Arch manual pages

USERADD(8) 系统管理命令 USERADD(8)

useradd - 创建一个新用户或更新默认新用户信息

useradd [选项] 登录

useradd -D

useradd -D [选项]

When invoked without the -D option, the useradd command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files.

By default, a group will also be created for the new user (see -g, -N, -U, and USERGROUPS_ENAB).

The options which apply to the useradd command are:

--badname 

Allow names that do not conform to standards.

-b, --base-dir BASE_DIR

The default base directory for the system if -d HOME_DIR is not specified. BASE_DIR is concatenated with the account name to define the home directory. If the -m option is not used, BASE_DIR must exist.

If this option is not specified, useradd will use the base directory specified by the HOME variable in /etc/default/useradd, or /home by default.

-c, --comment COMMENT

任何字符串。通常是关于登录的简短描述,当前用于用户全名。

-d, --home-dir HOME_DIR

The new user will be created using HOME_DIR as the value for the user's login directory. The default is to append the LOGIN name to BASE_DIR and use that as the login directory name. The directory HOME_DIR does not have to exist but will not be created if it is missing.

-D, --defaults

看下边,“更改默认值”子节。

-e, --expiredate EXPIRE_DATE

The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.

If not specified, useradd will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default.

-f, --inactive INACTIVE

密码过期后,账户被彻底禁用之前的天数。0 表示立即禁用,-1 表示禁用这个功能。

If not specified, useradd will use the default inactivity period specified by the INACTIVE variable in /etc/default/useradd, or -1 by default.

-g, --gid GROUP

用户初始登陆组的组名或号码。组名必须已经存在。组号码必须指代已经存在的组。

If not specified, the behavior of useradd will depend on the USERGROUPS_ENAB variable in /etc/login.defs. If this variable is set to yes (or -U/--user-group is specified on the command line), a group will be created for the user, with the same name as her loginname. If the variable is set to no (or -N/--no-user-group is specified on the command line), useradd will set the primary group of the new user to the value specified by the GROUP variable in /etc/default/useradd, or 100 by default.

-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]

A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. The default is for the user to belong only to the initial group.

-h, --help

现实帮助信息并退出。

-k, --skel SKEL_DIR

The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created by useradd.

This option is only valid if the -m (or --create-home) option is specified.

If this option is not set, the skeleton directory is defined by the SKEL variable in /etc/default/useradd or, by default, /etc/skel.

如果可以,也复制 ACL 和扩展属性。

-K, --key KEY=VALUE

Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others).

Example: -K PASS_MAX_DAYS=-1 can be used when creating system account to turn off password aging, even though system account has no password at all. Multiple -K options can be specified, e.g.: -K UID_MIN=100  -K UID_MAX=499

-l, --no-log-init

不要将用户添加到最近登录和登录失败数据库。

By default, the user's entries in the lastlog and faillog databases are reset to avoid reusing the entry from a previously deleted user.

-m, --create-home

Create the user's home directory if it does not exist. The files and directories contained in the skeleton directory (which can be defined with the -k option) will be copied to the home directory.

By default, if this option is not specified and CREATE_HOME is not enabled, no home directories are created.

-M, --no-create-home

Do no create the user's home directory, even if the system wide setting from /etc/login.defs (CREATE_HOME) is set to yes.

-N, --no-user-group

Do not create a group with the same name as the user, but add the user to the group specified by the -g option or by the GROUP variable in /etc/default/useradd.

The default behavior (if the -g, -N, and -U options are not specified) is defined by the USERGROUPS_ENAB variable in /etc/login.defs.

-o, --non-unique

允许使用重复的 UID 创建用户账户。

This option is only valid in combination with the -u option.

-p, --password PASSWORD

The encrypted password, as returned by crypt(3). The default is to disable the password.

Note: This option is not recommended because the password (or encrypted password) will be visible by users listing the processes.

