Linux adduser and addgroup commands

Updated: 04/01/2018 by Computer Hope

• About adduser and addgroup

• addgroup and adduser syntax
• addgroup and adduser Examples
• Related commands
• Linux and Unix commands help

About adduser and addgroup

The adduser command adds a new user to the system.
The addgroup command adds a new group to the system.

Description
adduser and addgroup add users and groups to the system according to command line options and
configuration information in /etc/adduser.conf. They are friendlier front ends to the low-level tools
like useradd, groupadd and usermod programs, by choosing policy-conformant UID and GID values,
creating a home directory with skeletal configuration, running a custom script, and other features.
adduser and addgroup can be run in one of five modes:

To add a normal user

If called with one non-option argument and without the --system or --group options, adduser will add
a normal user.
adduser will choose the first available UID from the range specified for normal users in the
configuration file. The UID can b overridden with the --uid option.
The range specified in the configuration file may be overridden with the --firstuid and --lastuid
options.
By default, each user in a GNU/Linux system is given a corresponding group with the same name. User
groups allow group writable directories to be easily maintained by placing the appropriate users in the
new group, setting the set-group-ID bit in the directory, and ensuring that all users use a umask of 002.
If this option is turned off by setting USERGROUPS to no, all users' GIDs are set to USERS_GID.
Users' primary groups can also be overridden from the command line with the --gid or --ingroup
options to set the group by id or name, respectively. Also, users can be added to one or more groups
defined in adduser.conf either by setting ADD_EXTRA_GROUPS to 1 in adduser.conf, or by passing
--add_extra_groups on the command line.
adduser will create a home directory subject to DHOME, GROUPHOMES, and LETTERHOMES.
The home directory can be overridden from the command line with the --home option, and the shell
with the --shell option. The home directory's set-group-ID bit is set if USERGROUPS is yes so that any
files created in the user's home directory will have the correct group.
adduser will copy files from SKEL into the home directory and prompt for finger (gecos) information
and a password. The gecos may also be set with the --gecos option. With the --disabled-login option,
the account will be created but will be disabled until a password is set. The --disabled-password
option will not set a password, but login is still possible (for example with SSH RSA keys). To set up
an encrypted home directory for the new user, add the --encrypt-home option.
If the file /usr/local/sbin/adduser.local exists, it will be executed after the user account has been set up
to do any local setup. The arguments passed to adduser.local are: "username uid gid home-
directory".
The environment variable VERBOSE is set according to the following rules:
• if --quiet is specified
• if neither --quiet nor --debug is specified
• if --debug is specified

(The same applies to the variable DEBUG, but DEBUG is deprecated and will be removed in a later
version of adduser).

To add a system user

If called with one non-option argument and the --system option, adduser will add a system user. If a
user with the same name already exists in the system uid range (or, if the uid is specified, if a user with
that uid already exists), adduser will exit with a warning. This warning can be suppressed by adding
"--quiet".
adduser will choose the first available UID from the range specified for system users in the
configuration file (FIRST_SYSTEM_UID and LAST_SYSTEM_UID). If you want to have a
specific UID, you can specify it using the --uid option.
By default, system users are placed in the "nogroup" group. To place the new system user in an already
existing group, use the --gid or --ingroup options. To place the new system user in a new group with
the same ID, use the --group option.
A home directory is created by the same rules as for normal users. The new system user will have the
shell /bin/false (unless overridden with the --shell option), and have logins disabled. Skeletal
configuration files are not copied.

To add a user group

If adduser is called with the --group option and without the --system option, or addgroup is called, a
user group will be added.
A GID will be chosen from the range specified for system GIDS in the configuration file
(FIRST_GID, LAST_GID). To override that mechanism you can give the GID using the --gid option.
The group is created with no users.

