Create User In Linux
Creating new user accounts on Linux is a fundamental skill for developers and system administrators; even if developers have no infrastructure responsibilities, adding new users is necessary when setting up a new development or testing environment mirroring production.
The short answer
To create a new user on Linux in interactive mode, you can use the [.inline-code] adduser[.inline-code] command as follows:
This command will create a new user and group with the same name, set that group as the user’s primary group, and create a home directory for that user located at [.inline-code] /home/<username>[.inline-code] .
Note that the username length is limited to 32 characters.
Also note that this command requires superuser privileges to run. You can learn more about the [.inline-code] sudo[.inline-code] command by reading our other articles on how to add a user to sudoers and how to spawn a root shell.
For example, the following command will create a new user and group named [.inline-code] maverick[.inline-code] , and a home directory for this user located at [.inline-code] /home/maverick[.inline-code] :
[#create-a-user-in-non-interactive-mode] Creating a user in non-interactive mode [#create-a-user-in-non-interactive-mode]
To create a new user in non-interactive mode, which is usually more suitable for scripting purposes, you can use the [.inline-code] useradd[.inline-code] command as follows:
Just like the [.inline-code] adduser[.inline-code] command, this command will create a new user and a new group with the same name, and set that group as the user’s primary group.
However, unlike the [.inline-code] adduser[.inline-code] command, it won’t automatically create a home directory nor set a password for the specified user.
[#easily-recall-this-syntax-with-ai] Easily retrieve these commands using Warp’s AI Command Search [#easily-recall-this-syntax-with-ai]
If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Search feature:
Entering [.inline-code] create user linux[.inline-code] in the AI command search will prompt a list of commands that can then be quickly inserted into your shell by doing [.inline-code] CMD+ENTER[.inline-code] .
[#set-up-a-new-user-password] Setting up the password of a newly created user [#set-up-a-new-user-password]
To set the password of a new user created with the [.inline-code] useradd[.inline-code] command, you can use the [.inline-code] passwd[.inline-code] command as follows:
Which will prompt you to manually enter the password for this user.
Note that while the [.inline-code] useradd[.inline-code] command allows you to create a new user with a password using the [.inline-code] -p[.inline-code] flag (short for [.inline-code] --password[.inline-code] ), it is strongly recommended to avoid using this flag as the password will be visible to anyone who can list processes in the system.
[#create-a-user-with-a-home-directory]Creating a user with a home directory [#create-a-user-with-a-home-directory]
By default, the [.inline-code] useradd[.inline-code] command doesn’t create a home directory for the specified user.
To create a new user with a home directory located at [.inline-code] /home/<username>[.inline-code] , you can use the [.inline-code] -m[.inline-code] flag (short for [.inline-code] --create-home[.inline-code] ) as follows:
Note that the home directory will only be created if the [.inline-code] CREATE_HOME[.inline-code] variable in the [.inline-code] /etc/login.defs[.inline-code] file is set to [.inline-code] true[.inline-code] .
[#specify-the-home-directory-location] Specifying a custom location for the home directory [#specify-the-home-directory-location]
To create a new user with a home directory at a custom location instead of the default [.inline-code] /home/<username>[.inline-code] , you can use the [.inline-code] -d[.inline-code] flag (short for [.inline-code] --home[.inline-code] ) as follows:
[#copy-the-home-directory-from-skeleton] Setting up a home directory based on a skeleton [#copy-the-home-directory-from-skeleton]
When creating a new user, you can specify a skeleton directory whose files will be automatically copied into the user’s home directory using the [.inline-code] -k[.inline-code] flag (short for [.inline-code] --skel[.inline-code] ) as follows:
Note that if this option is not set, the [.inline-code] useradd[.inline-code] command will use the skeleton directory defined in the [.inline-code] SKEL[.inline-code] variable in the [.inline-code] /etc/default/useradd[.inline-code] or [.inline-code] /etc/skel[.inline-code] file.
[#create-a-user-with-uid-and-gid] Creating a new user with an explicit UID and GID [#create-a-user-with-uid-and-gid]
In Unix-like operating systems, users and groups are identified by numeric values respectively known as UID and GID. By default, the users created using the [.inline-code] useradd[.inline-code] command are automatically assigned an unused UID and GID by the system.
