How to Create Users in Linux with useradd command?

The useradd command is one of the most fundamental tools for user management in Linux systems. It allows system administrators to create new user accounts, configure user properties, and set up the user environment. This guide provides a comprehensive overview of the useradd command, covering everything from basic usage to advanced configuration options.

What is useradd?¶

useradd is a low-level utility for adding new user accounts to a Linux system. It is the primary command-line tool used to:

• Create new user accounts
• Set user properties (UID, GID, home directory, shell, etc.)
• Configure default user settings
• Set up user environment

Key Characteristics¶

• Low-level command: useradd creates the account but doesn’t set a password (use passwd for that)
• System-wide changes: Requires root/administrator privileges
• Configurable defaults: Uses /etc/default/useradd for default settings
• Minimal by default: Creates user with minimal configuration unless options are specified

Basic Syntax¶

useradd [OPTIONS] USERNAME

Requirements¶

• Root privileges: Must run with sudo or as root user
• Unique username: Username must not already exist
• Valid username format: Typically lowercase letters, numbers, hyphens, and underscores

Creating Your First User¶

Simple User Creation¶

The most basic command creates a user with default settings:

sudo useradd john

What happens:

• Creates user account “john”
• Assigns next available UID (User ID)
• Assigns default GID (Group ID)
• Creates home directory (if default config allows)
• Sets default shell (usually /bin/bash or /bin/sh)

Verify User Creation¶

Check if the user was created successfully:

*# Check user information*
id john

*# View user details*
getent passwd john

*# Check if user exists*
grep john /etc/passwd

Common Options and Flags¶

Essential Options¶

-m or –create-home¶

Creates the user’s home directory if it doesn’t exist.

sudo useradd -m john

Without -m:

• User account is created
• Home directory is NOT created
• User must use / or temporary directories

With -m:

• Home directory created at /home/john
• Copies skeleton files from /etc/skel
• Sets proper permissions

-d or –home-dir¶

Specifies a custom home directory path.

sudo useradd -m -d /home/johnsmith john

Example:

sudo useradd -m -d /var/www/john john
*# Creates user with home directory at /var/www/john*

-s or –shell¶

Sets the user’s default login shell.

sudo useradd -m -s /bin/bash john

Common shells:

• /bin/bash - Bash shell (most common)
• /bin/sh - POSIX shell
• /bin/zsh - Z shell
• /bin/fish - Fish shell
• /usr/sbin/nologin - Prevents login (for system accounts)
• /bin/false - Prevents login (for system accounts)

Example:

*# Create user with zsh shell*
sudo useradd -m -s /bin/zsh john

*# Create system account that cannot login*
sudo useradd -r -s /usr/sbin/nologin myservice

-u or –uid¶

Specifies a custom User ID (UID).

sudo useradd -m -u 1001 john

UID ranges:

• 0: Root user
• 1-999: System accounts
• 1000-65534: Regular users
• 65535: Usually reserved

Example:

*# Create user with specific UID*
sudo useradd -m -u 1500 john

*# Check UID*
id -u john  *# Output: 1500*

-g or –gid¶

Sets the primary group ID (GID) or group name.

*# Using GID number*
sudo useradd -m -g 1000 john

*# Using group name*
sudo useradd -m -g developers john

Important:

• Group must exist before assigning
• If not specified, creates a new group with same name as username

Example:

*# First create the group*
sudo groupadd developers

*# Then create user with that group*
sudo useradd -m -g developers john

-G or –groups¶

Adds user to additional supplementary groups.

sudo useradd -m -G sudo,developers,www-data john

Example:

*# Create user in multiple groups*
sudo useradd -m -G docker,sudo,developers john

*# Verify groups*
groups john
*# Output: john : john sudo docker developers*

-c or –comment¶

Sets the user’s full name or comment (GECOS field).

sudo useradd -m -c "John Smith" john

Example:

sudo useradd -m -c "John Smith - Developer" john

*# View comment*
getent passwd john | cut -d: -f5
*# Output: John Smith - Developer*

