useradd(8) Команды управления системой useradd(8)
НАЗВАНИЕ
useradd - регистрирует нового пользователя или изменяет информацию по
умолчанию о новых пользователях
СИНТАКСИС
useradd [параметры] УЧЁТНАЯ_ЗАПИСЬ
useradd -D
useradd -D [параметры]
ОПИСАНИЕ
useradd is a low level utility for adding users. On Debian,
administrators should usually use adduser(8) instead.
When invoked without the -D option, the useradd command creates a new
user account using the values specified on the command line plus the
default values from the system. Depending on command line options, the
useradd command will update system files and may also create the new
user's home directory and copy initial files.
By default, a group will also be created for the new user (see -g, -N,
-U, and USERGROUPS_ENAB).
ПАРАМЕТРЫ
The options which apply to the useradd command are:
--badname
Allow names that do not conform to standards.
-b, --base-dir BASE_DIR
The default base directory for the system if -d HOME_DIR is not
specified. BASE_DIR is concatenated with the account name to
define the home directory.
If this option is not specified, useradd will use the base
directory specified by the HOME variable in /etc/default/useradd,
or /home by default.
-c, --comment COMMENT
Any text string. It is generally a short description of the
account, and is currently used as the field for the user's full
name.
-d, --home-dir HOME_DIR
The new user will be created using HOME_DIR as the value for the
user's login directory. The default is to append the LOGIN name to
BASE_DIR and use that as the login directory name. If the directory
HOME_DIR does not exist, then it will be created unless the -M
option is specified.
-D, --defaults
Смотрите далее в подразделе «Изменение значений по умолчанию».
-e, --expiredate EXPIRE_DATE
The date on which the user account will be disabled. The date is
specified in the format YYYY-MM-DD.
If not specified, useradd will use the default expiry date
specified by the EXPIRE variable in /etc/default/useradd, or an
empty string (no expiry) by default.
-f, --inactive INACTIVE
defines the number of days after the password exceeded its maximum
age where the user is expected to replace this password. The value
is stored in the shadow password file. An input of 0 will disable
an expired password with no delay. An input of -1 will blank the
respective field in the shadow password file. See shadow(5)for more
information.
If not specified, useradd will use the default inactivity period
specified by the INACTIVE variable in /etc/default/useradd, or -1
by default.
-F, --add-subids-for-system
Update /etc/subuid and /etc/subgid even when creating a system
account with -r option.
-g, --gid GROUP
The name or the number of the user's primary group. The group name
must exist. A group number must refer to an already existing group.
If not specified, the behavior of useradd will depend on the
USERGROUPS_ENAB variable in /etc/login.defs. If this variable is
set to yes (or -U/--user-group is specified on the command line), a
group will be created for the user, with the same name as her
loginname. If the variable is set to no (or -N/--no-user-group is
specified on the command line), useradd will set the primary group
of the new user to the value specified by the GROUP variable in
/etc/default/useradd, or 100 by default.
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of.
Each group is separated from the next by a comma, with no
intervening whitespace. The groups are subject to the same
restrictions as the group given with the -g option. The default is
for the user to belong only to the initial group.
-h, --help
Показать краткую справку и закончить работу.
-k, --skel SKEL_DIR
The skeleton directory, which contains files and directories to be
copied in the user's home directory, when the home directory is
created by useradd.
This option is only valid if the -m (or --create-home) option is
specified.
If this option is not set, the skeleton directory is defined by the
SKEL variable in /etc/default/useradd or, by default, /etc/skel.
Если возможно, выполняется копирование ACL и расширенных атрибутов.
-K, --key KEY=VALUE
Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK,
PASS_MAX_DAYS and others).
Example: -K PASS_MAX_DAYS =-1 can be used when creating an account
to turn off password aging. Multiple -K options can be specified,
e.g.: -K UID_MIN =100 -K UID_MAX=499
For the compatibility with previous Debian's useradd, the -O option
is also supported.
