DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

useradd(1M)


useradd -- administer a new user login on the system

Synopsis

useradd [-u uid [-o] [-i]] [-g group] [-G group[[,group] . . .]]
[-d dir] [-s shell] [-c comment] [-m [-k skel_dir]] [-f inactive]
[-e expire] [-p passgen] [-a event[, . . .]] login

Description

Invoking useradd generally adds a new user entry to the Identification and Authentication (I&A) data files. The only exception is for Network Information Service (NIS) users. It also creates supplementary group memberships for the user (-G option) and creates the home directory (-m option) for the user if requested. The new login is locked until the passwd(1) command is executed.

As installed, defaults for the various parameters are listed in the file /etc/default/useradd. The defaults for the options below that offer defaults can be changed via the defadm command.

The system file entries created with this command have a limit of 512 characters per line. Specifying long arguments to several options may exceed this limit.

The following options are available:


-u uid
The user identification number (UID). This UID must be a non-negative decimal integer below MAXUID as defined in sys/param.h. The UID defaults to the next available (unique) non-aged UID greater than 99. This option is ignored if the new login will be administered by the Network Information Service (NIS).

-o
This option allows a UID to be duplicated (non-unique). Because the security of the system in general, and the integrity of the audit trail and accounting information in particular, depends on every UID being uniquely associated with a specific individual, use of this option is discouraged (in order to maintain user accountability).

-i
Allow a UID currently being aged to be used.

-g group
An existing group's integer ID or character-string name. This option defines the new user's primary group membership and defaults to the default group in /etc/default/useradd. This option is ignored if the new login will be administered by the Network Information Service (NIS).

-G group[[,group] . . .]
One or more comma-separated list elements, each an existing group's integer ID or character string name. This list defines the supplementary group membership for the user. Duplicates are ignored. The list specified must be less than NGROUPS_MAX in length, as the number of supplementary groups for a user, plus the base group, may never exceed NGROUPS_MAX. This option is ignored if the new login will be administered by the Network Information Service (NIS).

-d dir
The home directory of the new user. This field is limited to 256 characters. It defaults to HOMEDIR/login, where HOMEDIR is the base directory for new login home directories and login is the new login.

-s shell
Full pathname of the program used as the user's shell on login. This field is limited to 256 characters. It defaults to an empty field causing the system to use /usr/bin/ksh as the default. The value of shell must be a valid executable file.

-c comment
Any text string. It is generally a short description of the login, and is currently used as the field for the user's full name. This information is stored in the user's /etc/passwd entry. This field is limited to 128 printable characters.

-m
Create the new user's home directory if it doesn't already exist. If the directory already exists, the user being added must have access permissions to the directory.

-k skel_dir
Copy the contents of the directory skel_dir into the new user's home directory, instead of the contents of the default skeleton directory, /etc/skel. The skel_dir directory must exist. The default skeleton directory contains a standard .profile file, and can contain other directories and files that define the user's environment. An administrator-defined skel_dir might contain the same types of files and directories, customized for a special purpose.

-f inactive
The maximum number of days allowed between uses of a login before that login is declared invalid. Normal values are positive integers.

-e expire
The date on which a login can no longer be used; after this date, no user will be able to access this login. (This option is useful for creating temporary logins.) You may type the value of the argument expire (which is a date) in any format you like (except a Julian date). For example, you may enter 10/6/90 or October 6, 1990.

-p passgen
Indicates that the FLAG field in /etc/shadow is to be set to the specified value. This field is referenced by the passwd command to determine if a password generator is in effect for this user. The FORCED_PASS entry in /etc/default/useradd is checked if the -p option is not explicitly specified to determine the value for the entry in /etc/shadow. If FORCED_PASS does not exist in /etc/default/useradd there will be no value in the /etc/shadow entry. If the value of FORCED_PASS is 1, then the entry in /etc/shadow is set to 1. If passgen is neither a null string nor a printable ASCII character, a diagnostic message is printed.

-a event
A comma-separated list of event types or classes that make up the user's audit mask. There is no default user audit mask in the system as delivered, but you can define a default in the file /etc/default/useradd using the defadm command. This option is valid only if the Auditing Utilities are installed. (To find out which packages are installed on your system, run the pkginfo command.)

login
A string of characters (restricted to the set of alphanumeric characters, the period (.), underscore (_), plus (+), and minus (-) characters) that specifies the new login name of the user. It must not begin with a capital letter.

Note that many of the defaults for the above parameters can be changed through the defadm command, which administers the /etc/default/useradd file. These defaults apply to local users only. The Network Information Service (NIS) database controls defaults for NIS users. You must specify options on the command line to override NIS defaults.

Network information service logins

If login is preceded by a ``+'' character, (for example, ``+chris''), the login definition will be administered by the Network Information Service (NIS). The default values will be drawn from the NIS database rather than from /etc/defaults/useradd. Values for the -u, -g and -G options will be silently ignored if these options are specified. Instead, the values for user ID and group ID will be taken from the NIS database. See passwd(4) for more information. Note that when adding a NIS user, login must exist in the NIS database. For example, to add login ``chris'' as an NIS user, ``chris'' must already exist in the NIS database. You would then invoke useradd with a login of ``+chris'', to distinguish that you wish to add ``chris'' as an NIS user, not a local user.

Files


/etc/default/useradd

/etc/group

/etc/passwd

/etc/security/ia/ageduid

/etc/security/ia/audit
(if the Auditing Utilities are installed)

/etc/security/ia/index

/etc/security/ia/master

/etc/shadow

/etc/skel

Diagnostics

The useradd command exits with a return code of 0 upon successful completion. In case of errors, the following messages may be displayed:

References

defadm(1M), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), passwd(1), passwd(4), userdel(1M), userls(1M), usermod(1M), users(1bsd)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004