-e or –expiredate¶

Sets account expiration date.

sudo useradd -m -e 2024-12-31 john

Date formats:

• YYYY-MM-DD (e.g., 2024-12-31)
• YYYY/MM/DD
• Days since epoch

Example:

*# Account expires on December 31, 2024*
sudo useradd -m -e 2024-12-31 john

*# Check expiration*
chage -l john | grep "Account expires"

-f or –inactive¶

Sets the number of days after password expiration before account is disabled.

sudo useradd -m -f 30 john

Values:

• 0: Account disabled immediately after password expires
• -1: No expiration (default)
• N: Account disabled N days after password expiration

-k or –skel¶

Specifies skeleton directory (files to copy to home directory).

sudo useradd -m -k /etc/custom-skel john

Default: /etc/skel

Example:

*# Create custom skeleton directory*
sudo mkdir -p /etc/custom-skel
sudo cp .bashrc .vimrc /etc/custom-skel/

*# Create user with custom skeleton*
sudo useradd -m -k /etc/custom-skel john

-r or –system¶

Creates a system account (UID < 1000, no home directory by default).

sudo useradd -r myservice

System account characteristics:

• UID typically < 1000
• No home directory (unless -m is specified)
• Usually has /usr/sbin/nologin shell
• Used for services and daemons

Example:

*# Create system account for a service*
sudo useradd -r -s /usr/sbin/nologin myservice

*# Create system account with home directory*
sudo useradd -r -m -d /var/lib/myservice myservice

-M or –no-create-home¶

Explicitly prevents home directory creation.

sudo useradd -M john

Use cases:

• System accounts
• Users who don’t need home directories
• Special purpose accounts

Advanced Configuration¶

Combining Multiple Options¶

Create a fully configured user account:

sudo useradd -m \
  -d /home/johnsmith \
  -s /bin/bash \
  -u 1500 \
  -g developers \
  -G sudo,docker,www-data \
  -c "John Smith - Senior Developer" \
  -e 2025-12-31 \
  john

What this does:

• Creates user “john”
• Creates home directory at /home/johnsmith
• Sets shell to /bin/bash
• Assigns UID 1500
• Sets primary group to “developers”
• Adds to groups: sudo, docker, www-data
• Sets full name comment
• Sets expiration date

Setting Defaults¶

View and modify default useradd settings:

*# View current defaults*
useradd -D

*# View defaults in readable format*
cat /etc/default/useradd

Common default settings:

• GROUP=100 - Default group
• HOME=/home - Default home directory base
• INACTIVE=-1 - Password expiration
• EXPIRE= - Account expiration
• SHELL=/bin/bash - Default shell
• SKEL=/etc/skel - Skeleton directory
• CREATE_MAIL_SPOOL=yes - Create mail spool

Modify defaults:

*# Set default shell*
sudo useradd -D -s /bin/zsh

*# Set default home directory base*
sudo useradd -D -b /home/users

*# Set default group*
sudo useradd -D -g 1000

*# Set default skeleton directory*
sudo useradd -D -k /etc/custom-skel

User Account Files¶

Understanding where user information is stored:

/etc/passwd¶

Contains user account information.

Format:

username:password:x:UID:GID:GECOS:home_directory:shell

Example entry:

john:x:1000:1000:John Smith:/home/john:/bin/bash

Fields:

1. username - Login name
2. password - Usually ‘x’ (stored in /etc/shadow)
3. UID - User ID
4. GID - Primary Group ID
5. GECOS - Full name/comment
6. home_directory - Home directory path
7. shell - Default shell

/etc/shadow¶

Contains encrypted passwords and password aging information.

Format:

username:encrypted_password:last_password_change:min_days:max_days:warn_days:inactive_days:expiration_date:reserved

View (requires root):

sudo cat /etc/shadow | grep john

/etc/group¶

Contains group information.

Format:

group_name:password:GID:user_list

Example:

developers:x:1001:john,jane,bob

/etc/gshadow¶

Contains group password and administrator information.