-l, --no-log-init
Не добавлять пользователя в базы данных lastlog и faillog.
By default, the user's entries in the lastlog and faillog databases
are reset to avoid reusing the entry from a previously deleted
user.
If this option is not specified, useradd will also consult the
variable LOG_INIT in the /etc/default/useradd if set to no the user
will not be added to the lastlog and faillog databases.
-m, --create-home
Create the user's home directory if it does not exist. The files
and directories contained in the skeleton directory (which can be
defined with the -k option) will be copied to the home directory.
By default, if this option is not specified and CREATE_HOME is not
enabled, no home directories are created.
The directory where the user's home directory is created must exist
and have proper SELinux context and permissions. Otherwise the
user's home directory cannot be created or accessed.
-M, --no-create-home
Do not create the user's home directory, even if the system wide
setting from /etc/login.defs (CREATE_HOME) is set to yes.
-N, --no-user-group
Do not create a group with the same name as the user, but add the
user to the group specified by the -g option or by the GROUP
variable in /etc/default/useradd.
The default behavior (if the -g, -N, and -U options are not
specified) is defined by the USERGROUPS_ENAB variable in
/etc/login.defs.
-o, --non-unique
allows the creation of an account with an already existing UID.
This option is only valid in combination with the -u option. As a
user identity serves as key to map between users on one hand and
permissions, file ownerships and other aspects that determine the
system's behavior on the other hand, more than one login name will
access the account of the given UID.
-p, --password PASSWORD
defines an initial password for the account. PASSWORD is expected
to be encrypted, as returned by crypt (3). Within a shell script,
this option allows to create efficiently batches of users.
Without this option, the new account will be locked and with no
password defined, i.e. a single exclamation mark in the respective
field of /etc/shadow. This is a state where the user won't be able
to access the account or to define a password himself.
Note:Avoid this option on the command line because the password (or
encrypted password) will be visible by users listing the processes.
Вы должны проверить, что пароль соответствует политике системных
паролей.
-r, --system
Создать системную учётную запись.
System users will be created with no aging information in
/etc/shadow, and their numeric identifiers are chosen in the
SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead
of UID_MIN-UID_MAX (and their GID counterparts for the creation of
groups).
Note that useradd will not create a home directory for such a user,
regardless of the default setting in /etc/login.defs (CREATE_HOME).
You have to specify the -m options if you want a home directory for
a system account to be created.
Note that this option will not update /etc/subuid and /etc/subgid.
You have to specify the -F options if you want to update the files
for a system account to be created.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration
files from the CHROOT_DIR directory. Only absolute paths are
supported.
-P, --prefix PREFIX_DIR
Apply changes to configuration files under the root filesystem
found under the directory PREFIX_DIR. This option does not chroot
and is intended for preparing a cross-compilation target. Some
limitations: NIS and LDAP users/groups are not verified. PAM
authentication is using the host files. No SELINUX support.
-s, --shell SHELL
sets the path to the user's login shell. Without this option, the
system will use the SHELL variable specified in
/etc/default/useradd, or, if that is as well not set, the field for
the login shell in /etc/passwd remains empty.
-u, --uid UID
The numerical value of the user's ID. This value must be unique,
unless the -o option is used. The value must be non-negative. The
default is to use the smallest ID value greater than or equal to
UID_MIN and greater than every other user.
See also the -r option and the UID_MAX description.
-U, --user-group
Создать группу с тем же именем что и у пользователя, и добавить
пользователя в эту группу.
The default behavior (if the -g, -N, and -U options are not
specified) is defined by the USERGROUPS_ENAB variable in
/etc/login.defs.
-Z, --selinux-user SEUSER
defines the SELinux user for the new account. Without this option,
a SELinux uses the default user. Note that the shadow system
doesn't store the selinux-user, it uses semanage(8) for that.
