 |
Index for Section 8 |
|
 |
Alphabetical listing for U |
|
useradd(8)
NAME
useradd - Adds a new user login account
SYNOPSIS
/usr/sbin/useradd [-u uid [-o]] [-g group]
[-G group[,group...]] [-c comment] [-d dir] [-k skel_dir]
[-m] [-s shell] [-f inactive] [-e expire] [-t type]
[-x extended_option] login
/usr/sbin/useradd -D [-g group] [-f inactive] [-e expire] [-b base_dir] [-s
shell] [-k skel_dir]
[-x extended_option]
FLAGS
-D When used without arguments, this flag displays the system default
attributes for user and group information. If invoked with any
combination of the flags, -b, -e, -f, -g, -k, -s, or -x, it sets the
default values for those flags. Subsequent invocations of useradd
without the -D flag uses these new defaults. For example, the
following command sets the default expiry date for any new login that
is created subsequently:
useradd -D -e 08/19/97
-G group[,group...]
This flag is a comma separated list of groups that defines the
supplementary group membership for a new user. Groups can be specified
by the group's name or by its group identification number (GID). An
error is displayed for each group that does not exist. Duplicate
groups are ignored.
-b base_dir
Sets the default directory for user login accounts. If -d dir is not
specified, the default base_dir is concatenated with the user's login
to define the home directory. If the -m flag is not used, base_dir
must exist.
The -b flag can be used only with the -D flag.
-c comment
Specifies a short description of the login, and is currently used as
the field for the user's full name in the user database file. The
comment argument can be any text string. If the text string contains
spaces, enclose the string in quotes.
-d dir
Specifies the home directory of the new user. If not specified, dir
defaults to base_dir/login, where base_dir is the default directory for
user login accounts and login is the name of the new login account.
-e expire
This flag is only for use on systems running in enhanced security mode
and is useful for creating temporary logins. The value of the expire
argument is a date, must be in the format 10/27/97. A blank value ("")
defeats the status of the expired date. Use the -D flag to reset the
default value of the expiry date.
-f inactive
This flag is for use on systems running in enhanced security mode only.
This is the maximum number of days allowed between usage of a login ID
before that login ID is declared invalid. The value must be specified
as a non-negative integer. A value of -1, which is the default value,
defeats the status. You can reset the default value of -1 by invoking
the following command:
useradd -D -f inactive
-g group
When used with the -D flag, the -g flag defines the system default for
a new group. The group argument can be specified as an existing
group's identification number (GID) or character-string name.
When used without the -D flag, it specifies the primary group for the
new user login account.
-k skel_dir
When used without the -D flag, the -k flag specifies the directory that
contains skeleton information (such as startup files) that can be
copied into a new user's home directory. This directory must exist.
The system provides a "skel" directory, /usr/skel that can be used for
this purpose.
When used with the -D flag, it defines the system default.
-m Creates the new user's home directory if it doesn't already exist. If
the directory already exists, it must have read, write and execute
permissions by group, where group is the user's primary group.
-o Allows a user identification (UID) number to be duplicated (non-
unique). This flag can be used only with the -u flag.
-s shell
When used without the -D flag, it specifies the full pathname of the
program used as the user's login shell. If both the -D and -s flags
are not specified, the user's login shell defaults to /bin/sh. The
shell argument must be a valid executable file.
When used with the -D flag, it defines the system default.
-t type
Adds a local plus (+) or local minus (-) NIS user from the user
database. The value of the type parameter can be + or -.
-u uid
Specifies the user identification number (UID) of the new user. The
uid must be specified as a non-negative decimal integer.
-x extended_option
The following extended_option attributes are available. If you use
more than one extended_option attribute on the command line, you must
precede each attribute with the -x flag or enclose the desired
attributes in quotes.
distributed=n
Indicates whether or not the account is distributed. The value of
the distributed=n attribute can be 0 or 1. If set to 0, the
account is added to the local system. If set to 1, the account is
added to the NIS master database on the running system.
local=n
Indicates whether or not the account is local. The value of the
local=n attribute can be 0 or 1. If set to 1, the account is added
to the local database. If set to 0, the account information is
added to the NIS master database.
administrative_lock_applied=n
Indicates whether or not the account is locked by the system
administrator. The value of the administrative_lock_applied=n
attribute can be 0 or 1. If set to 0, the account is not locked.
