Linux

How to Create User in RHEL/CentOS 7.6

- by LinuxTeck - Leave a Comment
useradd_command_linux

This article will help you to understand the 'useradd' command in Linux/Unix based systems. As we all are aware that Linux is a multi-user and a multitasking operating system (OS). It has built with a large number of commands from basic to advance. Here, we are going to see the 'useradd' command, it is also called as 'adduser'. In RHEL/CENTOS both (useradd and adduser) commands do the same functions/features, and there is no key difference between them, whereas it may not be true with other distros. The path of the 'adduser' is just a symbolic link to the 'useradd' command.

Useradd command is to create and manage users in Linux/Unix based systems. It comes with a lot of options/arguments. Being a Linux system administrator, it is one of your routine jobs to create users with a normal/default setup, or sometimes you may ask to create a specific home directory of the users, or set user account expiry date, or shell, or group, etc, etc.

This step by step guide will help you how to use various options in 'useradd' commands on RHEL/CentOS 7.6. We will see one by one mostly with examples. The same guide can be used to all the other versions of RHEL/CentOS/Fedora. For other distros, it may come with a small type of difference in using it. Therefore, it is highly recommended to read the guidelines before creating the user accounts.

The Global Syntax of useradd command with options:

useradd  [options]  USERNAME

The following cheat sheet provides an overview of the options used in useradd command in Linux.

useradd_command_cheat_sheet

Let us begin with executing the default form of useradd command followed by the user name. Once this command is executed, it will perform the following actions:

(a) A new entry will be added to '/etc/passwd, /etc/shadow, /etc/group, /etc/gshadow' files.

(b) A new user's home directory will be created along with the bash files, which copied from the skel directory. Also, permission and ownership of the home directory will be set by default.

Warning:

To execute a useradd command in Terminal you need to be either a root user (Administrator) or a superuser or with sudo privilege. Permission denied for all the normal users to execute the useradd command.
Table of Contents show
1. How to add/create a user ?

# useradd linuxteck

Note:

The above command will create a username as "linuxteck" into your local Linux Server/Desktop with default settings as mentioned above. A new entry will be updated into 4 files ie.,(/etc/passwd, /etc/shadow, /etc/group and /etc/gshadow). Let us see one by one.

(a) /etc/passwd => This file is used to store all the information of the user accounts. You can verify the information of the newly created username in the '/etc/passwd' file with the following command:

# cat /etc/passwd | grep linuxteck

Output:

 

linuxteck:x:1003:1005::/home/linuxteck:/bin/bash

Note:

The above output represents a user account which contains the following "7 fields" separated with colons (:).
useradd_etc_passwd

(b) /etc/shadow => This file is used to store all the password information of the user's. Only root account/equivalents privileges account's can only handle this file. By default, the root account holds the permission and ownership of this file. Use the following command to view the password related information of the new user named "linuxteck".

# cat /etc/shadow | grep linuxteck

Output:

 

linuxteck:$6$PsZ2cWaJ$yUscpxrjnDkq4LgwvRNLMBK6GqXkWavI4Czf44v6NVl4NzH.czTTxw.IHqvohU5Y1LQrTjPYe/MRd8w8ndAbe0:18333:0:99999:7:::

Note:

The '/etc/shadow' file is not readable like '/etc/passwd' file. Only root and super user can read this file. From the above output contains 9 files seperated with colons (:).
useradd_etc_shadow

 

(c) /etc/group => This file is used stores a list of groups and the members belong to each group. Basically in Linux /Unix multiple users can be placed into single or multiple groups. To see the information in the '/etc/group' file can be used by the following command:

# cat /etc/group | grep linuxteck

useradd_etc_group

(d) /etc/gshadow => This file is used stores an encrypted password for each group and group membership. Generally, it can be readable by only root or super users and the default permission of this file is set as "000".