[#create-a-user-with-a-uid] Creating a new user with an arbitrary UID [#create-a-user-with-a-uid]
To create a new user with an arbitrary UID, you can use the [.inline-code] -u[.inline-code] flag (short for [.inline-code] --uid[.inline-code] ) as follows:
Note that if the [.inline-code] USERGROUPS_ENAB[.inline-code] variable in the [.inline-code] login.defs[.inline-code] file is set to [.inline-code] true[.inline-code] , it will also create a group with the same name and GID.
For example, this command will create a new user named [.inline-code] iceman[.inline-code] with a UID of [.inline-code] 1985[.inline-code] :
[#create-a-user-with-a-gid] Creating a new user with an existing group name or GID [#create-a-user-with-a-gid]
To create a new user and assign it to an existing group name or GID, you can use the [.inline-code] -g[.inline-code] flag (short for [.inline-code] --gid[.inline-code] ) as follows:
Note that the specified [.inline-code] gid[.inline-code] must belong to an existing group, as otherwise, the [.inline-code] useradd[.inline-code] command will fail.
For example, this command will create a new user named [.inline-code] iceman[.inline-code] with a UID of [.inline-code] 1985[.inline-code] and a GID of [.inline-code] 1969[.inline-code] :
[#create-a-user-with-multiple-groups] Creating users with multiple group memberships [#create-a-user-with-multiple-groups]
The primary group is the default group that files and directories created by the user will belong to. On the other hand, secondary groups provide additional permissions and access rights to files beyond those granted by the primary group.
To assign one or more secondary groups to a user, you can use the [.inline-code] useradd[.inline-code] command with the [.inline-code] -G[.inline-code] flag (short for [.inline-code] --groups[.inline-code] ) as follows:
Where [.inline-code] secondary_group,...[.inline-code] is a list of comma separated secondary group names or GIDs.
For example, this command will create a new user named [.inline-code] maverick[.inline-code] whose default primary group is [.inline-code] maverick[.inline-code] and secondary groups are [.inline-code] topgun[.inline-code] and [.inline-code] 1970[.inline-code] :
[#create-a-user-with-minimal-privileges] Creating users with minimal privileges [#create-a-user-with-minimal-privileges]
Giving users only what is needed to perform their tasks is essential to keep systems secure. However, every system administrator needs to define the concept of minimal privileges.
Two common restrictions are assigning users a limited shell or a non-interactive one, preventing users from logging in.
[#create-a-user-with-rbash] Creating users with limited shell features [#create-a-user-with-rbash]
The restricted Bash shell, or [.inline-code] rbash[.inline-code] , is a shell designed to restrict users to a subset of functionality, preventing them from executing certain commands, accessing specific directories, or modifying environment variables.
It is particularly useful in scenarios where users require limited capabilities, such as in shared computing environments, reducing the risk of unauthorized system access or unintended modifications.
To create a new user account with a restricted shell, you can set the user's default shell to [.inline-code] /bin/rbash[.inline-code] using the [.inline-code] -s[.inline-code] flag (short for [.inline-code] --shell[.inline-code] ) as follows:
You can learn more about the restricted Bash shell by reading the official documentation page.
[#create-a-user-without-a-shell] Creating users with non-interactive shell [#create-a-user-without-a-shell]
On Unix-like operating systems, administrators often create user accounts with no shell access whose sole purposes are to run predefined tasks or services like backups or servers. This helps mitigate the risk of unauthorized command-line access and reduce the attack surface on the machine.
To create a new user account without shell access, you can set the user's default shell to [.inline-code] /sbin/nologin[.inline-code] , which will cause the system to output an error message when a user tries to log in to that account:
Alternatively, you can set the user's default shell to [.inline-code] /bin/false[.inline-code] , which, unlike the [.inline-code] /sbin/nologin[.inline-code] binary, will prevent the user from logging in to the specified account without outputting an error message:
[#create-a-temporary-user] Creating temporary users with expiration dates [#create-a-temporary-user]
Another method for mitigating security risks on a system is to create temporary user accounts with a predefined access duration, which is particularly useful when bringing temporary collaborators onboard a project. This helps avoid the existence of dormant accounts that could potentially be exploited to gain unauthorized system access.
To create a user with an expiration date, you can use the [.inline-code] useradd[.inline-code] command with the [.inline-code] -e[.inline-code] flag (short for [.inline-code] --expiredate[.inline-code] ) as follows:
Where [.inline-code] date[.inline-code] has the [.inline-code] YYYY-MM-DD[.inline-code] format.
Written by
