How to Create a User on Linux

Key Takeaways

To create a new user in Linux, use the useradd command, specifying a username preceded by optional flags like -s to assign the user’s default shell, -m for creating a home directory, -G for adding the user to a specific group.

Adding users to a Linux computer is a basic administration task, and there are several ways to achieve this. Each method of creating users has benefits and drawbacks, and we’ll walk you through three different user creation techniques.

Why Linux Computers Need Users

A personal computer without a user doesn’t really amount to much. Linux supports multiple users. Whether they log in at the same time and share the computer’s power, or sign in singly when they have exclusive use of the machine, each person needs a unique user account.

A user account encapsulates that user’s work and provides privacy. It also allows control and governance to be applied to the account. Different users can have different capabilities according to their needs or their role or function by changing the attributes of their user account, like which groups they belong to.

Whether you share your computer with family members or administer a multi-user installation for an organization, creating user accounts is a fundamental administrative skill.

Create New Linux Users With the useradd Command

The useradd command is the lowest-level command used for adding users. Other commands act as friendlier front-ends for the useradd command. This adds some convenience and makes the process easier, but the other commands don’t do anything that you can’t achieve with useradd and a little help from the passwd command.

The useradd command has a lot of options, the ones you’ll need to make a typical new user are shown below. Needless to say, you’ll have to use sudo to add a user.

sudo useradd -s /bin/bash -m -c "Mary Quinn" -Gsambashare maryq
Adding a typical user with useradd

The command is composed of:

  • sudo: We need administrator privileges to allow a new user to access the computer.
  • useradd: The useradd command.
  • -s /bin/bash: The shell option. This sets the default shell for this new user.
  • -m: The make home directory option. This creates a directory in the “/home/” directory, with the same name as the new user account name.
  • -c “Mary Quinn”: The full name of the new user. This is optional.
  • -Gsambashare: The additional group option. This is optional. The new user is added to a group with the same name as their account name. The -G option (note, capital “G”) adds the user to supplementary groups. The groups must already exist. We’re also making the new user a member of the “sambashare” group.
  • maryq: The name of the new user account. This must be unique. It cannot already be in use for another user.

This creates the new user account, creates their home directory, and populates it with some default hidden files. We can look into their home directory like this:

sudo ls -ahl /home/maryq
The default configuration files added tot he new user's home directory

Our new user will not be able to log in. We haven’t created a password for them. It is possible to pass the password to the useradd command using its -p (password) option, but this is considered bad practice. Moreover, you must provide the password in its encrypted form, so it isn’t as straightforward as it sounds.

It is easier, and more secure, to use the passwd command to set the password for the new account.

sudo passwd maryq
Setting the password for the new account

You’re prompted for the password, then asked to enter it once more to verify it. This password must be communicated securely to the new user. It’s advisable that they are prompted to change their password when they log in. This means they can choose their own password, and no one else will know it.

sudo passwd --expire maryq
Setting the new user's password to the expired state

We can see our new user account and compare it to an existing one by looking inside the “/etc/passwd” file.

grep -E "dave|maryq" /etc/passwd
Comparing the /etc/passwd entries of the new user account and an another account

In order, the colon “:” separated fields are:

  • maryq: The name of the user account.
  • x: An “x” in this field means the user account password is encrypted and held in the “/etc/shadow” file.
  • 1001: The user account ID.
  • 1001: The ID of the default group for this user account.
  • Mary Quinn: This is the GECOS field. It can hold a set of comma “,” separated values of extra information. All we added was the full name of the user.
  • /home/maryq: The path to the home directory for this account.
  • /bin/bash: The path to the default shell for this account.

When our new user first logs in, they will use the password you created for them.

The new user logging in

Because we set their password to the “expired” condition, they’ll be prompted to change it. They must re-enter their existing password.

Re-entering the user's current password as the first part of changing their password

They are then prompted for their new password.

Entering the new password

Once they type their new password and hit “Enter”, they are asked to re-enter the password to verify it.

Verifying the new password

Finally, they’re logged in. They must use the new password to log in from now on.

Some housekeeping is performed and the usual “Documents”, “Downloads”, and other directories are created for them in their home directory.

Default directories created inside the user's home directory

The GECOS field can contain up to five comma-separated pieces of information. These are rarely used. If any are populated at all, it is usually the first one, which holds the real-world name of the owner of this account.

