ADDUSER
Section: Maintenance Commands (8)
Updated:
Index
Return to Main Contents
NAME
adduser, addgroup - add or manipulate users or groups
SYNOPSIS
[ --add-extra-groups ]
[ --allow-all-names ]
[ --allow-bad-names ]
[ --comment comment ]
[ --conf file ]
[ --debug ]
[ --disabled-login ]
[ --disabled-password ]
[ --firstgid id ]
[ --firstuid id ]
[ --gid id ]
[ --home dir ]
[ --ingroup group ]
[ --lastgid id ]
[ --lastuid id ]
[ --no-create-home ]
[ --shell shell ]
[ --quiet ]
[ --uid id ]
[ --verbose ]
user
--system
[ --comment comment ]
[ --conf file ]
[ --debug ]
[ --gid id ]
[ --group ]
[ --home dir ]
[ --ingroup group ]
[ --no-create-home ]
[ --shell shell ]
[ --uid id ]
[ --quiet ]
[ --verbose ]
user
--group
[ --conf file ]
[ --debug ]
[ --firstgid id ]
[ --gid ID ]
[ --lastgid id ]
[ --quiet ]
[ --verbose ]
group
[ --conf file ]
[ --debug ]
[ --firstgid id ]
[ --gid ID ]
[ --lastgid id ]
[ --quiet ]
[ --verbose ]
group
--system
[ --gid id ]
[ --conf file ]
[ --quiet ]
[ --verbose ]
group
[ --conf file ]
[ --debug ]
[ --quiet ]
[ --verbose ]
user
group
--help
--version
DESCRIPTION
adduser and addgroup add users and groups to the system
according to command line options
and configuration information in /etc/adduser.conf.
They are friendlier front ends to the low level tools like
useradd, groupadd and usermod programs,
by default choosing Debian policy conformant UID and GID values,
creating a home directory with skeletal configuration,
running a custom script,
and other features.
adduser and addgroup are intended as a policy layer,
making it easier for package maintainers and local administrators
to create local system accounts
in the way Debian expects them to be created,
taking the burden to adapt to the probably changing specifications
of Debian policy.
adduser --system takes special attention
on just needing a single call in the package maintainer scripts
without any conditional wrappers,
error suppression or other scaffolding.
adduser honors the distinction between
dynamically allocated system users and groups
and
dynamically allocated user accounts
that is documented in Debian Policy, Chapter 9.2.2.
For a full list and explanations of all options,
see the OPTIONS section.
adduser and addgroup can be run in one of five modes:
Add a normal user
If called with one non-option argument and
without the --system or --group options,
adduser will add a normal user,
that means a
dynamically allocated user account
in the sense of Debian Policy.
This is commonly referred to in adduser as a non-system user.
adduser will choose the first available UID
from the range specified by
FIRST_UID and LAST_UID
in the configuration file.
The range may be overridden with the
--firstuid and --lastuid options.
Finally, the UID can be set fully manually with the --uid option.
By default, each user is given a corresponding group with the same name.
This is commonly called
Usergroups
and allows group writable directories to be easily maintained
by placing the appropriate users in the new group,
setting the set-group-ID bit in the directory,
and ensuring that all users use a umask of 002.
For a usergroup,
adduser will choose the first available GID
from the range specified by
FIRST_GID and LAST_GID
in the configuration file.
The range may be overridden with the
--firstgid and --lastgid options.
Finally, the GID can be set fully manually with the --gid option.
The interaction between
USERS_GID, USERS_GROUP, and USERGROUPS
is explained in detail in
adduser.conf(5).
Users' primary groups can also be overridden
from the command line
with the --gid or --ingroup options
to set the group by id or name,
respectively.
Also,
users can be added
to one or more supplemental groups
defined as EXTRA_GROUPS in the configuration file
either by setting ADD_EXTRA_GROUPS to 1
in the configuration file,
or by passing --add-extra-groups on the command line.
adduser will copy files from /etc/skel
into the home directory and
prompt for the comment field and a password
if those functions have not been turned off / overridden
from the command line.
UID, comment, home directory and shell
might be pre-determined with the UID_POOL and GID_POOL option,
documented in
adduser.conf(5).
Add a system user
If called with one non-option argument and the --system option,
adduser will add a
dynamically allocated system user,
often abbreviated as
system user
in the context of the adduser package.
adduser will choose the first available UID
from the range specified by
FIRST_SYSTEM_UID and LAST_SYSTEM_UID
in the configuration file.
This can be overridden with the --uid option.
By default, system users are placed in the nogroup group.
To place the new system user in an already existing group,
use the --gid or --ingroup options.
If the --group is given
and the identically named group does not already exist,
it is created with the same ID.