Practical Examples¶

Example 1: Standard User Account¶

Create a regular user with home directory and bash shell:

sudo useradd -m -s /bin/bash john
sudo passwd john  *# Set password*

Example 2: Developer Account¶

Create a developer with multiple group memberships:

*# Create groups if they don't exist*
sudo groupadd developers
sudo groupadd docker

*# Create developer user*
sudo useradd -m \
  -s /bin/bash \
  -g developers \
  -G sudo,docker,developers \
  -c "John Developer" \
  john

*# Set password*
sudo passwd john

Example 3: System Service Account¶

Create an account for a service/daemon:

sudo useradd -r \
  -s /usr/sbin/nologin \
  -d /var/lib/myservice \
  -c "My Service Account" \
  myservice

Example 4: Temporary User with Expiration¶

Create a user account that expires on a specific date:

sudo useradd -m \
  -e 2024-12-31 \
  -c "Temporary User" \
  tempuser

sudo passwd tempuser

Example 5: User with Custom Home Directory¶

Create user with home directory in non-standard location:

sudo useradd -m \
  -d /var/www/users/john \
  -s /bin/bash \
  john

*# Verify*
ls -la /var/www/users/john

Example 6: User with Specific UID¶

Create user with a specific UID (useful for consistency across systems):

*# Check if UID is available*
id 1500  *# Should return "no such user"*

*# Create user with UID 1500*
sudo useradd -m -u 1500 john

*# Verify*
id john  *# Should show uid=1500*

Example 7: User with Custom Skeleton Files¶

Set up custom files for new users:

*# Create custom skeleton directory*
sudo mkdir -p /etc/custom-skel
sudo cp /etc/skel/.bashrc /etc/custom-skel/
sudo cp /etc/skel/.profile /etc/custom-skel/

*# Add custom files*
sudo echo "alias ll='ls -lah'" >> /etc/custom-skel/.bashrc
sudo echo "export EDITOR=vim" >> /etc/custom-skel/.bashrc

*# Create user with custom skeleton*
sudo useradd -m -k /etc/custom-skel john

Troubleshooting¶

Common Issues and Solutions¶

Issue 1: “useradd: user ‘john’ already exists”¶

Problem: Username already exists in the system.

Solution:

*# Check if user exists*
id john

*# If exists, use different username or delete existing user*
sudo userdel john  *# Then recreate*

Issue 2: “useradd: group ‘developers’ does not exist”¶

Problem: Trying to assign user to non-existent group.

Solution:

*# Create the group first*
sudo groupadd developers

*# Then create user*
sudo useradd -m -g developers john

Issue 3: Home directory not created¶

Problem: User created but no home directory.

Solution:

*# Create user with -m flag*
sudo useradd -m john

*# Or create manually and fix permissions*
sudo mkdir /home/john
sudo chown john:john /home/john
sudo chmod 755 /home/john

Issue 4: “Permission denied”¶

Problem: Not running with root privileges.

Solution:

*# Use sudo*
sudo useradd john

*# Or switch to root*
su -
useradd john

Issue 5: UID already in use¶

Problem: Specified UID is already assigned.

Solution:

*# Check UID usage*
id 1500

*# Use different UID or find available one*
*# Check /etc/passwd for used UIDs*
cut -d: -f3 /etc/passwd | sort -n

Issue 6: User cannot login¶

Problem: User created but cannot login.

Possible causes:

• No password set
• Shell set to /usr/sbin/nologin or /bin/false
• Account expired
• Account locked

Solutions:

*# Set password*
sudo passwd john

*# Check shell*
getent passwd john | cut -d: -f7

*# Change shell if needed*
sudo usermod -s /bin/bash john

*# Check account status*
sudo chage -l john

Best Practices¶

1. Always Use Descriptive Comments¶

*# Good*
sudo useradd -m -c "John Smith - DevOps Engineer" john

*# Bad*
sudo useradd -m john

2. Set Appropriate Expiration Dates¶

For temporary accounts or contractors:

sudo useradd -m -e 2024-12-31 -c "Contractor Account" contractor

3. Use Appropriate Shells¶

• Regular users: /bin/bash or /bin/zsh
• System accounts: /usr/sbin/nologin or /bin/false
• Restricted users: /bin/rbash (restricted bash)