The fields are:

  • The real-world name of this user.
  • The room number of this user.
  • Their work phone.
  • Their home phone.
  • Any other information.

If we’d wanted to provide all of this when we created the account we could have done so, like this:

sudo useradd -s /bin/bash -m -c "Mary Quinn,Operations 1,555-6325,555-5412,Team Leader" -Gsambashare maryq
Adding a new user with a populated GECOS field, using useradd

We can use grep to see that this information has been stored in the “/etc/passwd” file.

grep maryq /etc/passwd
Looking at the entry in /etc/passwd for the new user, with grep

If you don’t have this information to hand when you create the account it can be added or changed later using the chfn command.

This information is used by commands such as finger and pinky.

finger maryq
Using the finger command on the new user

Make New User With the adduser Command

The adduser command wraps the creation of the account, its home directory, setting the password, and capturing the GECOS field information into one interactive session.

The adduser command was already present on our Ubuntu and Fedora test machines but had to be installed on Manjaro. It’s in the Arch User Repository, so you’ll need to use an AUR helper such as yay to install it.

yay adduser
Using yay on Manjaro to install adduser

To start the process, use sudo and provide the name of the user account you’re adding:

sudo adduser maryq

The default group for the user account is created, and the user account is added with that group as its default. The home directory is created and the hidden configuration files are copied into it.

You’re prompted to provide a password.

Using adduser to add a new user

When you provide a password and hit “Enter”, you’re prompted to re-enter the password to verify it.

You’re asked in turn for each of the pieces of information that can go into the GECOS field.

Setting the password for the new account using adduser

Either provide some information and hit “Enter” to move to the next field, or just hit “Enter” to skip a field.

The completed GECOS information in the adduser command

Finally, you’re asked if the information you have provided is correct. Press the “Y” key, and hit “Enter” to complete the process.

Remember to set the password for the new account as “expired” so that the new user is required to change it when they first log in.

sudo password --expire maryq
Setting the new user's password to the expired state

Use GNOME User Settings (the GUI Option) to Create a New User

To make a new user in the GNOME desktop environment, open the system menu by clicking on the right-hand edge of the GNOME panel, near the power, volume, and network icons.

The GNOME system menu

Click on the “Settings” menu entry.

The Settings application will open. Click on the “Users” entry in the sidebar, then click on the “Unlock” button in the “Users” pane.

The Users pane in the Settings application

You will need to enter your password.

Authenticating in the Settings application

A green “Add User” button will appear.

The unlocked Users pane int he Settings application

Click this button. The “Add user” dialog appears. It contains a form that captures the details of the new user.

The Add User dialog

Fill in the form with the details of the new user. If you want them to be able to use sudo, click the “Administrator” button.

You can either set their password now or leave it to them to choose a password when they first log in. If you set a password you’ll have to remember to open a terminal window and use the passwd command to set it to the “expired” state. That’ll force them to set their own password the first time they log in.

That’s a bit of a pain to have to go to the terminal when you’re trying to use the GUI to accomplish the creation of the new user.

If you click the “Allow user to set their own password when they next login” radio button the user is prompted for a new password when they try to log in. But the drawback here is that the first person who tries to use the new account can set the password. So anyone who knows the account has been created and who beats the genuine new user to trying to log in can take over the account.

Neither of these situations is ideal.

Click the green “Add” button when you’ve completed the form and made your selections.

We selected the “Allow user to set their own password when they next login” option. When the user tries to log in they’re prompted for a new password. But, unlike the sequence we saw earlier, they are not prompted for their current password — they don’t have one.

The new user being forced to choose a new password

As you’d expect, they have to enter it once more to verify it.

Verifying the new password

Which Method of Adding Users Should I Use?

Aren’t sure which user creation technique we’ve outlined is best for you? Well, the useradd command gives granular control, but there’s a lot to get right on the command line.

The adduser command makes life easier but doesn’t allow you to enter the new user into additional groups.

The GUI method in GNOME has drawbacks whichever password radio button you choose.

In most informal or domestic situations, adduser command probably gives you the best balance between capability and functionality. If you need to add the new user to an additional group, you can do that once they’ve been created, using the usermod command.


source
share

Leave a Comment