Изменение значений по умолчанию
When invoked with only the -D option, useradd will display the current
default values. When invoked with -D plus other options, useradd will
update the default values for the specified options. Valid
default-changing options are:
-b, --base-dir BASE_DIR
sets the path prefix for a new user's home directory. The user's
name will be affixed to the end of BASE_DIR to form the new user's
home directory name, if the -d option is not used when creating a
new account.
This option sets the HOME variable in /etc/default/useradd.
-e, --expiredate EXPIRE_DATE
sets the date on which newly created user accounts are disabled.
This option sets the EXPIRE variable in /etc/default/useradd.
-f, --inactive INACTIVE
defines the number of days after the password exceeded its maximum
age where the user is expected to replace this password. See
shadow(5)for more information.
This option sets the INACTIVE variable in /etc/default/useradd.
-g, --gid GROUP
sets the default primary group for newly created users, accepting
group names or a numerical group ID. The named group must exist,
and the GID must have an existing entry.
This option sets the GROUP variable in /etc/default/useradd.
-s, --shell SHELL
defines the default login shell for new users.
This option sets the SHELL variable in /etc/default/useradd.
ЗАМЕЧАНИЯ
The system administrator is responsible for placing the default user
files in the /etc/skel/ directory (or any other skeleton directory
specified in /etc/default/useradd or on the command line).
ПРЕДОСТЕРЕЖЕНИЯ
Нельзя добавить пользователя в группу NIS или LDAP. Это необходимо
делать на соответствующем сервере.
Similarly, if the username already exists in an external user database
such as NIS or LDAP, useradd will deny the user account creation
request.
Usernames may contain only lower and upper case letters, digits,
underscores, or dashes. They can end with a dollar sign. Dashes are not
allowed at the beginning of the username. Fully numeric usernames and
usernames . or .. are also disallowed. It is not recommended to use
usernames beginning with . character as their home directories will be
hidden in the ls output.
On Debian, the only constraints are that usernames must neither start
with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a colon
(':'), a comma (','), or a whitespace (space: ' ', end of line: '\n',
tabulation: '\t', etc.). Note that using a slash ('/') may break the
default algorithm for the definition of the user's home directory.
Имена пользователей могут быть длиной не более 32 знаков.
НАСТРОЙКА
The following configuration variables in /etc/login.defs change the
behavior of this tool:
ФАЙЛЫ
/etc/passwd
содержит информацию о пользователях
/etc/shadow
содержит защищаемую информацию о пользователях
/etc/group
содержит информацию о группах
/etc/gshadow
содержит защищаемую информацию о группах
/etc/default/useradd
значения по умолчанию для создаваемой учётной записи
/etc/shadow-maint/useradd-pre.d/*, /etc/shadow-maint/useradd-post.d/*
Run-part files to execute during user addition. The environment
variable ACTION will be populated with useradd and SUBJECT with the
username. useradd-pre.d will be executed prior to any user
addition. useradd-post.d will execute after user addition. If a
script exits non-zero then execution will terminate.
/etc/skel/
каталог, содержащий файлы по умолчанию
/etc/subgid
Per user subordinate group IDs.
/etc/subuid
Per user subordinate user IDs.
/etc/login.defs
содержит конфигурацию подсистемы теневых паролей
ВОЗВРАЩАЕМЫЕ ЗНАЧЕНИЯ
The useradd command exits with the following values:
0
success
1
can't update password file
2
invalid command syntax
3
invalid argument to option
4
UID already in use (and no -o)
6
specified group doesn't exist
9
username or group name already in use
10
can't update group file
12
can't create home directory
14
can't update SELinux user mapping
СМОТРИТЕ ТАКЖЕ
chfn(1), chsh(1), passwd(1), crypt(3), groupadd(8), groupdel(8),
groupmod(8), login.defs(5), newusers(8), subgid(5), subuid(5),
userdel(8), usermod(8).
shadow-utils 4.13 03/23/2023 useradd(8)
Generated by dwww version 1.15 on Mon Jul 1 04:52:31 CEST 2024.