Creating User Accounts

Creating User Accounts from the Command Line

useradd <username>

useradd –d <homedir> <username>

useradd –e <expiration_date> <username>

useradd –g <primary_group> <username>

useradd –G <group, group, group> <username>

useradd -s /bin/bash <username>

useradd -u <UID number> <username>


Default User Settings

The file /etc/login.defs specifies the defaults for email location, password expiration, minimum password length, range of UIDs and GIDs, and whether the system should create home directories when users are created. cat this file to see its format.

A second file, /etc/default/useradd, holds information on:

  • the default primary group,
  • location of home directories,
  • the default number of days after which to disable accounts with expired passwords,
  • the default shell, and
  • the location of the “skeleton” directory

The directory /etc/skel contains the default configuration files to be copied when a new user is created.


Where User Information Is Stored

“Back in the day,” Unix systems stored all user information in the /etc/passwd file (cat this file to see its format). This was not, however, very secure.

The passwd file’s fields are colon-delimited, and are:

user name

password (usually an “x”)

user number (UID)

user’s group number (GID)

GECOS (“General Electric Comprehensive Operating System”) text description field (often unused)

home directory

default shell


Contemporary Unix/Linux systems keep the /etc/passwd file, but it no longer holds the passwords. Instead, a much more tightly restricted file, /etc/shadow, holds encrypted versions of each user’s password. The passwd file only has an “x” in the password field. This system is generally referred to as “shadow passwords.” The shadow file’s fields are:

user name

password (encrypted)

lastchange (the date and time the password for the user was changed)

min (the minimum number of days between required password changes)

max (maximum number of days between password changes)

warn (number of days before a required password change that the user receives a warning to change their password)

disable1 (number of days after a password expires that before a user is disabled)*

disable2 (a specific date on which the user’s account expires)*

*This date is represented as the number of days since the “epoch,” January 1, 1970.


Older systems used simple ecryption on these passwords, which restricted them to a maximum of 8 characters. Newer systems use MD5, or the newest systems, SHA encryption algorythms, which allow longer passwords.