# cat /etc/gshadow | grep linuxteck

Output:

 

linuxteck  :  !  :  :

Note:

The above output contains the following fields:.
useradd_etc_gshadow
2. How to define a home directory during user creation in Linux?
#useradd -b /opt linuxteck

Note:

The above command can override the default path of the user's home directory when creating a new user. It usually placed under "/home", whereas using '-b' flag we can be customized the path based on our choice. In this example, the location of the "linuxteck" user's home directory will be placed under ' /opt' instead of '/home'. Use the following command to verify the home directory path of the newly created user.
# cat /etc/passwd | grep linuxteck

Output:

 

linuxteck:x:1003:1005::/opt/linuxteck:/bin/bash

3. How to create a "Custom Comments" while creating the user ?

# useradd -c "John Gomez" john

Note:

Using the'-c' option can add a custom comment like the user's full name, email address, etc while creating a user. The output of the above example can be verified by the following command.
# cat /etc/passwd | grep john

Output:

 

john:x:1003:1004:John Gomez:/home/john:/bin/bash

4. How to create a specific home directory name when creating a new user?

# useradd -d /opt/oracle jose

Note:

The '-d' option authorize us to change the user's default home directory name different than the username. For example, when you execute a useradd command by default the user's home directory name will also be the same as the username. In our case, the above command creates a username as "jose" with a home directory of "/opt/oracle". Use the following command to see the details of the user's home directory and the username.
# cat /etc/passwd | grep jose

Output:

 

jose:x:1004:1005::/opt/oracle:/bin/bash

5. How to check the user's default configuration?

# useradd -D OR # cat /etc/default/useradd

Output:

 

GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

Note:

You can use either one of the above commands to check the user's default configuration file. In the above output, you can see there are 7 rows in total and each row having its default values. By editing this file from the command you can change the default shell and directory. A short explanation is here below:
useradd -D
6. How to create a user account with an expiry date?

# useradd -e 2020-03-22 linuxteck

Note:

Using the '-e' flag with useradd command can set the expiry date of a user account. By default, there is no expiry date set for any user during the execution of useradd command. In the user, management security is one of the essential parts. In real-time, some special cases ( create a guest or temporary account) we may force to set an expiry date for such user accounts and the date format should be YYYY-MM-DD. Use the following command to verify the expiry date of "linuxteck" username.

Before setting the User Expiry option:

# chage -l linuxteck

useradd expiry date

After setting the User Expiry option:

# chage -l linuxteck

useradd expiry date set

7. How to create a password expiry date of a User account?

# useradd -f 2 linuxteck

Note:

The '-f' option can define the number of days after the password expired. A value of "0" will inactive the account immediately after the password expired. By default, the password expiry value is set as "-1". In our case, we have created an account (linuxteck )with a password expiry date of "2 days". Use either one of the following commands to verify the password expiry date of the user.
# cat /etc/shadow | grep linuxteck
Output:      
linuxteck:!!:18343:0:99999:7:2::          

OR

# passwd -S linuxteck

Output:

linuxteck LK 2020-03-22 0 99999 7 2 (Password locked.)

Note:

For your easy understanding I have listed one example here below an account without a password expiry date. Now you can see the difference between these accounts (password and passwordless) output. The following account comes with default value as "-1", which means this account will never expire.
# passwd -S jose

Output:

jose LK 2020-03-20 0 99999 7 -1 (Password locked.)

8. How to create a User with a particular Group ID?

# useradd -g 1001 linuxteck

Note:

The '-g' option specified for GID (Group Identification Number), every user has their own GID. Using '-g' option we can create a specific group ID to the user, but make sure the Group ID must exist in the "/etc/group" file. Only then it will accept else it will throw an error "Group does not exist". In this example, we have created a user with an existing group named "mysql" with group ID as "1001". Use the following  (3) different commands to verify the output of "linuxteck" user group ID.
Command : 1
# cat /etc/passwd | grep linuxteck

Output:

 

linuxteck:x:1005:1001::/home/linuxteck:/bin/bash

Note:

The following command will list the last 10 lines of "/etc/group" file. where you can see the "MYSQL group ID 1001 as listed".
Command : 2

# tail -10 /etc/group

Output:

 

unbound:x:982:
mysql:x:1001:
openvpn:x:981:
lightdm:x:980:
nm-openvpn:x:979:
nm-openconnect:x:978:
yumex:x:977:
teck:x:1003:
john:x:1004:
jose:x:1005:

Note:

Also, you can use the following command to check the UID and GID of the user. In the below example, you can see the UID, GID and the groups of "linuxteck" user account.

