Provided by: adduser_3.129ubuntu1_all 
NAME
adduser, addgroup - add or manipulate users or groups
SYNOPSIS
adduser [[options]] [--home dir] [--shell shell] [--no-create-home] [--uid id]
[--firstuid id] [--lastuid id] [--firstgid id] [--lastgid id] [--ingroup group]
[--gid id] [--disabled-password] [--disabled-login] [--gecos gecos] [--add-extra-
groups] [--encrypt-home] [user]
adduser [--system] [[options]] [--home dir] [--shell shell] [--no-create-home] [--uid id]
[--group] [--ingroup group] [--gid id] [--disabled-password] [--disabled-login]
[--gecos gecos] [user]
addgroup [[options]] [--gid ID] [group]
addgroup [--system] [[options]] [--gid id] [group]
adduser [[options]] [user] [group"]
DESCRIPTION
adduser and addgroup add users and groups to the system according to command line options
and configuration information in /etc/adduser.conf. They are friendlier front ends to the
low level tools like useradd, groupadd and usermod programs, by default choosing Debian
policy conformant UID and GID values, creating a home directory with skeletal
configuration, running a custom script, and other features.
adduser and addgroup are intended as a policy layer, making it easier for package
maintainers and local administrators to create local system accounts in the way Debian
expects them to be created, taking the burden to adapt to the probably changing
specifications of Debian policy. adduser --system takes special attention on just needing
a single call in the package maintainer scripts without any conditional wrappers, error
suppression or other scaffolding.
adduser honors the distinction between dynamically allocated system users and groups and
dynamically allocated user accounts that is documented in Debian Policy, Chapter 9.2.2.
adduser and addgroup can be run in one of five modes:
Add a normal user
If called with one non-option argument and without the --system or --group options,
adduser will add a normal user, that means a dynamically allocated user account in the
sense of Debian Policy. This is commonly referred to in adduser as a non-system user.
adduser will choose the first available UID from the range specified for normal users in
the configuration file. The UID can be overridden with the --uid option.
The range specified in the configuration file may be overridden with the --firstuid and
--lastuid options.
By default, each user in Debian GNU/Linux is given a corresponding group with the same
name. Usergroups allow group writable directories to be easily maintained by placing the
appropriate users in the new group, setting the set-group-ID bit in the directory (which
is on by default), and ensuring that all users use a umask of 002. If USERS_GID or
USERS_GROUP are set, the newly created user is placed in the referenced group as a
supplemental group. . Setting both USERS_GID and USERS_GROUP is an error even if the
settings are consistent. If USERGROUPS is no, all users get the group defined by
USERS_GID or USERS_GROUP as their primary group. Users' primary groups can also be
overridden from the command line with the --gid or --ingroup options to set the group by
id or name, respectively. Also, users can be added to one or more supplemental groups
defined in adduser.conf either by setting ADD_EXTRA_GROUPS to 1 in adduser.conf, or by
passing --add-extra-groups on the commandline.
adduser will create a home directory subject to DHOME, GROUPHOMES, and LETTERHOMES. The
home directory can be overridden from the command line with the --home option, and the
shell with the --shell option. The home directory's set-group-ID bit is set if USERGROUPS
is yes so that any files created in the user's home directory will have the correct group.
adduser will copy files from SKEL into the home directory and prompt for finger (GECOS)
information and a password. The GECOS field may also be set with the --gecos option.
With the --disabled-login option, the account will be created but will be disabled until a
password is set. The --disabled-password option will not set a password, but login is
still possible (for example with SSH keys). To set up an encrypted home directory for the
new user, add the --encrypt-home option. For more information, refer to the -b option of
ecryptfs-setup-private(1).
If the file /usr/local/sbin/adduser.local exists, it will be executed after the user
account has been set up in order to do any local setup.
adduser.local is also the place where local administrators can place their code to
interact with directory services, should they desire to.
The arguments passed to adduser.local are:
username uid gid home-directory
The environment variable VERBOSE is set according to the following rule:
0 if --quiet is specified
1 if neither --quiet nor --debug is specified
2 if --debug is specified
(The same applies to the variable DEBUG, but DEBUG is deprecated and will be removed in a
later version of adduser.)
Add a system user
If called with one non-option argument and the --system option, adduser will add a
dynamically allocated system user, often abbreviated as system user in the context of the
adduser package. If a user with the same name already exists in the system uid range (or,
if the uid is specified, if a user with that uid already exists), adduser will exit with a
warning. This warning can be suppressed by adding --quiet.
adduser will choose the first available UID from the range specified for system users in
the configuration file (FIRST_SYSTEM_UID and LAST_SYSTEM_UID). If you want to have a
specific UID, you can specify it using the --uid option.
By default, system users are placed in the nogroup group. To place the new system user in
an already existing group, use the --gid or --ingroup options. To place the new system
user in a new group with the same ID, use the --group option.
A home directory should be specified using the --home option. If not specified, the
default home directory for a new system user is /nonexistent. This directory should never
exist on any Debian system, and adduser will not create it automatically.
The new system user will have the shell /usr/sbin/nologin (unless overridden with the
--shell option). Standard UNIX password logins will be disabled for the new system user;
however, logins by other means (for example, via SSH) are still allowed. Skeletal
configuration files are not copied.
Add a user group
If adduser is called with the --group option and without the --system option, or addgroup
is called respectively, a user group will be added.
A GID will be chosen from the range specified for system GIDs in the configuration file
(FIRST_GID, LAST_GID). To override that mechanism you can give the GID using the --gid
option.
The range specified in the configuration file may be overridden with the --firstgid and
--lastgid options.