If no home directory is specified,
the default home directory for a new system user
is /nonexistent.
This directory should never exist on any Debian system,
and adduser will never create it automatically.
Unless a shell is explicitly set with the --shell option,
the new system user will have the shell set to
/usr/sbin/nologin.
adduser --system does not set a password for the new account.
Skeletal configuration files are not copied.
Other options will behave as for the creation of a normal user.
The files referenced by UID_POOL and GID_POOL do also work.
Add a group
If adduser is called with the --group option and
without the --system option, or
addgroup is called respectively,
a user group will be added.
A
dynamically allocated system group,
often abbreviated as system group
in the context of the adduser package,
will be created
if adduser is called with the --system option.
A GID will be chosen from the respective range specified for GIDs
in the configuration file
(FIRST_GID, LAST_GID,
FIRST_SYSTEM_GID, LAST_SYSTEM_GID).
To override that mechanism,
you can give the GID using the --gid option.
For non-system groups,
the range specified in the configuration file may be overridden
with the --firstgid and --lastgid options.
The group is created with no members.
Add an existing user to an existing group
If called with two non-option arguments,
adduser will add an existing user to an existing group.
OPTIONS
Different modes of adduser allow different options.
If no valid modes are listed for a option,
it is accepted in all modes.
Short versions for certain options may exist for historical reasons.
They are going to stay supported, but are removed from the documentation.
Users are advised to migrate to the long version of options.
- --add-extra-groups
-
Add new user to extra groups defined in the configuration files'
EXTRA_GROUPS setting.
The old spelling --add_extra_groups is deprecated and
will be supported in Debian bookworm only.
Valid Modes: adduser, adduser --system.
- --allow-all-names
-
Allow any user- and groupname which is supported by the underlying
useradd(8), including names containing non-ASCII characters.
See VALID NAMES in
adduser.conf(5).
Valid Modes: adduser, adduser --system,
addgroup, addgroup --system.
- --allow-bad-names
-
Disable NAME_REGEX and SYS_NAME_REGEX check of names.
Only a weaker check for validity of the name is applied.
See VALID NAMES in
adduser.conf(5).
Valid Modes: adduser, adduser --system,
addgroup, addgroup --system.
- --comment comment
-
Set the comment field for the new entry generated.
adduser will not ask for the information if this option is given.
This field is also known under the name GECOS field
and contains information that is used by the finger(1) command.
This used to be the --gecos option,
which is deprecated and will be removed after Debian bookworm.
Valid Modes: adduser, adduser --system.
- --conf file
-
Use file instead of /etc/adduser.conf.
Multiple --conf options can be given.
- --debug
-
Activate debugging code.
- --disabled-login
-
--disabled-password
Do not run passwd(1) to set a password.
In most situations, logins are still possible though
(for example using SSH keys or through PAM)
for reasons that are beyond adduser's scope.
--disabled-login will additionally set the shell to
/usr/sbin/nologin.
Valid Mode: adduser.
- --firstuid ID
-
--lastuid ID
--firstgid ID
--lastgid ID
Override the first UID / last UID / first GID / last GID
in the range that the uid is chosen from
(FIRST_UID, LAST_UID, FIRST_GID and LAST_GID,
FIRST_SYSTEM_UID, LAST_SYSTEM_UID,
FIRST_SYSTEM_GID and LAST_SYSTEM_GID
in the configuration file).
If a group is created as a usergroup,
--firstgid and --lastgid
are ignored.
The group gets the same ID as the user.
Valid Modes: adduser, adduser --system,
for --firstgid and --lastgid also
addgroup.
- --force-badname
-
--allow-badname
These are the deprecated forms of --allow-bad-names.
It will be removed
during the release cycle of the Debian release after bookworm.
- --gid ID
-
When creating a group,
this option sets the group ID number of the new group to GID.
When creating a user,
this option sets the primary group ID number of the new user
to GID.
Valid Modes: adduser, adduser --system,
addgroup, addgroup --system.
- --group
-
Using this option in adduser --system
indicates that the new user should get
an identically named group as its primary group.
If that identically named group is not already present, it is created.
If not combined with --system,
a group with the given name is created.
The latter is the default action if
the program is invoked as addgroup.
Valid Modes: adduser --system,
addgroup, addgroup --system.
- --help
-
Display brief instructions.
- --home dir
-
Use dir as the user's home directory,
rather than the default specified by the configuration file
(or /nonexistent if adduser --system is used).
If the directory does not exist, it is created.
Valid Modes: adduser, adduser --system.
- --ingroup GROUP
-
When creating a user,
this option sets the primary group ID number of the new user
to the GID of the named group.
Unlike with the --gid option,
the group is specified here by name rather than by numeric ID number.
The group must already exist.
Valid Modes: adduser, adduser --system.