您应该确保密码符合系统的密码政策。

-r, --system

创建一个系统账户。

System users will be created with no aging information in /etc/shadow, and their numeric identifiers are chosen in the SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead of UID_MIN-UID_MAX (and their GID counterparts for the creation of groups).

Note that useradd will not create a home directory for such a user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created.

-R, --root CHROOT_DIR

Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.

-P, --prefix PREFIX_DIR

Apply changes in the PREFIX_DIR directory and use the configuration files from the PREFIX_DIR directory. This option does not chroot and is intended for preparing a cross-compilation target. Some limitations: NIS and LDAP users/groups are not verified. PAM authentication is using the host files. No SELINUX support.

-s, --shell SHELL

The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell specified by the SHELL variable in /etc/default/useradd, or an empty string by default.

-u, --uid UID

The numerical value of the user's ID. This value must be unique, unless the -o option is used. The value must be non-negative. The default is to use the smallest ID value greater than or equal to UID_MIN and greater than every other user.

See also the -r option and the UID_MAX description.

-U, --user-group

创建一个和用户同名的组,并将用户添加到组中。

The default behavior (if the -g, -N, and -U options are not specified) is defined by the USERGROUPS_ENAB variable in /etc/login.defs.

-Z, --selinux-user SEUSER

用户登陆的 SELinux 用户。默认为留空,这会造成系统选择默认的 SELinux 用户。

When invoked with only the -D option, useradd will display the current default values. When invoked with -D plus other options, useradd will update the default values for the specified options. Valid default-changing options are:

-b, --base-dir BASE_DIR

The path prefix for a new user's home directory. The user's name will be affixed to the end of BASE_DIR to form the new user's home directory name, if the -d option is not used when creating a new account.

This option sets the HOME variable in /etc/default/useradd.

-e, --expiredate EXPIRE_DATE

禁用此用户账户的日期。

This option sets the EXPIRE variable in /etc/default/useradd.

-f, --inactive INACTIVE

密码过期到账户被禁用之前的天数。

This option sets the INACTIVE variable in /etc/default/useradd.

-g, --gid GROUP

The group name or ID for a new user's initial group (when the -N/--no-user-group is used or when the USERGROUPS_ENAB variable is set to no in /etc/login.defs). The named group must exist, and a numerical group ID must have an existing entry.

This option sets the GROUP variable in /etc/default/useradd.

-s, --shell SHELL

新用户的登录 shell 名。

This option sets the SHELL variable in /etc/default/useradd.

The system administrator is responsible for placing the default user files in the /etc/skel/ directory (or any other skeleton directory specified in /etc/default/useradd or on the command line).

您可能不能想 NIS 组或 LDAP 组添加用户。这只能在相应服务器上进行。

Similarly, if the username already exists in an external user database such as NIS or LDAP, useradd will deny the user account creation request.

用户名必须以一个小写字母或下划线开始,跟随小写字符、数字、下划线或连字符的组合。可以以美元符号结束。用正则表达式表示就是:[a-z_][a-z0-9_-]*[$]?

用户名不能超过 32 个字符长。

The following configuration variables in /etc/login.defs change the behavior of this tool:

CREATE_HOME (boolean)

指示是否应该为新用户默认创建主目录。

此设置并不应用到系统用户,并且可以使用命令行覆盖。

GID_MAX (number), GID_MIN (number)

Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.

The default value for GID_MIN (resp. GID_MAX) is 1000 (resp. 60000).

LASTLOG_UID_MAX (number)

Highest user ID number for which the lastlog entries should be updated. As higher user IDs are usually tracked by remote user identity and authentication services there is no need to create a huge sparse lastlog file for them.

No LASTLOG_UID_MAX option present in the configuration means that there is no user ID limit for writing lastlog entries.

MAIL_DIR (string)

邮箱目录。修改或删除用户账户时需要处理邮箱,如果没有指定,将使用编译时指定的默认值。

MAIL_FILE (string)

定义用户邮箱文件的位置(相对于主目录)。

The MAIL_DIR and MAIL_FILE variables are used by useradd, usermod, and userdel to create, move, or delete the user's mail spool.

