이 콘텐츠는 선택한 언어로 제공되지 않습니다.
3.4. Managing Users via Command-Line Tools
When managing users via command line, the following commands are used:
useradd
, usermod
, userdel
, or passwd
. The files affected include /etc/passwd
which stores user accounts information and /etc/shadow
, which stores secure user account information.
3.4.1. Creating Users
The
useradd
utility creates new users and adds them to the system. Following the short procedure below, you will create a default user account with its UID, automatically create a home directory where default user settings will be stored, /home/username/
, and set the default shell to /bin/bash
.
- Run the following command at a shell prompt as
root
substituting username with the name of your choice:useradd username
- By setting a password unlock the account to make it accessible. Type the password twice when the program prompts you to.
passwd
Example 3.1. Creating a User with Default Settings
~]# useradd robert ~]# passwd robert Changing password for user robert New password: Re-type new password: passwd: all authentication tokens updated successfully.
Running the
useradd robert
command creates an account named robert
. If you run cat /etc/passwd
to view the content of the /etc/passwd
file, you can learn more about the new user from the line displayed to you:
robert:x:502:502::/home/robert:/bin/bash
robert
has been assigned a UID of 502, which reflects the rule that the default UID values from 0 to 499 are typically reserved for system accounts. GID, group ID of User Private Group
, equals to UID. The home directory is set to /home/robert
and login shell to /bin/bash
. The letter x
signals that shadow passwords are used and that the hashed password is stored in /etc/shadow
.
If you want to change the basic default setup for the user while creating the account, you can choose from a list of command-line options modifying the behavior of
useradd
(see the useradd
(8) man page for the whole list of options). As you can see from the basic syntax of the command, you can add one or more options:
useradd [option(s)] username
As a system administrator, you can use the
-c
option to specify, for example, the full name of the user when creating them. Use -c
followed by a string, which adds a comment to the user:
useradd -c "string" username
Example 3.2. Specifying a User's Full Name when Creating a User
~]# useradd -c "Robert Smith" robert ~]# cat /etc/passwd robert:x:502:502:Robert Smith:/home/robert:/bin/bash
A user account has been created with user name
robert
, sometimes called the login name, and full name Robert Smith.
If you do not want to create the default
/home/username/
directory for the user account, set a different one instead of it. Execute the command below:
useradd -d home_directory
Example 3.3. Adding a User with non-default Home Directory
~]# useradd -d /home/dir_1 robert
robert
's home directory is now not the default /home/robert
but /home/dir_1/
.
If you do not want to create the home directory for the user at all, you can do so by running
useradd
with the -M
option. However, when such a user logs into a system that has just booted and their home directory does not exist, their login directory will be the root directory. If such a user logs into a system using the su
command, their login directory will be the current directory of the previous user.
useradd -M username
If you need to copy a directory content to the
/home
directory while creating a new user, make use of the -m
and -k
options together followed by the path.
Example 3.4. Creating a User while Copying Contents to the Home Directory
The following command copies the contents of a directory named
/dir_1
to /home/jane
, which is the default home directory of a new user jane
:
~]# useradd -m -k /dir_1 jane
As a system administrator, you may need to create a temporary account. Using the
useradd
command, this means creating an account for a certain amount of time only and disabling it at a certain date. This is a particularly useful setting as there is no security risk resulting from forgetting to delete a certain account. For this, the -e
option is used with the specified expire_date in the YYYY-MM-DD format.
Note
Do not confuse account expiration and password expiration. Account expiration is a particular date, after which it is impossible to log in to the account in any way, as the account no longer exists. Password expiration, the maximum password age and date of password creation or last password change, is the date, when it is not possible to log in using the password (but other ways exist, such as logging in using an SSH key).
useradd -e YYYY-MM-DD username
Example 3.5. Setting the Account Expiration Date
~]# useradd -e 2015-11-05 emily
The account
emily
will be created now and automatically disabled on 5 November, 2015.
User's login shell defaults to
/bin/bash
, but can be changed by the -s
option to any other shell different from bash, ksh, csh, tsh, for example.
useradd -s login_shell username
Example 3.6. Adding a User with Non-default Shell
~]# useradd -s /bin/ksh robert
This command creates the user
robert
which has the /bin/ksh
shell.
The
-r
option creates a system account, which is an account for administrative use that has some, but not all, root privileges. Such accounts have a UID lower than the value of UID_MIN defined in /etc/login.defs
, typically 500 and above for ordinary users.
useradd -r username