Command 3:

# id linuxteck

Output:

 

uid=1005(linuxteck) gid=1001(mysql) groups=1001(mysql)

9. How to add a user into multiple groups?

# useradd -G svn,git,database linuxteck

Note:

Using the '-G' option with useradd command we can add a user into multiple groups. Make sure those groups exist else it will throw an error like "useradd: group '' does not exist". Here I have added a "linuxteck" user into 3 groups named "svn, git, database". Each group should be separated by comma (,) with no space between. The output can be verified by using the following command.
# id linuxteck

Output:

 

uid=1005(linuxteck) gid=1009(linuxteck)
groups=1009(linuxteck),1006(svn),1007(git),1008(database)

10. How to create a User without a Home Directory?

# useradd -M jose

Note:

The '-M' option is used to create a user without a home directory. Due to some security issues, we may force to create such users without a home directory. In those cases, if the user logs into the system, then by default root will become like a home directory for such users. If those users try to execute 'su' command, then their login directory will be the home directory of the previous users. The output of the above command can be verified by using the following (2) commands.

Command : 1

# id jose

Output:

 

uid=1006(jose) gid=1010(jose) groups=1010(jose)

Command : 2

# ls -ld /home/jose

Output:

 

ls: cannot access /home/jose: No such file or directory

Note:

Here you can see there is no home directory created for the user named "jose"
11. How to create a User without a User Private Group (UPG)?

# useradd -N tony

Note:

In RHEL/Centos by default a group will be created with the same name as the user when you create a new user with useradd command. But the '-N' option will permit to create a user without the user private/primary group (UGP). According to the '/etc/passwd' file, an empty group field is invalid. Hence the system will automatically take the 'GID 100' named 'users' as a group ID of the new user. Use the following (2) commands to see the output of the above example.

Command :1

# id tony

Output:

 

uid=1009(tony) gid=100(users) groups=100(users)

Command :2

# tail -1 /etc/passwd

Output:

 

tony:x:1009:100::/home/tony:/bin/bash

Note:

You can see the group ID from the above outputs.
12. How to create a user with an encrypted password?

# useradd -p '$6$Zg8Mxq7u$WzUhqPrmus21PNlFRXm7RO4peDCLionkkI.' linuxteck

Note:

Using the'-p' option we can create an encrypted password of the new account while creating the new user. This command may help you sometimes in realtime (production). To verify the same use the following command.

# tail -1 /etc/shadow

Output:

linuxteck:$6$Zg8Mxq7u$WzsxJUbF0wsbPNlFRXm7RO4peDCLionkkI.:18343:0:99999:7:::

13. How to add a system user account in Linux?

# useradd -r www-data

Note:

Using the '-r' option can create a system user. The main purpose of creating a system user rather than a normal account for running daemon or services or system software related. Technically, there is no difference, but in real-time it will tell the key difference of using the normal account vs system account because it can be easily identified by the UID_MIN value. All the system account will be held lower than the normal UID. If you need the system account with the home directory then use '-m' flag along with '-r'. The pre-assigned values of "UID or GID or SYS_GID, etc", can find in the '/etc/login.defs' file. The output of the above examples can be verified by the following command.

# id www-data

Output:

 

uid=982(www-data) gid=976(www-data) groups=976(www-data)

Note:

As you can see here the UID=982 and GID=976. In RHEL/CentOS 7, by default, all the system UID will be between 201-999 and the normal ID starts with 1000 onwards.
14. How to add/create a user with a custom shell type?

# useradd -s /bin/sh john

Note:

Using the '-s' option can change the default login shell. Basically in Centos, there is about 8 login shell available. You can check the different types of shells in the '/etc/shells' file. Each shell has its capabilities and solutions to different problems. Choosing the types of the shell is based on the user's discretion/requirement. Use the following command to verify which type of shell is assigned. The output can be verified by the following command.

