:

developers:x:1001:john,jane,bob

/etc/gshadow

Contains group password and administrator information.

Practical Examples

Example 1: Standard User Account

Create a regular user with home directory and bash shell:

sudo useradd -m -s /bin/bash john
sudo passwd john  # Set password

Example 2: Developer Account

Create a developer with multiple group memberships:

# Create groups if they don't exist
sudo groupadd developers
sudo groupadd docker

# Create developer user
sudo useradd -m \
  -s /bin/bash \
  -g developers \
  -G sudo,docker,developers \
  -c "John Developer" \
  john

# Set password
sudo passwd john

Example 3: System Service Account

Create an account for a service/daemon:

sudo useradd -r \
  -s /usr/sbin/nologin \
  -d /var/lib/myservice \
  -c "My Service Account" \
  myservice

Example 4: Temporary User with Expiration

Create a user account that expires on a specific date:

sudo useradd -m \
  -e 2024-12-31 \
  -c "Temporary User" \
  tempuser

sudo passwd tempuser

Example 5: User with Custom Home Directory

Create user with home directory in non-standard location:

sudo useradd -m \
  -d /var/www/users/john \
  -s /bin/bash \
  john

# Verify
ls -la /var/www/users/john

Example 6: User with Specific UID

Create user with a specific UID (useful for consistency across systems):

# Check if UID is available
id 1500  # Should return "no such user"

# Create user with UID 1500
sudo useradd -m -u 1500 john

# Verify
id john  # Should show uid=1500

Example 7: User with Custom Skeleton Files

Set up custom files for new users:

# Create custom skeleton directory
sudo mkdir -p /etc/custom-skel
sudo cp /etc/skel/.bashrc /etc/custom-skel/
sudo cp /etc/skel/.profile /etc/custom-skel/

# Add custom files
sudo echo "alias ll='ls -lah'" >> /etc/custom-skel/.bashrc
sudo echo "export EDITOR=vim" >> /etc/custom-skel/.bashrc

# Create user with custom skeleton
sudo useradd -m -k /etc/custom-skel john

Troubleshooting

Common Issues and Solutions

Issue 1: “useradd: user ‘john’ already exists”

Problem: Username already exists in the system.

Solution:

# Check if user exists
id john

# If exists, use different username or delete existing user
sudo userdel john  # Then recreate

Issue 2: “useradd: group ‘developers’ does not exist”

Problem: Trying to assign user to non-existent group.

Solution:

# Create the group first
sudo groupadd developers

# Then create user
sudo useradd -m -g developers john

Issue 3: Home directory not created

Problem: User created but no home directory.

Solution:

# Create user with -m flag
sudo useradd -m john

# Or create manually and fix permissions
sudo mkdir /home/john
sudo chown john:john /home/john
sudo chmod 755 /home/john

Issue 4: “Permission denied”

Problem: Not running with root privileges.

Solution:

# Use sudo
sudo useradd john

# Or switch to root
su -
useradd john

Issue 5: UID already in use

Problem: Specified UID is already assigned.

Solution:

# Check UID usage
id 1500

# Use different UID or find available one
# Check /etc/passwd for used UIDs
cut -d: -f3 /etc/passwd | sort -n

Issue 6: User cannot login

Problem: User created but cannot login.

Possible causes:

  • No password set
  • Shell set to /usr/sbin/nologin or /bin/false
  • Account expired
  • Account locked

Solutions:

# Set password
sudo passwd john

# Check shell
getent passwd john | cut -d: -f7

# Change shell if needed
sudo usermod -s /bin/bash john

# Check account status
sudo chage -l john

Best Practices

1. Always Use Descriptive Comments

# Good
sudo useradd -m -c "John Smith - DevOps Engineer" john

# Bad
sudo useradd -m john

2. Set Appropriate Expiration Dates

For temporary accounts or contractors:

sudo useradd -m -e 2024-12-31 -c "Contractor Account" contractor

3. Use Appropriate Shells

  • Regular users: /bin/bash or /bin/zsh
  • System accounts: /usr/sbin/nologin or /bin/false
  • Restricted users: /bin/rbash (restricted bash)

