illumos: manual page: useradd.8

USERADD(8) Maintenance Commands and Procedures USERADD(8)

NAME

useradd - administer a new user login on the system

SYNOPSIS

useradd [-A authorization[,authorization]...]
[-b base_dir] [-c comment] [-d dir] [-e expire]
[-f inactive] [-g group] [-G group[,group]...]
[-K key=value] [-m [-z|-Z] [-k skel_dir]] [-p projname]
[-P profile[,profile]...] [-R role[,role]...]
[-s shell] [-u uid [-o]] login

useradd -D [-A authorization[,authorization]...]
[-b base_dir] [-e expire] [-f inactive] [-g group]
[-k skel_dir] [-K key=value] [-p projname]
[-P profile[,profile]...] [-R role[,role]...]
[-s shell]

DESCRIPTION

useradd adds a new user to the /etc/passwd and /etc/shadow and
/etc/user_attr files. The -A and -P options respectively assign
authorizations and profiles to the user. The -R option assigns roles to
the user. The -p option associates a project with the user. The -K option
adds a key=value pair to /etc/user_attr for the user. Multiple key=value
pairs may be added with multiple -K options.

useradd also creates supplementary group memberships for the user (-G
option) and creates the home directory (-m option) for the user if
requested. The new login remains locked until the passwd(1) command is
executed.

Specifying useradd -D with the -A, -b, -e, -f, -g, -k, -K, -p, -P, -R, or
-s option (or any combination of these options) sets the default values
for the respective fields. See the -D option, below. Subsequent useradd
commands without the -D option use these arguments.

The system file entries created with this command have a limit of 2048
characters per line. Specifying long arguments to several options can
exceed this limit.

useradd requires that usernames be in the format described in passwd(5).
A warning message is displayed if these restrictions are not met. See
passwd(5) for the requirements for usernames.

To change the action of useradd when the traditional login name length
limit of eight characters is exceeded, edit the file /etc/default/useradd
by removing the # (pound sign) before the appropriate EXCEED_TRAD= entry,
and adding it before the others.

OPTIONS

The following options are supported:

-A authorization

One or more comma separated authorizations defined in auth_attr(5).
Only a user or role who has grant rights to the authorization can
assign it to an account.

-b base_dir

The base directory for new login home directories (see the -d option
below). The directory named by base_dir must already exist and be an
absolute path.

-c comment

A text string. It is generally a short description of the login, and
is currently used as the field for the user's full name. This
information is stored in the user's /etc/passwd entry.

-d dir

The home directory of the new user. If not supplied, it defaults to
base_dir/account_name, where base_dir is the base directory for new
login home directories and account_name is the new login name.

-D

Display the default values for group, base_dir, skel_dir, shell,
inactive, expire, proj, projname and key=value pairs. When used with
the -A, -b, -e, -f, -g, -P, -p, -R, or -K options, the -D option sets
the default values for the specified fields. The default values are:

group

other (GID of 1)

base_dir

/home

skel_dir

/etc/skel

shell

/bin/sh

inactive

0

expire

null

auths

null

profiles

null

proj

3

projname

default

key=value (pairs defined in user_attr(5))

not present

roles

null

-e expire

Specify the expiration date for a login. After this date, no user
will be able to access this login. The expire option argument is a
date entered using one of the date formats included in the template
file /etc/datemsk. See getdate(3C).

If the date format that you choose includes spaces, it must be
quoted. For example, you can enter 10/6/90 or October 6, 1990. A null
value (" ") defeats the status of the expired date. This option is
useful for creating temporary logins.

-f inactive

The maximum number of days allowed between uses of a login ID before
that ID is declared invalid. Normal values are positive integers. A
value of 0 defeats the status.

-g group

An existing group's integer ID or character-string name. Without the
-D option, it defines the new user's primary group membership and
defaults to the default group. You can reset this default value by
invoking useradd -D -g group. GIDs 0-99 are reserved for allocation
by the Operating System.

-G group

One or more comma-separated existing groups, specified by integer ID
or character-string name. It defines the new user's supplementary
group membership. Any duplicate groups between the -g and -G options
are ignored. No more than NGROUPS_MAX groups can be specified. GIDs
0-99 are reserved for allocation by the Operating System.

-k skel_dir

A directory that contains skeleton information (such as .profile)
that can be copied into a new user's home directory. This directory
must already exist. The system provides the /etc/skel directory that
can be used for this purpose.

-K key=value

A key=value pair to add to the user's attributes. Multiple -K options
may be used to add multiple key=value pairs. The generic -K option
with the appropriate key may be used instead of the specific implied
key options (-A, -p, -P, -R). See user_attr(5) for a list of valid
key=value pairs. The "type" key is not a valid key for this option.
Keys cannot be repeated.

-m [-z|-Z]

Create the new user's home directory if it does not already exist. If
the directory already exists, it must have read, write, and execute
permissions by group, where group is the user's primary group.

If the parent directory of the user's home directory is located on a
separate ZFS file system and the /etc/default/useradd file contains
the parameter MANAGE_ZFS set to the value YES, a new ZFS file system
will be created for the user.

If the -z option is specified, useradd will always try to create a
new file system for the home directory.

If the -Z option is specified, a new file system will never be
created.

-o

This option allows a UID to be duplicated (non-unique).

-p projname

Name of the project with which the added user is associated. See the
projname field as defined in project(5).

-P profile

One or more comma-separated execution profiles defined in
prof_attr(5).

-R role

One or more comma-separated roles defined in user_attr(5). Roles
cannot be assigned to other roles.

-s shell

Full pathname of the program used as the user's shell on login. It
defaults to an empty field causing the system to use /bin/sh as the
default. The value of shell must be a valid executable file.

-u uid

The UID of the new user. This UID must be a non-negative decimal
integer below MAXUID as defined in <sys/param.h>. The UID defaults to
the next available (unique) number above the highest number currently
assigned. For example, if UIDs 100, 105, and 200 are assigned, the
next default UID number will be 201. UIDs 0-99 are reserved for
allocation by the Operating System.

FILES

/etc/default/useradd

/etc/datemsk

/etc/passwd

/etc/shadow

/etc/group

/etc/skel

/usr/include/limits.h

/etc/user_attr

ATTRIBUTES

DIAGNOSTICS

In case of an error, useradd prints an error message and exits with a
non-zero status.

The following indicates that login specified is already in use:

UX: useradd: ERROR: login is already in use. Choose another.

The following indicates that the uid specified with the -u option is not
unique:

UX: useradd: ERROR: uid uid is already in use. Choose another.

The following indicates that the group specified with the -g option is
already in use:

UX: useradd: ERROR: group group does not exist. Choose another.

The following indicates that the uid specified with the -u option is in
the range of reserved UIDs (from 0-99):

UX: useradd: WARNING: uid uid is reserved.

The following indicates that the uid specified with the -u option exceeds
MAXUID as defined in <sys/param.h>:

UX: useradd: ERROR: uid uid is too big. Choose another.

The following indicates that the /etc/passwd or /etc/shadow files do not
exist:

UX: useradd: ERROR: Cannot update system files - login cannot be created.

NOTES

The useradd utility adds definitions to only the local /etc/group,
/etc/passwd, /etc/shadow, /etc/project, and /etc/user_attr files. If a
network name service is being used to supplement the local /etc/passwd
file with additional entries, useradd cannot change information supplied
by the network name service. However useradd will verify the uniqueness
of the user name (or role) and user id and the existence of any group
names specified against the external name service.

January 7, 2018 USERADD(8)