# cat /etc/passwd | grep john

Output:

 

john:x:1011:1012::/home/john:/bin/sh

15. How to create a User with a particular User ID (UID)?

# useradd -u 1050 gomez

Note:

The '-u' option can customize the UID while creating the user account. In general, the UID will be started 1000 onwards for creating a normal user. But with '-u' option we can define the UID. For eg: In our case, I assigned the UID 1050 to the user "gomez". The output can be verified in the /etc/passwd file.

# tail -1 /etc/passwd

Output:

 

gomez:x:1050:1050::/home/gomez:/bin/bash

 

 ' useradd' command with advanced option:

 

16. How to create a new user by using the same home directory of another user?

# useradd -m -k /opt/oracle mable

Note:

Here the option '-m' and '-k' work together to replicate the existing user's home directory to the new user. This can be used for some special purpose. In our case, all the files are contained in the "/opt/oracle" directory will be copied to the home directory of the new user "mable". It means whatever the files/directories available in the "oracle" directory will be replicated to the new user's home directory.
17. How to create a user with custom UID/GID, custom comment, specific home directory, and custom shell?

# useradd -u 1500 -g 1200 -c "Simon George" -d /opt/oracle -s /bin/sh simon

Note:

In this example, we have created a user named "simon" with some customizations like the "UID and GID" are assing specifically. I also added a "custom comment" and assigned a specific home directory and finally set a custom shell also. After the execution of this command, you can verify the output with the following command.

# tail -1 /etc/passwd

Output:

 

simon:x:1999:1200:Simon George:/opt/oracle:/bin/sh

18. How to create a system user without a group and home directory?

# useradd -M -N -r www-data

Note:

The '-M' is used to create a user without a home directory and using the '-N' option prevents creating a group with the same name as the user. Finally the '-r' option you know it very well, it will create a system user only. To see the above output details with the following (3) different commands:

# cat /etc/passwd | grep www-data

 

# cat /etc/group

 

# id www-data

19. How to create a completely customized user with the following options:

(i) The UID : 1500
(ii) The GID : 1200
(iii) Comment Field : Users Full Name
(iv) The home directory : /opt/oracle
(v) Supplementary Goups: svn,git
(vi) Set User Expriy : User expiry as 2020-03-25
(vi) Set Password : User's password inactivity for 2 days

# useradd -d /opt/oracle -c "Joseph Alex" -u 1050 -g 1200 -G svn,git -e 2020-03-25 -f 10 joseph

Note:

This is completely customized for a user with the above options. You can verify the output using the following commands:

(a) For General:                      # cat /etc/passwd | grep joseph

 

(b) For User expriy date :      # chage -l joseph

 

(c) For password expiry :     # cat /etc/shadow| grep joseph OR passwd -S joseph

20. How to create a user without a home directory, no shell, no group and custom comment?

# useradd -M -N -s /bin/false -c "Linux Teck" linuxteck

Note:

Using the above command we can create a user with no home directory, no shell type, not group with the same name as the user, but only a custom comment can be added. The above command is completely different from the other commands explained earlier. You can verify it by with the following (2) commands.

# ls -l /home/

OR

# tail -1 /etc/passwd

Output:

 

linuxteck:x:2000:100:Linux Teck:/home/linuxteck:/bin/false

 

# man useradd                      OR                     # useradd -h

Help:

For any help related with useradd command, use one of the above commands in Terminal

I hope this article will help you to understand a few things about the 'useradd' commands in Linux. Drop me your feedback/comments. If you like this article, kindly share it and it may help others as well.

Thank you!

Please share it, if you like this article and help us to grow! 🙂

Related Posts

yum command in linux with examples

15 useful YUM commands for Beginners

ssh server in linux

10 useful steps to install and secure SSH server in Linux

firewalld in linux

15 basic useful firewall-cmd commands in Linux

About LinuxTeck

View all posts by LinuxTeck →

Leave a Reply

Your email address will not be published. Required fields are marked *