To add a system group

If addgroup is called with the --system option, a system group will be added.
A GID will be chosen from the range specified for system GIDS in the configuration file
(FIRST_SYSTEM_GID, LAST_SYSTEM_GID). To override that mechanism you can give the GID
using the --gid option.
The group is created with no users.

To add an existing user to an existing group

If called with two non-option arguments, adduser will add an existing user to an existing group.

adduser and addgroup syntax

adduser [--system] [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
[--firstuid ID] [--lastuid ID] [--ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login] [--gecos GECOS]
[--add_extra_groups] [--encrypt-home] [--quiet] [--debug]
[--force-badname] [--help|-h] [--version] [--conf FILE] user

addgroup [--system] [--quiet] [--debug] [--force-badname] [--help|-h]

[--version] [--conf FILE] [--gid ID] group

adduser [options] user group

Options
--conf FILE Use FILE instead of /etc/adduser.conf.

Do not run passwd to set the password. The user won't be able to use her
--disabled-login
account until the password is set.

Like --disabled-login, but logins are still possible (for example using SSH RSA
--disabled-password
keys), but not using password authentication.

By default, user and group names are checked against the configurable regular
expression NAME_REGEX (or NAME_REGEX_SYSTEM if --system is
--force-badname
specified) specified in the configuration file. This option forces adduser and
addgroup to apply only a weak check for validity of the name.

Set the gecos field for the new entry generated. adduser will not ask for finger
--gecos GECOS
information if this option is given.

When creating a group, this option forces the new groupid to be the given
--gid ID
number. When creating a user, this option will put the user in that group.

When combined with --system, a group with the same name and ID as the
system user is created. If not combined with --system, a group with the given
--group
name is created. This is the default action if the program is invoked as
addgroup.

--help Display a help message, and exit.

Use DIR as the user's home directory, rather than the default specified by the
--home DIR configuration file. If the directory does not exist, it is created and skeleton files
are copied.

Use SHELL as the user's login shell, rather than the default specified by the
--shell SHELL
configuration file.

Add the new user to GROUP instead of a user group or the default group
--ingroup GROUP defined by USERS_GID in the configuration file. This affects the users primary
group. To add additional groups, see the add_extra_groups option.

--no-create-home Do not create the home directory, even if it doesn't exist.

--quiet Suppress informational messages, only show warnings and errors.

Be verbose, which is most useful if you want to nail down a problem with
--debug
adduser.
--system Create a system user or group.

Force the new userid to be the given number. adduser will fail if the userid is
--uid ID
already taken.

Override the first uid in the range that the uid is chosen from (overrides
--firstuid ID
FIRST_UID specified in the configuration file).

--lastuid ID Override the last uid in the range that the uid is chosen from ( LAST_UID ).

--add_extra_groups Add new user to extra groups defined in the configuration file.

--version Display version and Copyright information.

Configuration
The file /etc/adduser.conf contains defaults for the programs adduser, addgroup, deluser and
delgroup. Each line holds a single value pair in the form "option = value". Double or single quotes are
allowed around the value, as is whitespace around the equals sign. Comment lines must have a hash
sign ("#") in the first column.
The valid configuration options are:

DSHELL The login shell to be used for all new users. Defaults to /bin/bash.

The directory in which new home directories should be created. Defaults to

DHOME
/home.

If this is set to yes, the home directories will be created as "/home/

GROUPHOMES
[groupname]/user". Defaults to no.

If this is set to yes, then the home directories created will have an extra
LETTERHOMES directory inserted that is the first letter of the loginname. For example:
/home/u/user. Defaults to no.

The directory from which skeletal user configuration files should be copied.
SKEL
Defaults to /etc/skel.

specify an inclusive range of UIDs from which system UIDs can be

FIRST_SYSTEM_UID dynamically allocated. Default to 100 - 999. Please note that system
, LAST_SYSTEM_UID software, such as the users allocated by the base-passwd package, may
assume that UIDs less than 100 are unallocated.
FIRST_UID, specify an inclusive range of UIDs from which normal user's UIDs can be
LAST_UID dynamically allocated. Default to 1000 - 29999.

