Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
useradd(1M)							   useradd(1M)

       useradd - administer a new user login on	the system

       useradd	[-c comment]  [-d dir]	[-e expire] [-f	inactive] [-g group] [
       -G group	[ , group...]] [ -m [-k	skel_dir]] [ -u	uid  [-o]]  [-s	shell]
       [-A authorization  [,authorization...]] [-P profile  [,profile...]] [-R
       role  [,role...]] [-p projname] [-K key=value] login

       useradd -D [-b base_dir]	[-e expire] [-f	inactive] [-g group]  [-A  au-
       thorization   [,authorization...]] [-P profile  [,profile...]] [-R role
       [,role...]] [-p projname] [-K key=value]

       useradd adds  a	new  user  to  the  /etc/passwd	 and  /etc/shadow  and
       /etc/user_attr  files. The -A and -P options respectively assign	autho-
       rizations and profiles to the user. The -R option assigns  roles	 to  a
       user.  The  -p  option  associates a project with a user. The -K	option
       adds  a	key=value  pair	 to  /etc/user_attr  for  the  user.  Multiple
       key=value pairs may be added with multiple -K options.

       useradd	also  creates supplementary group memberships for the user (-G
       option) and creates the home directory (-m option) for the user if  re-
       quested.	 The  new  login remains locked	until the passwd(1) command is

       Specifying useradd -D with the -g, -b, -f, -e, -A, -P, -p,  -R,	or  -K
       option  (or  any	 combination of	these options) sets the	default	values
       for the respective fields. See the -D option, below. Subsequent useradd
       commands	without	the -D option use these	arguments.

       The  system  file entries created with this command have	a limit	of 512
       characters per line. Specifying long arguments to several  options  can
       exceed this limit.

       The  login  (login)  and	 role (role) fields accept a string of no more
       than eight bytes	consisting of characters from the  set	of  alphabetic
       characters,  numeric characters,	period (.), underscore (_), and	hyphen
       (-). The	first character	should be alphabetic and the field should con-
       tain at least one lower case alphabetic character. A warning message is
       displayed if these restrictions are not met.

       The login and role fields must contain at least one character and  must
       not contain a colon (:) or a newline (\n).

       The following options are supported:

       -A authorization

	   One or more comma separated authorizations defined in auth_attr(4).
	   Only	a user or role who has grant rights to the  authorization  can
	   assign it to	an account.

       -b base_dir

	   The	default	 base directory	for the	system if -d dir is not	speci-
	   fied. base_dir is concatenated with the account name	to define  the
	   home	directory. If the -m option is not used, base_dir must exist.

	   Note	-  The	root  file  system of any non-global zones must	not be
		   referenced with the -b option. Doing	so  might  damage  the
		   global zone's file system, might compromise the security of
		   the global zone, and	might  damage  the  non-global	zone's
		   file	system.	See zones(5).

       -c comment

	   Any	text string. It	is generally a short description of the	login,
	   and is currently used as the	field for the user's full  name.  This
	   information is stored in the	user's /etc/passwd entry.

       -d dir

	   The	home  directory	 of  the new user. It defaults to base_dir/ac-
	   count_name, where base_dir is the base directory for	new login home
	   directories and account_name	is the new login name.


	   Display  the	 default  values for group, base_dir, skel_dir,	shell,
	   inactive, expire, proj, projname and	 key=value  pairs.  When  used
	   with	 the -g, -b, -f, -e, -A, -P, -p, -R, or	-K options, the	-D op-
	   tion	sets the default values	for the	specified fields. The  default
	   values are:

	   group	   other (GID of 1)

	   base_dir	   /home

	   skel_dir	   /etc/skel

	   shell	   /bin/sh

	   inactive	   0

	   expire	   null

	   auths	   null

	   profiles	   null

	   proj		   3

	   projname	   default

	   key=value (pairsndefinedinuser_attr(4)

	   roles	   null

       -e expire

	   Specify  the	 expiration date for a login. After this date, no user
	   will	be able	to access this login. The expire option	argument is  a
	   date	entered	using one of the date formats included in the template
	   file	/etc/datemsk. See getdate(3C).

	   If the date format that you choose  includes	 spaces,  it  must  be
	   quoted.  For	example, you can enter 10/6/90 or "October 6, 1990". A
	   null	value (" ") defeats the	status of the expired date.  This  op-
	   tion	is useful for creating temporary logins.

