useradd Command
Purpose
Creates a new user account.
Syntax
useradd [ -c comment ] [ -d dir ] [ -e expire ] [ -g group ] [ -G group1,group2 ... ] [ -m [ -k skel_dir ] ] [ -u uid ] [ -s shell ] [ -r role1,role2 ... ] login
Description
The useradd command
creates a new user account. The login parameter
must be a unique string (its length is can be configured by administrators
using the chdev command). You cannot use
the ALL or default keywords in the
user name.
The useradd command does not create password information for a user. It initializes the password field with an asterisk (*). Later, this field is set with the passwd or pwdadm command. New accounts are disabled until the passwd or pwdadm commands are used to add authentication information to the /etc/security/passwd file.
The useradd command always checks the target user registry to make sure the ID for the new account is unique to the target registry. The useradd command can also be configured to check all user registries of the system using the dist_uniqid system attribute. The dist_uniqid system attribute is an attribute of the usw stanza of the /etc/security/login.cfg file, and can be managed using the chsec command.
- never
- Does not check for ID collision against the nontarget registries. This is the default setting.
- always
- Checks for ID collision against all other registries. If collision is detected between the target registry and any other registry, account creation or modification fails.
- uniqbyname
- Checks for ID collision against all other registries. Collision between registries is allowed only if the account to be created has the same name as the existing account.
The uniqbyname system attribute setting works well against two registries. With more than two registries, and with ID collision already existing between two registries, the behavior of the useradd command is unspecified when creating a new account in a third registry using colliding ID values. The new account creation might succeed or fail depending on the order in which the registries are checked.
The check for ID collision only enforces ID uniqueness between the local registry and remote registries, or between remote registries. There is no guarantee of ID uniqueness between the newly created account on the remote registry and existing local users on other systems that make use of the same remote registry. The useradd command bypasses a remote registry if the remote registry is not reachable at the time the command is run.
Flags
| Item | Description |
|---|---|
| -c comment | Supplies general information about the user
specified by the login parameter. The comment parameter
is a string with no embedded colon (:) characters and cannot end with
the characters '#!'. |
| -d dir | Identifies the home directory of the user specified by the login parameter. The dir parameter is a full path name. |
| -e expire | Identifies the expiration date of the account. The expire parameter is a 10-character string in the MMDDhhmmyy form, where MM is the month, DD is the day, hh is the hour, mm is the minute, and yy is the last 2 digits of the years 1939 through 2038. All characters are numeric. If the expire parameter is 0, the account does not expire. The default is 0. See the date command for more information. |
| -g group | Identifies the user's primary group. The group parameter must contain a valid group name and cannot be a null value. |
| -G group1,group2,... | Identifies the groups the user belongs to. The group1,group2,... parameter is a comma-separated list of group names. |
| -k skel_dir | Copies default files from skel_dir to user's home directory. Used only with -m flag. |
| -m | Makes user's home directory if it does not exist. The default is not to make the home directory. |
| -r role1,role2,... | Lists the administrative roles for this user. The role1,role2,... parameter is a list of role names, separated by commas. |
| -s shell | Defines the program run for the user at session initiation. The shell parameter is a full path name. |
| -u uid | Specifies the user ID. The uid parameter is a unique integer string. Avoid changing this attribute so that system security will not be compromised. |
Exit Status
| Item | Description |
|---|---|
| 0 | The command completed successfully. |
| >0 | An error occurred. |
Security
Examples
- To create the
davisuser account with default values, enter:useradd davis
Restrictions
To prevent login inconsistencies, avoid composing user names entirely of uppercase alphabetic characters. While the useradd command supports multibyte user names, restrict user names to characters with the POSIX-portable filename character set.
ALL or default in
a user name. Additionally, do not use any of the following characters
within a user-name string:
| Item | Description |
|---|---|
| : | Colon |
| " | Double quote |
| # | Pound sign |
| , | Comma |
| = | Equal sign |
| \ | Back slash |
| / | Slash |
| ? | Question mark |
| ' | Single quote |
| ˋ | Back quote |
Finally, the login parameter cannot contain any space, tab, or newline characters.
Location
/usr/sbin/useradd
Files
The useradd command has read and write permissions to the following files.
| Item | Description |
|---|---|
| /etc/passwd | Contains the basic attributes of users. |
| /etc/security/user | Contains the extended attributes of users. |
| /etc/security/user.roles | Contains the administrative role attributes of users. |
| /etc/security/limits | Defines resource quotas and limits for each user. |
| /etc/security/environ | Contains the environment attributes of users. |
| /etc/security/audit/config | Contains audit configuration information. |
| /etc/security/lastlog | Contains the last login attributes of users. |
| /etc/group | Contains the basic attributes of groups. |
| /etc/security/group | Contains the extended attributes of groups. |