If set to 1, the account is explicitly locked by the system
administrator.
local_first=n
Indicates the database search order. The value of the
local_first=n attribute can be 0 or 1. If set to 0 and a cell
database (NIS) exists, that database is searched first. If set to
1, the local database is searched first.
rpw_dir=string
Indicates the home directory of the new user. This directory
overrides the home directory in the NIS database.
rpw_shell=string
Indicates the default login shell of the new user. This directory
overrides the default login shell in the NIS database.
The following extended_option attributes are available only on systems
running in enhanced security mode. If you use more than one
extended_option attribute on the command line, you must precede each
attribute with the -x flag or enclose the desired attributes in quotes.
passwd_expiration_time=n
Specifies the time, in days, between the last password change and
the password expiration. (A new password must be chosen.) The value
of n must be an integer. If the value of the
passwd_expiration_time attribute is set to 0, there is no password
expiration time.
passwd_lifetime=n
Specifies the time, in days, between the last password change and
the expiration of the account. The value of n must be an integer.
If the passwd_lifetime attribute is set to 0, the password lifetime
is infinite.
passwd_min_change_time=n
Specifies the time, in days, which must pass before a user can
change the user account password. The value of n must be an
integer. The passwd_min_change_time=0 argument means there is no
minimum time to change the user account password.
login
Specifies the new login name of the user. It can be a string of any
printable characters, except a colon (:) or newline (\n) character.
DESCRIPTION
The useradd command adds and administers user accounts on the system.
Invoking useradd without the -D flag adds a new user entry to the user
database. It also creates supplementary group memberships for the user
(with the -G flag) and creates the home directory for the user, if
requested with the -m flag.
Invoking useradd -D with no additional flags displays the system default
values that are used when creating a new login account.
The -x flag lets the system administrator specify whether the new user
login account is local or distributed over a network. If this flag is not
specified on the command line, the system adds the new user login account
to the appropriate database as specified by the system defaults.
The default behavior on the system for the useradd command is distributed=0
and local=1. With these values, the system adds the user login account to
the local database by default. Setting the distributed= and local=
attributes to the same value (for example, distributed=0 and local=0)
produces an error.
If the user identification number (UID) is not specified, it defaults to
the next available (unique) number. This number is calculated as the next
available UID greater than the nextUID and minUID.
The user database file entries created with useradd cannot exceed 512
characters per line. Specifying long arguments to several options may
exceed this limit.
You must have superuser privilege to execute this command.
EXAMPLES
The following example adds the user, newuser, to the user database:
useradd newuser
The following example adds the user, newuser, to the user database with
user id of 451:
% useradd -u 451 newuser
The following example adds the user, newuser, using the next available user
id with csh as the login shell, and creates the home directory:
% useradd -m -s /bin/csh newuser
The following example adds the local user, xyz, that overrides the default
home directory in the NIS master database:
% useradd -t + -d /users/xyz xyz
The following example changes the default base directory to /user/users1
for all new users:
% useradd -D -b /user/users1
The following example adds the new user, xyz, to the NIS master database:
% useradd -x distributed=1 xyz
EXIT VALUES
The useradd command exits with one of the following values:
0 Success
2 Invalid command syntax or insufficient privilege. A usage message for
the useradd command or an error message is displayed.
3 An invalid argument was provided to an option.
4 The UID, which is specified with the -u flag, is already in use (not
unique).
7 The GID, which is specified with the -g flag, does not exist.
9 The specified login is not unique.
10 Cannot update the group database. The login was added to the user
database, but not to the group database.
12 Unable to create the home directory (with the -m flag) or unable to
complete the copy of skel_dir to the home directory.
FILES
The useradd command operates on the appropriate files for the specific
level of system security.
RELATED INFORMATION
Commands: groupadd(8), groupdel(8), groupmod(8), passwd(1), userdel(8),
usermod(8)
Documents: System Administration, Security