Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
useradd(1M)							   useradd(1M)

NAME
       useradd - administer a new user login on	the system

SYNOPSIS
       useradd	[-c comment]  [-d dir]	[-e expire] [-f	inactive] [-g group] [
       -G group	[ , group...]] [ -m [-k	skel_dir]] [ -u	uid  [-o]]  [-s	shell]
       [-A authorization  [,authorization...]] [-P profile  [,profile...]] [-R
       role  [,role...]] [-p projname] [-K key=value] login

       useradd	-D  [-b	base_dir] [-e expire] [-f inactive] [-g	group] [-A au-
       thorization  [,authorization...]] [-P profile  [,profile...]] [-R  role
       [,role...]] [-p projname] [-K key=value]

       useradd	adds  a	 new  user  to	the  /etc/passwd  and  /etc/shadow and
       /etc/user_attr files. The -A and	-P options respectively	assign	autho-
       rizations  and  profiles	 to the	user. The -R option assigns roles to a
       user. The -p option associates a	project	with a	user.  The  -K	option
       adds  a	key=value  pair	 to  /etc/user_attr  for  the  user.  Multiple
       key=value pairs may be added with multiple -K options.

       useradd also creates supplementary group	memberships for	the  user  (-G
       option)	and creates the	home directory (-m option) for the user	if re-
       quested.	The new	login remains locked until the	passwd(1)  command  is
       executed.

       Specifying  useradd  -D	with the -g, -b, -f, -e, -A, -P, -p, -R, or -K
       option (or any combination of these options) sets  the  default	values
       for the respective fields. See the -D option, below. Subsequent useradd
       commands	without	the -D option use these	arguments.

       The  system  file entries created with this command have	a limit	of 512
       characters per line. Specifying long arguments to several  options  can
       exceed this limit.

       The  login  (login)  and	 role (role) fields accept a string of no more
       than eight bytes	consisting of characters from the  set	of  alphabetic
       characters,  numeric characters,	period (.), underscore (_), and	hyphen
       (-). The	first character	should be alphabetic and the field should con-
       tain at least one lower case alphabetic character. A warning message is
       displayed if these restrictions are not met.

       The login and role fields must contain at least one character and  must
       not contain a colon (:) or a newline (\n).

       The following options are supported:

       -A authorization

	   One or more comma separated authorizations defined in auth_attr(4).
	   Only	 a  user or role who has grant rights to the authorization can
	   assign it to	an account.

       -b base_dir

	   The default base directory for the system if	-d dir is  not	speci-
	   fied.  base_dir is concatenated with	the account name to define the
	   home	directory. If the -m option is not used, base_dir must exist.

	   Note	-  The root file system	of any non-global zones	 must  not  be
		   referenced  with  the  -b option. Doing so might damage the
		   global zone's file system, might compromise the security of
		   the global zone, and	might  damage  the  non-global	zone's
		   file	system.	See zones(5).

       -c comment

	   Any	text string. It	is generally a short description of the	login,
	   and is currently used as the	field for the user's full  name.  This
	   information is stored in the	user's /etc/passwd entry.

       -d dir

	   The	home  directory	 of  the new user. It defaults to base_dir/ac-
	   count_name, where base_dir is the base directory for	new login home
	   directories and account_name	is the new login name.

       -D

	   Display the default values for group,  base_dir,  skel_dir,	shell,
	   inactive,  expire,  proj,  projname	and key=value pairs. When used
	   with	the -g,	-b, -f,	-e, -A,	-P, -p,	-R, or -K options, the -D  op-
	   tion	 sets the default values for the specified fields. The default
	   values are:

	   group	   other (GID of 1)

	   base_dir	   /home

	   skel_dir	   /etc/skel

	   shell	   /bin/sh

	   inactive	   0

	   expire	   null

	   auths	   null

	   profiles	   null

	   proj		   3

	   projname	   default

	   key=value (pairsndoetfipnredseinnt user_attr(4)

	   roles	   null

       -e expire

	   Specify the expiration date for a login. After this date,  no  user
	   will	 be able to access this	login. The expire option argument is a
	   date	entered	using one of the date formats included in the template
	   file	/etc/datemsk. See getdate(3C).

	   If the date format that you choose  includes	 spaces,  it  must  be
	   quoted.  For	example, you can enter 10/6/90 or "October 6, 1990". A
	   null	value (" ") defeats the	status of the expired date.  This  op-
	   tion	is useful for creating temporary logins.

       -f inactive

	   The	maximum	 number	of days	allowed	between	uses of	a login	ID be-
	   fore	that ID	is declared invalid. Normal values are positive	 inte-
	   gers. A value of 0 defeats the status.

       -g group

	   An  existing	 group's  integer ID or	character-string name. Without
	   the -D option, it defines the new user's primary  group  membership
	   and defaults	to the default group. You can reset this default value
	   by invoking useradd -D -g group.

