NOM
useradd - créer un nouvel utilisateur ou modifier les informations par défaut appliquées aux nouveaux utilisateursSYNOPSIS
useradd
[ options] LOGIN
useradd
-D
useradd
-D [ options]
DESCRIPTION
useradd is a low level utility for adding users. On Debian, administrators should usually use adduser(8) instead. When invoked without the -D option, the useradd command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files. By default, a group will also be created for the new user (see -g, -N, -U, and USERGROUPS_ENAB).OPTIONS
The options which apply to the useradd command are: --badnameAllow names that do not conform to
standards.
-b, --base-dir BASE_DIR
The default base directory for the system if
-d HOME_DIR is not specified. BASE_DIR is
concatenated with the account name to define the home directory.
If this option is not specified, useradd will use the base directory
specified by the HOME variable in /etc/default/useradd, or /home by
default.
-c, --comment COMMENT
Any text string. It is generally a short
description of the account, and is currently used as the field for the user's
full name.
-d, --home-dir HOME_DIR
The new user will be created using
HOME_DIR as the value for the user's login directory. The default is to
append the LOGIN name to BASE_DIR and use that as the login
directory name. If the directory HOME_DIR does not exist, then it will
be created unless the -M option is specified.
-D, --defaults
Consultez ci-dessous la sous-section
« Modifier les valeurs par défaut ».
-e, --expiredate EXPIRE_DATE
The date on which the user account will be
disabled. The date is specified in the format YYYY-MM-DD.
If not specified, useradd will use the default expiry date specified by
the EXPIRE variable in /etc/default/useradd, or an empty string (no
expiry) by default.
-f, --inactive INACTIVE
defines the number of days after the password
exceeded its maximum age where the user is expected to replace this password.
The value is stored in the shadow password file. An input of 0 will disable an
expired password with no delay. An input of -1 will blank the respective field
in the shadow password file. See shadow(5)for more information.
If not specified, useradd will use the default inactivity period
specified by the INACTIVE variable in /etc/default/useradd, or -1 by
default.
-F, --add-subids-for-system
Update /etc/subuid and /etc/subgid even when
creating a system account with -r option.
-g, --gid GROUP
The name or the number of the user's primary
group. The group name must exist. A group number must refer to an already
existing group.
If not specified, the behavior of useradd will depend on the
USERGROUPS_ENAB variable in /etc/login.defs. If this variable is set to
yes (or -U/--user-group is specified on the command line), a
group will be created for the user, with the same name as her loginname. If
the variable is set to no (or -N/--no-user-group is specified on
the command line), useradd will set the primary group of the new user to the
value specified by the GROUP variable in /etc/default/useradd, or 100
by default.
-G,
--groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user
is also a member of. Each group is separated from the next by a comma, with no
intervening whitespace. The groups are subject to the same restrictions as the
group given with the -g option. The default is for the user to belong
only to the initial group.
-h, --help
Afficher un message d'aide et quitter.
-k, --skel SKEL_DIR
The skeleton directory, which contains files
and directories to be copied in the user's home directory, when the home
directory is created by useradd.
This option is only valid if the -m (or --create-home) option is
specified.
If this option is not set, the skeleton directory is defined by the SKEL
variable in /etc/default/useradd or, by default, /etc/skel.
Si possible, les ACL et les attributs étendus seront copiés.
-K, --key KEY=VALUE
Overrides /etc/login.defs defaults (
UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and
others).
Example: -K PASS_MAX_DAYS =-1 can be used when
creating an account to turn off password aging. Multiple -K options can
be specified, e.g.: -K UID_MIN =
100 -K UID_MAX=499
For the compatibility with previous Debian's useradd, the -O
option is also supported.
-l, --no-log-init
N'ajoute pas l'utilisateur aux bases de
données lastlog et faillog.