- --lastuid ID
-
--lastgid ID
Override the last UID / last GID.
See --firstuid.
- --no-create-home
-
Do not create a home directory for the new user.
Note that the pathname for the new user's home directory
will still be entered in the appropriate field
in the /etc/passwd file.
The use of this option does not imply that this field should be empty.
Rather, it indicates to adduser
that some other mechanism will be responsible
for initializing the new user's home directory.
Valid Modes: adduser, adduser --system.
- --quiet
-
Suppress informational messages, only show warnings and errors.
- --shell shell
-
Use shell as the user's login shell,
rather than the default specified by the configuration file
(or /usr/sbin/nologin if adduser --system is used).
Valid Modes: adduser, adduser --system.
- --system
-
Nomally, adduser creates
dynamically allocated user accounts and groups
as defined in Debian Policy, Chapter 9.2.2.
With this option, adduser creates a
dynamically allocated system user and group
and changes its mode respectively.
Valid Modes: adduser, addgroup.
- --uid ID
-
Force the new userid to be the given number.
adduser will fail if the userid is already taken.
Valid Modes: adduser, adduser --system.
- --verbose
-
Be more verbose.
- -v , --version
-
Display version and copyright information.
EXIT VALUES
- 0
-
Success: The user or group exists as specified.
This can have 2 causes:
The user or group was created by this call to adduser
or the user or group was already present on the system
as specified before adduser was invoked.
If adduser --system is invoked for a user
already existing as a system user, it will also return 0.
- 1
-
Creating the non-system user or group failed
because it was already present.
The username or groupname was rejected
because of a mismatch with the configured regular expressions, see
adduser.conf(5).
adduser has been aborted by a signal.
Or for many other yet undocumented reasons which
are printed to console then.
You may then consider to remove --quiet
to make adduser more verbose.
SECURITY
adduser needs root privileges and offers,
via the --conf command line option
to use different configuration files.
Do not use sudo(8) or similar tools to
give partial privileges to adduser
with restricted command line parameters.
This is easy to circumvent and might
allow users to create arbitrary accounts.
If you want this,
consider writing your own wrapper script
and giving privileges to execute that script.
FILES
- /etc/adduser.conf
-
Default configuration file for adduser(8) and addgroup(8)
- /usr/local/sbin/adduser.local
-
Optional custom add-ons, see
adduser.local(8)
NOTES
Unfortunately, the term
system account
suffers from double use in Debian.
It both means an account for the actual Debian system,
distinguishing itself from an application account
which might exist in the user database
of some application running on Debian.
A system account in this definition has the potential
to log in to the actual system, has a UID,
can be member in system groups,
can own files and processes.
Debian Policy, au contraire, in its Chapter 9.2.2,
makes a distinguishment of
dynamically allocated system users and groups and
dynamically allocated user accounts,
meaning in both cases special instances of system accounts.
Care must be taken to not confuse this terminology.
Since adduser and deluser(8) never address
application accounts and
everything in this package concerns system accounts here,
the usage of the terms user account and system account
is actually not ambiguous in the context of this package.
For clarity, this document uses the definition
local system account or group if the distinction to
application accounts or
accounts managed in a directory service is needed.
adduser used to have the vision to be the universal front end
to the various directory services for
creation and deletion of regular and system accounts in Debian
since the 1990ies.
This vision has been abandoned as of 2022.
The rationale behind this includes:
that in practice,
a small server system is not going to have
write access to an enterprise-wide directory service anyway,
that locally installed packages are hard to manage with
centrally controlled system accounts,
that enterprise directory services have
their own management processes anyway and
that the personpower of the adduser team
is unlikely to be ever strong enough to write and maintain support for
the plethora of directory services that need support.
adduser will constrict itself to being a policy layer
for the management of local system accounts,
using the tools from the password package for the actual work.
BUGS
Inconsistent use of terminology around the term system account
in docs and code is a bug.
Please report this and allow us to improve our docs.
adduser takes special attention to be directly usable in
Debian maintainer scripts without conditional wrappers,
error suppression and other scaffolding.
The only thing that the package maintainer should need to code
is a check for the presence of the executable in the postrm script.
The adduser maintainers consider the need
for additional scaffolding a bug and
encourage their fellow Debian package maintainers
to file bugs against the adduser package in this case.
SEE ALSO
adduser.conf(5),
deluser(8),
groupadd(8),
useradd(8),
usermod(8),
Debian Policy 9.2.2.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- Add a normal user
-
- Add a system user
-
- Add a group
-
- Add an existing user to an existing group
-
- OPTIONS
-
- EXIT VALUES
-
- SECURITY
-
- FILES
-
- NOTES
-
- BUGS
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 15:48:50 GMT, April 26, 2024