4. Organize Home Directories¶

Use consistent naming and structure:

*# Standard location*
sudo useradd -m -d /home/john john

*# Or organized by department*
sudo useradd -m -d /home/developers/john john

5. Set Up Groups Properly¶

Create groups before users when needed:

*# Create groups first*
sudo groupadd developers
sudo groupadd admins

*# Then create users*
sudo useradd -m -g developers -G admins john

6. Verify After Creation¶

Always verify user creation:

*# Check user exists*
id john

*# Check home directory*
ls -la /home/john

*# Check groups*
groups john

*# Test login (if possible)*
su - john

7. Document User Creation¶

Keep records of:

• Username and purpose
• UID/GID assignments
• Group memberships
• Expiration dates
• Special permissions

8. Use System Accounts for Services¶

For daemons and services:

sudo useradd -r -s /usr/sbin/nologin myservice

9. Set Password Policies¶

After creating user, configure password policies:

*# Set password*
sudo passwd john

*# Configure password aging*
sudo chage -M 90 john      *# Max days*
sudo chage -m 7 john       *# Min days*
sudo chage -W 7 john       *# Warning days*

10. Clean Up Unused Accounts¶

Regularly review and remove unused accounts:

*# Check last login*
last john

*# Remove if unused*
sudo userdel -r john  *# -r removes home directory*

Related Commands¶

usermod - Modify User Account¶

Modify existing user accounts:

*# Change shell*
sudo usermod -s /bin/zsh john

*# Add to additional groups*
sudo usermod -aG docker john

*# Change home directory*
sudo usermod -d /home/newhome john -m

*# Lock account*
sudo usermod -L john

*# Unlock account*
sudo usermod -U john

userdel - Delete User Account¶

Remove user accounts:

*# Delete user (keeps home directory)*
sudo userdel john

*# Delete user and home directory*
sudo userdel -r john

*# Force delete (even if user is logged in)*
sudo userdel -f -r john

passwd - Set/Change Password¶

Manage user passwords:

*# Set password for user*
sudo passwd john

*# Change your own password*
passwd

*# Lock password*
sudo passwd -l john

*# Unlock password*
sudo passwd -u john

chage - Change Password Aging¶

Configure password expiration:

*# View password aging info*
sudo chage -l john

*# Set max password age*
sudo chage -M 90 john

*# Set min password age*
sudo chage -m 7 john

*# Set expiration date*
sudo chage -E 2024-12-31 john

id - Display User ID Information¶

Show user and group IDs:

*# Show current user info*
id

*# Show specific user info*
id john

*# Show only UID*
id -u john

*# Show only GID*
id -g john

*# Show all groups*
id -G john

groups - Display Group Memberships¶

Show groups a user belongs to:

*# Current user groups*
groups

*# Specific user groups*
groups john

getent - Get Database Entries¶

Query system databases:

*# Get passwd entry*
getent passwd john

*# Get group entry*
getent group developers

*# Get all users*
getent passwd

Summary¶

Key Takeaways¶

1. useradd is the primary command for creating user accounts in Linux
2. Always use -m flag to create home directory (unless creating system accounts)
3. Set passwords separately using passwd command
4. Use -r flag for system/service accounts
5. Configure groups before or during user creation
6. Verify user creation after running the command
7. Document user accounts and their purposes
8. Use appropriate shells based on user type
9. Set expiration dates for temporary accounts
10. Follow best practices for security and organization

Quick Reference¶

*# Basic user creation*
sudo useradd -m username
sudo passwd username

*# Full-featured user*
sudo useradd -m -s /bin/bash -g groupname -G group1,group2 -c "Full Name" username

*# System account*
sudo useradd -r -s /usr/sbin/nologin servicename

*# User with expiration*
sudo useradd -m -e YYYY-MM-DD username

*# Verify creation*
id username
getent passwd username

¶