Par défaut, les entrées de l'utilisateur dans les bases de
données lastlog et faillog sont remises à zéro pour
éviter de réutiliser les entrées d'un utilisateur
précédemment supprimé.
If this option is not specified, useradd will also consult the variable
LOG_INIT in the /etc/default/useradd if set to no the user will not be
added to the lastlog and faillog databases.
-m, --create-home
Create the user's home directory if it does
not exist. The files and directories contained in the skeleton directory
(which can be defined with the -k option) will be copied to the home
directory.
By default, if this option is not specified and CREATE_HOME is not
enabled, no home directories are created.
The directory where the user's home directory is created must exist and have
proper SELinux context and permissions. Otherwise the user's home directory
cannot be created or accessed.
-M, --no-create-home
Do not create the user's home directory, even
if the system wide setting from /etc/login.defs ( CREATE_HOME) is set
to yes.
-N, --no-user-group
Do not create a group with the same name as
the user, but add the user to the group specified by the -g option or
by the GROUP variable in /etc/default/useradd.
The default behavior (if the -g, -N, and -U options are not
specified) is defined by the USERGROUPS_ENAB variable in
/etc/login.defs.
-o, --non-unique
allows the creation of an account with an
already existing UID.
This option is only valid in combination with the -u option. As a user
identity serves as key to map between users on one hand and permissions, file
ownerships and other aspects that determine the system's behavior on the other
hand, more than one login name will access the account of the given UID.
-p, --password PASSWORD
defines an initial password for the account.
PASSWORD is expected to be encrypted, as returned by crypt (3). Within
a shell script, this option allows to create efficiently batches of users.
Without this option, the new account will be locked and with no password
defined, i.e. a single exclamation mark in the respective field of
/etc/shadow. This is a state where the user won't be able to access the
account or to define a password himself.
Note:Avoid this option on the command line because the password (or
encrypted password) will be visible by users listing the processes.
Il est nécessaire de vérifier si le mot de passe respecte la
politique de mots de passe du système.
-r, --system
Créer un compte système.
System users will be created with no aging information in /etc/shadow, and their
numeric identifiers are chosen in the SYS_UID_MIN-SYS_UID_MAX
range, defined in /etc/login.defs, instead of UID_MIN-UID_MAX
(and their GID counterparts for the creation of groups).
Note that useradd will not create a home directory for such a user,
regardless of the default setting in /etc/login.defs ( CREATE_HOME).
You have to specify the -m options if you want a home directory for a
system account to be created.
Note that this option will not update /etc/subuid and /etc/subgid. You have to
specify the -F options if you want to update the files for a system
account to be created.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR
directory and use the configuration files from the CHROOT_DIR
directory. Only absolute paths are supported.
-P, --prefix PREFIX_DIR
Apply changes to configuration files under the
root filesystem found under the directory PREFIX_DIR. This option does
not chroot and is intended for preparing a cross-compilation target. Some
limitations: NIS and LDAP users/groups are not verified. PAM authentication is
using the host files. No SELINUX support.
-s, --shell SHELL
sets the path to the user's login shell.
Without this option, the system will use the SHELL variable specified
in /etc/default/useradd, or, if that is as well not set, the field for the
login shell in /etc/passwd remains empty.
-u, --uid UID
The numerical value of the user's ID. This
value must be unique, unless the -o option is used. The value must be
non-negative. The default is to use the smallest ID value greater than or
equal to UID_MIN and greater than every other user.
See also the -r option and the UID_MAX description.
-U, --user-group
Crée un groupe avec le même nom
que celui de l'utilisateur, et ajoute l'utilisateur à ce groupe.
The default behavior (if the -g, -N, and -U options are not
specified) is defined by the USERGROUPS_ENAB variable in
/etc/login.defs.
-Z, --selinux-user SEUSER
defines the SELinux user for the new account.
Without this option, a SELinux uses the default user. Note that the shadow
system doesn't store the selinux-user, it uses semanage(8) for
that.