MAX_MEMBERS_PER_GROUP (number)

Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in /etc/group (with the same name, same password, and same GID).

默认值是 0,意味着组中的成员数没有限制。

此功能(分割组)允许限制组文件中的行长度。这对于确保 NIS 组的行比长于 1024 字符。

如果要强制这个限制,可以使用 25。

注意:分割组可能不受所有工具的支持(甚至在 Shadow 工具集中)。您不应该使用这个变量,除非真的需要。

PASS_MAX_DAYS (number)

一个密码可以使用的最大天数。如果密码比这旧,将会强迫更改密码。如果不指定,就假定为 -1,这会禁用这个限制。

PASS_MIN_DAYS (number)

两次更改密码时间的最小间隔。将会拒绝任何早于此的更改密码的尝试。如果不指定,假定为 -1,将会禁用这个限制。

PASS_WARN_AGE (number)

密码过期之前给出警告的天数。0 表示只有只在过期的当天警告,负值表示不警告。如果没有指定,不会给警告。

SUB_GID_MIN (number), SUB_GID_MAX (number), SUB_GID_COUNT (number)

If /etc/subuid exists, the commands useradd and newusers (unless the user already have subordinate group IDs) allocate SUB_GID_COUNT unused group IDs from the range SUB_GID_MIN to SUB_GID_MAX for each new user.

The default values for SUB_GID_MIN, SUB_GID_MAX, SUB_GID_COUNT are respectively 100000, 600100000 and 65536.

SUB_UID_MIN (number), SUB_UID_MAX (number), SUB_UID_COUNT (number)

If /etc/subuid exists, the commands useradd and newusers (unless the user already have subordinate user IDs) allocate SUB_UID_COUNT unused user IDs from the range SUB_UID_MIN to SUB_UID_MAX for each new user.

The default values for SUB_UID_MIN, SUB_UID_MAX, SUB_UID_COUNT are respectively 100000, 600100000 and 65536.

SYS_GID_MAX (number), SYS_GID_MIN (number)

Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers.

The default value for SYS_GID_MIN (resp. SYS_GID_MAX) is 101 (resp. GID_MIN-1).

SYS_UID_MAX (number), SYS_UID_MIN (number)

Range of user IDs used for the creation of system users by useradd or newusers.

The default value for SYS_UID_MIN (resp. SYS_UID_MAX) is 101 (resp. UID_MIN-1).

UID_MAX (number), UID_MIN (number)

Range of user IDs used for the creation of regular users by useradd or newusers.

The default value for UID_MIN (resp. UID_MAX) is 1000 (resp. 60000).

UMASK (number)

文件模式创建掩码初始化为此值。如果没有指定,掩码初始化为 022。

useradd and newusers use this mask to set the mode of the home directory they create

It is also used by pam_umask as the default umask value.

USERGROUPS_ENAB (boolean)

If set to yes, userdel will remove the user's group if it contains no more members, and useradd will create by default a group with the name of the user.

/etc/passwd
用户账户信息。

/etc/shadow

安全用户账户信息。

/etc/group

组账户信息。

/etc/gshadow

安全组账户信息。

/etc/default/useradd

账户创建的默认值。

/etc/skel/

包含默认文件的目录。

/etc/subgid

Per user subordinate group IDs.

/etc/subuid

Per user subordinate user IDs.

/etc/login.defs

Shadow 密码套件配置。

The useradd command exits with the following values:

0

success

1

can't update password file

2

invalid command syntax

3

invalid argument to option

4

UID already in use (and no -o)

6

specified group doesn't exist

9

username already in use

10

can't update group file

12

can't create home directory

14

can't update SELinux user mapping

chfn(1), chsh(1), passwd(1), crypt(3), groupadd(8), groupdel(8), groupmod(8), login.defs(5), newusers(8), subgid(5), subuid(5), userdel(8), usermod(8).
2019-12-15 shadow-utils 4.8