FIRST_SYSTEM_GID
specify an inclusive range of GIDs from which system GIDs can be
,
dynamically allocated. Default to 100 - 999.
LAST_SYSTEM_GID

FIRST_GID, specify an inclusive range of GIDs from which normal group's GIDs can be
LAST_GID dynamically allocated. Default to 1000 - 29999.

If this is set to yes, then each created user will be given their own group to
USERGROUPS use. If this is no, then each created user will be placed in the group whose
GID is USERS_GID (see below). The default is yes.

If USERGROUPS is no, then USERS_GID is the GID given to all newly-

USERS_GID
created users. The default value is 100.

If set to a valid value (e.g., 0755 or 755), directories created will have the
DIR_MODE
specified permissions as umask. Otherwise, 0755 is used as default.

If this is set to yes, then home directories for users with their own group (
USERGROUPS=yes ) will have the setgid bit set. This was the default
SETGID_HOME setting for adduser versions previous to 3.13. Unfortunately, it has some bad
side effects, so we no longer do this per default. If you want it nevertheless
you can still activate it here.

If set to a nonempty value, new users will have quotas copied from that user.
QUOTAUSER
The default is empty.

User and group names are checked against this regular expression. If the
name doesn't match this regexp, user and group creation in adduser is refused
NAME_REGEX unless --force-badname is set. With --force-badname set, only weak checks
are performed. The default is the most conservative ^[a-z][-a-z0-9]*$. When
--system is specified, NAME_REGEX_SYSTEM is used instead.

Names of system users are checked against this regular expression. If

--system is supplied and the name doesn't match this regexp, user creation in
NAME_REGEX_SYS
adduser is refused unless --force-badname is set. With --force-badname set,
TEM
only weak checks are performed. The default is as for the default
NAME_REGEX but also allowing uppercase letters.

Files in /etc/skel/ are checked against this regex, and not copied to the newly
SKEL_IGNORE_REG created home directory if they match. This is by default set to the regular
EX expression matching files left over from unmerged config files (dpkg-(old|
new|dist)).
 Setting this to something other than 0 (the default) will cause adduser to add
ADD_EXTRA_GROU
newly created non-system users to the list of groups defined by
PS
EXTRA_GROUPS (below).

This is the list of groups that new non-system users will be added to. By
EXTRA_GROUPS
default, this list is 'dialout cdrom floppy audio video plugdev users games'.

Exit values
The user exists as specified. This can have 2 causes: The user was created by adduser or the user
0 was already present on the system before adduser was invoked. If adduser was returning 0,
invoking adduser a second time with the same parameters as before also returns 0.

Creating the user or group failed because it was already present with other UID/GID than specified.
The username or groupname was rejected because of a mismatch with the configured regular
expressions. adduser has been aborted by a signal.
1
Or this code may be returned for other undocumented reasons, which in that case are printed to
console. You may then consider to remove --quiet to make adduser more verbose.

Files
/etc/adduser.conf Default configuration file for adduser and addgroup

addgroup and adduser examples

adduser mynewuser

Creates a new user account, mynewuser.

adduser will prompt you to assign a password for the user, and ask you for optional identifying
information such as Full Name and Phone Number.
A home directory (by default, /home/mynewuser) will be created for the new user, and a user-specific
group, mynewuser, will be created. The contents of the skeleton home directory, which by default is
located at /etc/skel, will be copied into the new home directory.
If the script /usr/local/sbin/adduser.local exists, it will be executed with the arguments username uid
gid home-directory, where username is mynewuser, uid is mynewuser's user id, gid is mynewuser's
group id, and home-directory is mynewuser's home directory.
adduser --home /home/mynewuserhome mynewuser

Creates the user account mynewuser, and creates their home directory at the location
/home/mynewuserhome.