Modifier les valeurs par défaut
When invoked with only the -D option, useradd will display the current default values. When invoked with -D plus other options, useradd will update the default values for the specified options. Valid default-changing options are: -b, --base-dir BASE_DIRsets the path prefix for a new user's home
directory. The user's name will be affixed to the end of BASE_DIR to
form the new user's home directory name, if the -d option is not used
when creating a new account.
This option sets the HOME variable in /etc/default/useradd.
-e, --expiredate EXPIRE_DATE
sets the date on which newly created user
accounts are disabled.
This option sets the EXPIRE variable in /etc/default/useradd.
-f, --inactive INACTIVE
defines the number of days after the password
exceeded its maximum age where the user is expected to replace this password.
See shadow(5)for more information.
This option sets the INACTIVE variable in /etc/default/useradd.
-g, --gid GROUP
sets the default primary group for newly
created users, accepting group names or a numerical group ID. The named group
must exist, and the GID must have an existing entry.
This option sets the GROUP variable in /etc/default/useradd.
-s, --shell SHELL
defines the default login shell for new users.
This option sets the SHELL variable in /etc/default/useradd.
NOTES
The system administrator is responsible for placing the default user files in the /etc/skel/ directory (or any other skeleton directory specified in /etc/default/useradd or on the command line).AVERTISSEMENTS
Vous ne pouvez pas ajouter d'utilisateur à un groupe NIS ou LDAP. Cela doit être effectué sur le serveur correspondant. Similarly, if the username already exists in an external user database such as NIS or LDAP, useradd will deny the user account creation request. Usernames may contain only lower and upper case letters, digits, underscores, or dashes. They can end with a dollar sign. Dashes are not allowed at the beginning of the username. Fully numeric usernames and usernames . or .. are also disallowed. It is not recommended to use usernames beginning with . character as their home directories will be hidden in the ls output. On Debian, the only constraints are that usernames must neither start with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a colon (':'), a comma (','), or a whitespace (space: ' ', end of line: '\n', tabulation: '\t', etc.). Note that using a slash ('/') may break the default algorithm for the definition of the user's home directory. Les noms d'utilisateur sont limités à 16 caractères.CONFIGURATION
The following configuration variables in /etc/login.defs change the behavior of this tool:FICHIERS
/etc/passwdInformations sur les comptes des
utilisateurs.
/etc/shadow
Informations sécurisées sur les
comptes utilisateurs.
/etc/group
Informations sur les groupes.
/etc/gshadow
Informations sécurisées sur les
groupes.
/etc/default/useradd
Valeurs par défaut pour la
création de comptes.
/etc/shadow-maint/useradd-pre.d/*, /etc/shadow-maint/useradd-post.d/*
Run-part files to execute during user
addition. The environment variable ACTION will be populated with
useradd and SUBJECT with the username. useradd-pre.d will be
executed prior to any user addition. useradd-post.d will execute after user
addition. If a script exits non-zero then execution will terminate.
/etc/skel/
Répertoire contenant les fichiers par
défaut.
/etc/subgid
IDs des groupes subalternes d'un
utilisateur.
/etc/subuid
IDs de utilisateurs subalternes d'un
utilisateur.
/etc/login.defs
Configuration de la suite des mots de passe
cachés « shadow password ».
VALEURS DE RETOUR
The useradd command exits with the following values: 0success
1
can't update password file
2
invalid command syntax
3
invalid argument to option
4
UID already in use (and no -o)
6
specified group doesn't exist
9
username or group name already in use
10
can't update group file
12
can't create home directory
14
can't update SELinux user mapping
VOIR AUSSI
chfn(1), chsh(1), passwd(1), crypt(3), groupadd(8), groupdel(8), groupmod(8), login.defs(5), newusers(8), subgid(5), subuid(5), userdel(8), usermod(8).23/03/2023 | shadow-utils 4.13 |