       -f inactive

	   The	maximum	 number	of days	allowed	between	uses of	a login	ID be-
	   fore	that ID	is declared invalid. Normal values are positive	 inte-
	   gers. A value of 0 defeats the status.

       -g group

	   An  existing	 group's  integer ID or	character-string name. Without
	   the -D option, it defines the new user's primary  group  membership
	   and defaults	to the default group. You can reset this default value
	   by invoking useradd -D -g group.

       -G group

	   An existing group's integer ID or character-string name. It defines
	   the	new  user's supplementary group	membership. Duplicates between
	   group with the  -g  and  -G	options	 are  ignored.	No  more  than
	   NGROUPS_MAX groups can be specified.

       -K key=value

	   A  key=value	 pair to add to	the user's attributes. Multiple	-K op-
	   tions may be	used to	add multiple key=value pairs. The  generic  -K
	   option with the appropriate key may be used instead of the specific
	   implied key options (-A, -P,	-R, -p). See user_attr(4) for  a  list
	   of  valid  key=value	 pairs.	 The "type" key	is not a valid key for
	   this	option.	Keys may not be	repeated.

       -k skel_dir

	   A directory that contains skeleton information (such	 as  .profile)
	   that	can be copied into a new user's	home directory.	This directory
	   must	already	exist. The system  provides  the  /etc/skel  directory
	   that	can be used for	this purpose.


	   Create  the new user's home directory if it does not	already	exist.
	   If the directory already exists, it must have read, write, and exe-
	   cute	permissions by group, where group is the user's	primary	group.


	   This	option allows a	UID to be duplicated (non-unique).

       -P profile

	   One	 or   more   comma-separated  execution	 profiles  defined  in

       -p projname

	   Name	of the project with which the added user  is  associated.  See
	   the projname	field as defined in project(4).

       -R role

	   One	 or   more   comma-separated  execution	 profiles  defined  in
	   user_attr(4).  Roles	cannot be assigned to other roles.

       -s shell

	   Full	pathname of the	program	used as	the user's shell on login.  It
	   defaults to an empty	field causing the system to use	/bin/sh	as the
	   default. The	value of shell must be a valid executable file.

       -u uid

	   The UID of the new user. This UID must be  a	 non-negative  decimal
	   integer below MAXUID	as defined in <sys/param.h>.  The UID defaults
	   to the next available (unique) number above the highest number cur-
	   rently  assigned.  For  example,  if	UIDs 100, 105, and 200 are as-
	   signed, the next default UID	number will be 201.  (UIDs  from  0-99
	   are reserved	for possible use in future applications.)








       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsu			   |
       |Interface Stability	     |Evolving			   |

       passwd(1),     profiles(1),    roles(1),	   users(1B),	 groupadd(1M),
       groupdel(1M),   groupmod(1M),	grpck(1M),    logins(1M),    pwck(1M),
       userdel(1M),   usermod(1M),   getdate(3C),   auth_attr(4),   passwd(4),
       prof_attr(4), project(4), user_attr(4), attributes(5)

       In case of an error, useradd prints an error message and	exits  with  a
       non-zero	status.

       The following indicates that login specified is already in use:

       UX: useradd: ERROR: login is already in use. Choose another.

       The  following  indicates  that the uid specified with the -u option is
       not unique:

       UX: useradd: ERROR: uid uid is already in use. Choose another.

       The following indicates that the	group specified	with the -g option  is
       already in use:

       UX: useradd: ERROR: group group does not	exist. Choose another.

       The following indicates that the	uid specified with the -u option is in
       the range of reserved UIDs (from	0-99):

       UX: useradd: WARNING: uid uid is	reserved.

       The following indicates that the	uid specified with the -u  option  ex-
       ceeds MAXUID as defined in <sys/param.h>:

       UX: useradd: ERROR: uid uid is too big. Choose another.

       The  following  indicates  that the /etc/passwd or /etc/shadow files do
       not exist:

       UX: useradd: ERROR: Cannot update system	files -	login cannot be	created.

       The useradd utility adds	definitions  to	 only  the  local  /etc/group,
       etc/passwd,  /etc/passwd, /etc/shadow, /etc/project, and	/etc/user_attr
       files. If a network name	service	such as	NIS or NIS+ is being  used  to
       supplement  the local /etc/passwd file with additional entries, useradd
       cannot change information supplied by the network name service. However
       useradd	will verify the	uniqueness of the user name (or	role) and user
       id and the existence of any group names specified against the  external
       name service.

				  28 Apr 2005			   useradd(1M)


Want to link to this manual page? Use this URL:

home | help