       -G group

	   An existing group's integer ID or character-string name. It defines
	   the	new  user's supplementary group	membership. Duplicates between
	   group with the  -g  and  -G	options	 are  ignored.	No  more  than
	   NGROUPS_MAX groups can be specified.

       -K key=value

	   A  key=value	 pair to add to	the user's attributes. Multiple	-K op-
	   tions may be	used to	add multiple key=value pairs. The  generic  -K
	   option with the appropriate key may be used instead of the specific
	   implied  key	 options (-A, -P, -R, -p). See user_attr(4) for	a list
	   of valid key=value pairs. The "type"	key is not  a  valid  key  for
	   this	option.	Keys may not be	repeated.

       -k skel_dir

	   A  directory	 that contains skeleton	information (such as .profile)
	   that	can be copied into a new user's	home directory.	This directory
	   must	already	exist. The system  provides  the  /etc/skel  directory
	   that	can be used for	this purpose.

       -m

	   Create  the new user's home directory if it does not	already	exist.
	   If the directory already exists, it must have read, write, and exe-
	   cute	permissions by group, where group is the user's	primary	group.

       -o

	   This	option allows a	UID to be duplicated (non-unique).

       -P profile

	   One	or  more  comma-separated  execution   profiles	  defined   in
	   prof_attr(4).

       -p projname

	   Name	 of  the  project with which the added user is associated. See
	   the projname	field as defined in project(4).

       -R role

	   One	or  more  comma-separated  execution   profiles	  defined   in
	   user_attr(4).  Roles	cannot be assigned to other roles.

       -s shell

	   Full	 pathname of the program used as the user's shell on login. It
	   defaults to an empty	field causing the system to use	/bin/sh	as the
	   default. The	value of shell must be a valid executable file.

       -u uid

	   The UID of the new user. This UID must be  a	 non-negative  decimal
	   integer below MAXUID	as defined in <sys/param.h>.  The UID defaults
	   to the next available (unique) number above the highest number cur-
	   rently  assigned.  For  example,  if	UIDs 100, 105, and 200 are as-
	   signed, the next default UID	number will be 201.  (UIDs  from  0-99
	   are reserved	for possible use in future applications.)

       /etc/datemsk

       /etc/passwd

       /etc/shadow

       /etc/group

       /etc/skel

       /usr/include/limits.h

       /etc/user_attr

       See attributes(5) for descriptions of the following attributes:

       +------------------------------+-----------------------------+
       |       ATTRIBUTE TYPE	      |	     ATTRIBUTE VALUE	    |
       +------------------------------+-----------------------------+
       | Availability		      |SUNWcsu			    |
       +------------------------------+-----------------------------+
       | Interface Stability	      |Evolving			    |
       +------------------------------+-----------------------------+

       passwd(1),     profiles(1),    roles(1),	   users(1B),	 groupadd(1M),
       groupdel(1M),   groupmod(1M),	grpck(1M),    logins(1M),    pwck(1M),
       userdel(1M),   usermod(1M),   getdate(3C),   auth_attr(4),   passwd(4),
       prof_attr(4), project(4), user_attr(4), attributes(5)

       In case of an error, useradd prints an error message and	exits  with  a
       non-zero	status.

       The following indicates that login specified is already in use:

       UX: useradd: ERROR: login is already in use. Choose another.

       The  following  indicates  that the uid specified with the -u option is
       not unique:

       UX: useradd: ERROR: uid uid is already in use. Choose another.

       The following indicates that the	group specified	with the -g option  is
       already in use:

       UX: useradd: ERROR: group group does not	exist. Choose another.

       The following indicates that the	uid specified with the -u option is in
       the range of reserved UIDs (from	0-99):

       UX: useradd: WARNING: uid uid is	reserved.

       The  following  indicates that the uid specified	with the -u option ex-
       ceeds MAXUID as defined in <sys/param.h>:

       UX: useradd: ERROR: uid uid is too big. Choose another.

       The following indicates that the	/etc/passwd or	/etc/shadow  files  do
       not exist:

       UX: useradd: ERROR: Cannot update system	files -	login cannot be	created.

       The  useradd  utility  adds  definitions	 to only the local /etc/group,
       etc/passwd, /etc/passwd,	/etc/shadow, /etc/project, and	/etc/user_attr
       files.  If  a network name service such as NIS or NIS+ is being used to
       supplement the local /etc/passwd	file with additional entries,  useradd
       cannot change information supplied by the network name service. However
       useradd	will verify the	uniqueness of the user name (or	role) and user
       id and the existence of any group names specified against the  external
       name service.

				  28 Apr 2005			   useradd(1M)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=useradd&sektion=1m&manpath=SunOS+5.10>

home | help