4. Organize Home Directories

Use consistent naming and structure:

# Standard location
sudo useradd -m -d /home/john john

# Or organized by department
sudo useradd -m -d /home/developers/john john

5. Set Up Groups Properly

Create groups before users when needed:

# Create groups first
sudo groupadd developers
sudo groupadd admins

# Then create users
sudo useradd -m -g developers -G admins john

6. Verify After Creation

Always verify user creation:

# Check user exists
id john

# Check home directory
ls -la /home/john

# Check groups
groups john

# Test login (if possible)
su - john

7. Document User Creation

Keep records of:

  • Username and purpose
  • UID/GID assignments
  • Group memberships
  • Expiration dates
  • Special permissions

8. Use System Accounts for Services

For daemons and services:

sudo useradd -r -s /usr/sbin/nologin myservice

9. Set Password Policies

After creating user, configure password policies:

# Set password
sudo passwd john

# Configure password aging
sudo chage -M 90 john      # Max days
sudo chage -m 7 john       # Min days
sudo chage -W 7 john       # Warning days

10. Clean Up Unused Accounts

Regularly review and remove unused accounts:

# Check last login
last john

# Remove if unused
sudo userdel -r john  # -r removes home directory

usermod – Modify User Account

Modify existing user accounts:

# Change shell
sudo usermod -s /bin/zsh john

# Add to additional groups
sudo usermod -aG docker john

# Change home directory
sudo usermod -d /home/newhome john -m

# Lock account
sudo usermod -L john

# Unlock account
sudo usermod -U john

userdel – Delete User Account

Remove user accounts:

# Delete user (keeps home directory)
sudo userdel john

# Delete user and home directory
sudo userdel -r john

# Force delete (even if user is logged in)
sudo userdel -f -r john

passwd – Set/Change Password

Manage user passwords:

# Set password for user
sudo passwd john

# Change your own password
passwd

# Lock password
sudo passwd -l john

# Unlock password
sudo passwd -u john

chage – Change Password Aging

Configure password expiration:

# View password aging info
sudo chage -l john

# Set max password age
sudo chage -M 90 john

# Set min password age
sudo chage -m 7 john

# Set expiration date
sudo chage -E 2024-12-31 john

id – Display User ID Information

Show user and group IDs:

# Show current user info
id

# Show specific user info
id john

# Show only UID
id -u john

# Show only GID
id -g john

# Show all groups
id -G john

groups – Display Group Memberships

Show groups a user belongs to:

# Current user groups
groups

# Specific user groups
groups john

getent – Get Database Entries

Query system databases:

# Get passwd entry
getent passwd john

# Get group entry
getent group developers

# Get all users
getent passwd

Summary

Key Takeaways

  1. useradd is the primary command for creating user accounts in Linux
  2. Always use -m flag to create home directory (unless creating system accounts)
  3. Set passwords separately using passwd command
  4. Use -r flag for system/service accounts
  5. Configure groups before or during user creation
  6. Verify user creation after running the command
  7. Document user accounts and their purposes
  8. Use appropriate shells based on user type
  9. Set expiration dates for temporary accounts
  10. Follow best practices for security and organization

Quick Reference

# Basic user creation
sudo useradd -m username
sudo passwd username

# Full-featured user
sudo useradd -m -s /bin/bash -g groupname -G group1,group2 -c "Full Name" username

# System account
sudo useradd -r -s /usr/sbin/nologin servicename

# User with expiration
sudo useradd -m -e YYYY-MM-DD username

# Verify creation
id username
getent passwd username

mrcloudbook.com avatar

Ajay Kumar Yegireddi is a DevSecOps Engineer and System Administrator, with a passion for sharing real-world DevSecOps projects and tasks. Mr. Cloud Book, provides hands-on tutorials and practical insights to help others master DevSecOps tools and workflows. Content is designed to bridge the gap between development, security, and operations, making complex concepts easy to understand for both beginners and professionals.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *