RHEL-Centos-7

How to Create User in RHEL/CentOS 7.6

- by LinuxTeck - Leave a Comment
useradd_command_linux

This article will help you to understand the 'useradd' command in Linux/Unix based systems. As we all are aware that Linux is a multi-user and a multitasking operating system (OS). It has been built with a large number of commands from basic to advance. Here, we are going to see the 'useradd' command, it is also called 'adduser'. In RHEL/CENTOS both (useradd and adduser) commands do the same functions/features, and there is no key difference between them, whereas it may not be true with other distros. The path of the 'adduser' is just a symbolic link to the 'useradd' command.

Useradd command is to create and manage users in Linux/Unix based systems. It comes with a lot of options/arguments. Being a Linux system administrator, it is one of your routine jobs to create users with a normal/default setup, or sometimes you may ask to create a specific home directory of the users, or set user account expiry date, or shell, or group, etc, etc.

This step by step guide will help you on how to use the various options in the 'useradd' commands on RHEL/CentOS 7.6. We will see one by one mostly with examples. The same guide can be used for all the other versions of RHEL/CentOS/Fedora. For other distros, it may come with a small type of difference in using it. Therefore, it is highly recommended to read the guidelines before creating user accounts.

Global Syntax for useradd command with options:

useradd  [options]  USERNAME

The following cheat sheet provides an overview of the options used in the useradd command in Linux.

useradd_command_cheat_sheet

Let us begin by executing the default form of useradd command followed by the user name. Once this command is executed, it will perform the following actions:

(a) A new entry will be added to '/etc/passwd, /etc/shadow, /etc/group, /etc/gshadow' files.

(b) A new user's home directory will be created along with the bash files, which are copied from the skel directory. Also, permission and ownership of the home directory will be set by default.

Warning:

To execute a useradd command in Terminal you need to be either a root user (Administrator) or a superuser or with sudo privilege. Permission denied for all normal users to execute the useradd command.
Table of Contents show
1. How to add/create a user ?

# useradd linuxteck

Note:

The above command will create a username as "linuxteck" into your local Linux Server/Desktop with default settings as mentioned above. A new entry will be updated into 4 files ie.,(/etc/passwd, /etc/shadow, /etc/group and /etc/gshadow). Let's see one by one.

(a) /etc/passwd => This file is used to store all the information of the user accounts. You can verify the information of the newly created username in the '/etc/passwd' file with the following command:

# cat /etc/passwd | grep linuxteck

Output:

 

linuxteck:x:1003:1005::/home/linuxteck:/bin/bash

Note:

The above output represents a user account, which contains the following "7 fields" separated by colons (:).
useradd_etc_passwd

(b) /etc/shadow => This file is used to store all the password information of the user. Only root account/equivalent privileges accounts can handle this file. By default, the root account holds the permission and ownership of this file. Use the following command to view the password related information of the new user named "linuxteck".

# cat /etc/shadow | grep linuxteck

Output:

 

linuxteck:$6$PsZ2cWaJ$yUscpxrjnDkq4LgwvRNLMBK6GqXkWavI4Czf44v6NVl4NzH.czTTxw.IHqvohU5Y1LQrTjPYe/MRd8w8ndAbe0:18333:0:99999:7:::

Note:

The '/etc/shadow' file is not readable like '/etc/passwd' file. Only root and super user can read this file. From the above output contains 9 files seperated with colons (:).
useradd_etc_shadow

 

(c) /etc/group => This file is used to store a list of groups and the members belong to each group. Basically, in Linux/Unix, multiple users can be placed into single or multiple groups. To see the information in the '/etc/group' file you can use the following command:

# cat /etc/group | grep linuxteck

useradd_etc_group

(d) /etc/gshadow => This file is used to store an encrypted password for each group and group membership. Generally, it can be readable only by root or super users and the default permission of this file is set as "000".

# cat /etc/gshadow | grep linuxteck

Output:

 

linuxteck  :  !  :  :

Note:

The above output contains the following fields:.
useradd_etc_gshadow
2. How to define a home directory during user creation in Linux?
#useradd -b /opt linuxteck

Note:

The above command can override the default path of the user's home directory when creating a new user. It is usually placed under "/home", whereas using the '-b' flag we can customize the path based on our choice. In this example, the location of the "linuxteck" user's home directory will be placed under ' /opt' instead of '/home'. Use the following command to verify the home directory path of the newly created user.
# cat /etc/passwd | grep linuxteck

Output:

 

linuxteck:x:1003:1005::/opt/linuxteck:/bin/bash

3. How to create a "Custom Comments" while creating the user?

# useradd -c "John Gomez" john

Note:

Using the'-c' option you can add a custom comment like the user's full name, email address, etc while creating a user. The output of the above example can be verified by the following command.
# cat /etc/passwd | grep john

Output:

 

john:x:1003:1004:John Gomez:/home/john:/bin/bash

4. How to create a specific home directory name when creating a new user?

# useradd -d /opt/oracle jose

Note:

The '-d' option authorizes us to change the user's default home directory name to be different than the username. For example, when you execute a useradd command by default, the user's home directory name will also be the same as the username. In our case, the above command creates a username as "jose" with a home directory of "/opt/oracle". Use the following command to see the details of the user's home directory and the username.
# cat /etc/passwd | grep jose

Output:

 

jose:x:1004:1005::/opt/oracle:/bin/bash

5. How to check the user's default configuration?

# useradd -D OR # cat /etc/default/useradd

Output:

 

GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

Note:

You can use either one of the above commands to check the user's default configuration file. In the above output, you can see that there are 7 rows in total and each row has its default values. By editing this file from the command you can change the default shell and directory. A short explanation is here below:
useradd -D
6. How to create a user account with an expiry date?

# useradd -e 2020-03-22 linuxteck

Note:

Using the '-e' flag with the useradd command can set the expiry date of a user account. By default, there is no expiry date set for any user during the execution of the useradd command. For the user, management security is one of the essential parts. In real-time, in some special cases (create a guest or temporary account) we may be forced to set an expiry date for such user accounts and the date format should be YYYY-MM-DD. Use the following command to verify the expiry date of the "linuxteck" username.

Before setting up the User Expiry option:

# chage -l linuxteck

useradd expiry date

After setting the User Expiry option:

# chage -l linuxteck

useradd expiry date set

7. How to create a password expiry date for a User account?

# useradd -f 2 linuxteck

Note:

The '-f' option can define the number of days after the password expires. The value of "0" will be inactive on the account immediately after the password expires. By default, the password expiry value is set as "-1". In our case, we have created an account (linuxteck) with a password expiry date of "2 days". Use either one of the following commands to verify the password expiry date of the user.
# cat /etc/shadow | grep linuxteck
Output:      
linuxteck:!!:18343:0:99999:7:2::          

OR

# passwd -S linuxteck

Output:

linuxteck LK 2020-03-22 0 99999 7 2 (Password locked.)

Note:

For your easy understanding, I have listed an example here below of an account without a password expiry date. Now you can see the difference between these accounts (password and passwordless) output. The following account comes with the default value as "-1", which means this account will never expire.
# passwd -S jose

Output:

jose LK 2020-03-20 0 99999 7 -1 (Password locked.)

8. How to create a User with a particular Group ID?

# useradd -g 1001 linuxteck

Note:

The '-g' option is specified for GID (Group Identification Number), every user has their own GID. Using the '-g' option we can create a specific group ID for the user, but make sure the Group ID must exist in the "/etc/group" file. Only then will it accept else it will throw an error "Group does not exist". In this example, we have created a user with an existing group named "mysql" with group ID as "1001". Use the following  (3) different commands to verify the output of the "linuxteck" user group ID.
Command : 1
# cat /etc/passwd | grep linuxteck

Output:

 

linuxteck:x:1005:1001::/home/linuxteck:/bin/bash

Note:

The following command will list the last 10 lines of the "/etc/group" file. where you can see the "MYSQL group ID 1001 as listed".
Command : 2

# tail -10 /etc/group

Output:

 

unbound:x:982:
mysql:x:1001:
openvpn:x:981:
lightdm:x:980:
nm-openvpn:x:979:
nm-openconnect:x:978:
yumex:x:977:
teck:x:1003:
john:x:1004:
jose:x:1005:

Note:

Also, you can use the following command to check the UID and GID of the user. In the below example, you can see the UID, GID and the groups of "linuxteck" user accounts.

Command 3:

# id linuxteck

Output:

 

uid=1005(linuxteck) gid=1001(mysql) groups=1001(mysql)

9. How to add a user to multiple groups?

# useradd -G svn,git,database linuxteck

Note:

Using the '-G' option with the useradd command we can add a user to multiple groups. Make sure those groups exist else it will throw an error like "useradd: group '' does not exist". Here I have added a "linuxteck" user into 3 groups named "svn, git, database". Each group should be separated by comma (,) with no space between. The output can be verified by using the following command.
# id linuxteck

Output:

 

uid=1005(linuxteck) gid=1009(linuxteck)
groups=1009(linuxteck),1006(svn),1007(git),1008(database)

10. How to create a User without a Home Directory?

# useradd -M jose

Note:

The '-M' option is used to create a user without a home directory. Due to security issues, we may be forced to create such users without a home directory. In those cases, if the user logs into the system, then by default root will become like a home directory for such users. If those users try to execute the 'su' command, then their login directory will be the home directory of the previous users. The output of the above command can be verified by using the following (2) commands.

Command: 1

# id jose

Output:

 

uid=1006(jose) gid=1010(jose) groups=1010(jose)

Command: 2

# ls -ld /home/jose

Output:

 

ls: cannot access /home/jose: No such file or directory

Note:

Here you can see there is no home directory created for the user named "jose"
11. How to create a User without a User Private Group (UPG)?

# useradd -N tony

Note:

In RHEL/Centos by default a group will be created with the same name as the user when you create a new user with useradd command. However, the '-N' option will permit you to create a user without the user private/primary group (UGP). According to the '/etc/passwd' file, the empty group field is invalid. Hence, the system will automatically take the 'GID 100' named 'users' as a group ID of the new user. Use the following (2) commands to see the output of the above example.

Command :1

# id tony

Output:

 

uid=1009(tony) gid=100(users) groups=100(users)

Command :2

# tail -1 /etc/passwd

Output:

 

tony:x:1009:100::/home/tony:/bin/bash

Note:

You can see the group ID from the above outputs.
12. How to create a user with an encrypted password?

# useradd -p '$6$Zg8Mxq7u$WzUhqPrmus21PNlFRXm7RO4peDCLionkkI.' linuxteck

Note:

Using the'-p' option we can create an encrypted password for the new account while creating the new user. This command may help you sometimes in realtime (production). To verify the same, use the following command:

# tail -1 /etc/shadow

Output:

linuxteck:$6$Zg8Mxq7u$WzsxJUbF0wsbPNlFRXm7RO4peDCLionkkI.:18343:0:99999:7:::

13. How to add a system user account to Linux?

# useradd -r www-data

Note:

Using the '-r' option you can create a system user. The main purpose of creating a system user rather than a normal account for running daemon or services or system software related. Technically, there is no difference, but in real-time it will tell the key difference of using the normal account vs system account because it can be easily identified by the UID_MIN value. All system accounts will be held lower than the normal UID. If you need a system account with a home directory then use the '-m' flag along with '-r'. The pre-assigned values of "UID or GID or SYS_GID, etc", can find in the '/etc/login.defs' file. The output of the above examples can be verified by the following command.

# id www-data

Output:

 

uid=982(www-data) gid=976(www-data) groups=976(www-data)

Note:

As you can see here the UID=982 and GID=976. In RHEL/CentOS 7, by default, all the system UIDs will be between 201-999 and the normal ID starts with 1000 onwards.
14. How to add/create a user with a custom shell type?

# useradd -s /bin/sh john

Note:

Using the ''-s'' option you can change the default login shell. Basically in Centos, there are about 8 login shells available. You can check the different types of shells in the '/etc/shells' file. Each shell has its capabilities and solutions to different problems. Choosing the types of the shell is based on the user's discretion/requirement. Use the following command to verify which type of shell is assigned. The output can be verified by the following command.

# cat /etc/passwd | grep john

Output:

 

john:x:1011:1012::/home/john:/bin/sh

15. How to create a User with a particular User ID (UID)?

# useradd -u 1050 gomez

Note:

The '-u' option can customize the UID while creating the user account. In general, the UID will start from 1000 onwards to create a normal user. But with the '-u' option we can define the UID. For eg: In our case, I assigned the UID 1050 to the user "gomez". The output can be verified in the /etc/passwd file.

# tail -1 /etc/passwd

Output:

 

gomez:x:1050:1050::/home/gomez:/bin/bash

 

 ' useradd' command with advanced option:

16. How to create a new user using the same home directory as another user?

# useradd -m -k /opt/oracle mable

Note:

Here is the option '-m' and '-k' work together to replicate the existing user's home directory to the new user. This can be used for some special purpose. In our case, all the files contained in the "/opt/oracle" directory will be copied to the home directory of the new user "mable". This means whatever files/directories are available in the "oracle" directory will be replicated in the new user's home directory.
17. How to create a user with a custom UID/GID, custom comments, specific home directory, and custom shell?

# useradd -u 1500 -g 1200 -c "Simon George" -d /opt/oracle -s /bin/sh simon

Note:

In this example, we have created a user named "simon" with some customizations like the "UID" and "GID" are assigned specifically. I also added a "custom comment" and assigned a specific home directory and finally set a custom shell also. After the execution of this command, you can verify the output with the following command.

# tail -1 /etc/passwd

Output:

 

simon:x:1999:1200:Simon George:/opt/oracle:/bin/sh

18. How to create a system user without a group or home directory?

# useradd -M -N -r www-data

Note:

The '-M' is used to create a user without a home directory and using the '-N' option prevents creating a group with the same name as the user. Finally, the '-r' option you know very well will create a system user only. See the above output details with the following (3) different commands:

# cat /etc/passwd | grep www-data

 

# cat /etc/group

 

# id www-data

19. How to create a completely customized user with the following options:

(i) The UID : 1500
(ii) The GID : 1200
(iii) Comment Field : Users Full Name
(iv) The home directory : /opt/oracle
(v) Supplementary Goups: svn,git
(vi) Set User Expriy : User expiry as 2020-03-25
(vi) Set Password : User's password inactivity for 2 days

# useradd -d /opt/oracle -c "Joseph Alex" -u 1050 -g 1200 -G svn,git -e 2020-03-25 -f 10 joseph

Note:

This is completely customized for the user with the above options. You can verify the output using the following commands:

(a) For General:                      # cat /etc/passwd | grep joseph

 

(b) For User expriy date :      # chage -l joseph

 

(c) For password expiry :     # cat /etc/shadow| grep joseph OR passwd -S joseph

20. How to create a user without a home directory, no shell, no group or custom comment?

# useradd -M -N -s /bin/false -c "Linux Teck" linuxteck

Note:

Using the above command we can create a user with no home directory, no shell type, not group with the same name as the user, but only a custom comment can be added. The above command is completely different from the other commands explained earlier. You can verify it by using the following (2) commands.

# ls -l /home/

OR

# tail -1 /etc/passwd

Output:

 

linuxteck:x:2000:100:Linux Teck:/home/linuxteck:/bin/false

 

# man useradd                      OR                     # useradd -h

Help:

For any help related to useradd command, use one of the above commands in Terminal

I hope this article will help you to understand a few things about the 'useradd' commands in Linux. Drop me your feedback/comments. If you like this article, kindly share it and it may help others as well.

Thank you!

Related post

yum command in linux with examples

15 useful YUM commands for Beginners

June 08,2021

ssh server in linux

10 useful steps to install and secure SSH server in Linux

December 31,2021

firewalld in linux

15 basic useful firewall-cmd commands in Linux

June 08,2021

About LinuxTeck

View all posts by LinuxTeck →

Leave a Reply

Your email address will not be published. Required fields are marked *

L