The group is created with no users.
Add a system group
If addgroup is called with the --system option, a dynamically allocated system group,
often abbreviated as system group in the context of the adduser package, will be created.
A GID will be chosen from the range specified for system GIDs in the configuration file
(FIRST_SYSTEM_GID, LAST_SYSTEM_GID). To override that mechanism you can give the GID
using the --gid option. The system group is created with no users.
Add an existing user to an existing group
If called with two non-option arguments, adduser will add an existing user to an existing
group.
OPTIONS
-c file,--conf file
Use file instead of /etc/adduser.conf.
--disabled-login
Do not run passwd to set the password. The user won't be able to use her account
until the password is set.
--disabled-password
Like --disabled-login, but logins are still possible (for example using SSH keys)
but not using password authentication.
--allow-badname
By default, user and group names are checked against the configurable regular
expression NAME_REGEX and SYS_NAME_REGEX specified in the configuration file. This
option forces adduser and addgroup to apply only a weak check for validity of the
name. NAME_REGEX and SYS_NAME_REGEX are described in adduser.conf(5).
--force-badname
This is the deprecated form of --allow-badname. It will be removed during the
release cycle of the Debian release after bookworm.
--allow-all-names
Bypass the weak name check which is used with --allow-badname. This will allow any
username which is supported by the underlying useradd, including names containing
non-ASCII characters. The only restrictions enforced at this level are: cannot
start with a dash, plus sign, or tilde; and cannot contain a colon, comma, slash,
or whitespace.
--gecos GECOS
Set the GECOS field for the new entry generated. adduser will not ask for finger
information if this option is given.
--gid ID
When creating a group, this option sets the group ID number of the new group to
GID. When creating a user, this option sets the primary group ID number of the new
user to GID.
--ingroup GROUP
When creating a user, this option sets the primary group ID number of the new user
to the GID of the named GROUP. Unlike with the --gid option, the group is
specified here by name rather than by ID number. The group must already exist.
--group
When combined with --system , a group with the same name and ID as the system user
is created. If not combined with --system , a group with the given name is
created. This is the default action if the program is invoked as addgroup.
-h, --help
Display brief instructions.
--home dir
Use dir as the user's home directory, rather than the default specified by the
configuration file. If the directory does not exist, it is created and skeleton
files are copied.
--shell shell
Use shell as the user's login shell, rather than the default specified by the
configuration file.
--no-create-home
Do not create a home directory for the new user. Note that the path name for the
new user's home directory will still be entered in the appropriate field in the
/etc/passwd file. The use of this option does not imply that this field should be
empty. Rather, it indicates to adduser that some other mechanism will be
responsible for initializing the new user's home directory if it is to exist.
-q, --quiet
Suppress informational messages, only show warnings and errors.
-d, --debug
Be verbose, most useful if you want to nail down a problem with adduser.
--system
Nomally, adduser creates dynamically allocated user accounts and groups as defined
in Debian Policy, Chapter 9.2.2. With this option, adduser creates a dynamically
allocated system user and group.
--uid ID
Force the new userid to be the given number. adduser will fail if the userid is
already taken.
--firstuid ID
Override the first uid in the range that the uid is chosen from (overrides
FIRST_UID specified in the configuration file).
--lastuid ID
Override the last uid in the range that the uid is chosen from (LAST_UID).
--firstgid ID
Override the first gid in the range that the gid is chosen from (overrides
FIRST_GID specified in the configuration file).
--lastgid ID
Override the last gid in the range that the gid is chosen from (LAST_GID).
--add-extra-groups
Add new user to extra groups defined in the configuration file. Old spelling
--add_extra_groups is deprecated and will be supported in Debian bookworm only.
-v , --version
Display version and copyright information.
EXIT VALUES
0 Success: The user or group exists as specified. This can have 2 causes: The user
or group was created by this call to adduser or the user or group was already
present on the system before adduser was invoked. If adduser --system is invoked
for a user already existing as a system user, it will also return 0.
1 Creating the non-system user or group failed because it was already present. The
username or groupname was rejected because of a mismatch with the configured
regular expressions, see adduser.conf(5). adduser has been aborted by a signal.
Or for many other yet undocumented reasons which are printed to console then. You
may then consider to remove --quiet to make adduser more verbose.
SECURITY
adduser needs root privileges and offers, via the --conf command line option to use a
different configuration file. Do not use sudo or similar tools to give partial privileges
to adduser with restricted command line parameters. This is easy to circumvent and might
allow users to create arbitrary accounts. If you want this, consider writing your own
wrapper script and giving privileges to execute that script.
FILES
/etc/adduser.conf
Default configuration file for adduser and addgroup
/usr/local/sbin/adduser.local
Optional custom add-ons.
NOTES
Unfortunately, the term system account suffers from double use in Debian. It both means
an account for the actual Debian system, distinguishing itself from an application
accountP which might exist in the user database of some application running on Debian. A
system account in this definition has the potential to log in to the actual system, has a
UID, can be member in system groups, can own files and processes. Debian Policy, au
contraire, in its Chapter 9.2.2, makes a distinguishment of dynamically allocated system
users and groups and dynamially allocated user accounts, meaning in both cases special
instances of system accounts. Care must be taken to not confuse this terminology. Since
adduser and deluser never address application accounts and everything in this package
concerns system accounts here, the usage of the terms user account and system account is
actually not ambiguous in the context of this package. For clarity, this document uses the
definition local system account or group if the distinction to application accounts or
accounts managed in a directory service is needed.
adduser used to have the vision to be the universal front end to the various directory
services for creation and deletion of regular and system accounts in Debian since the
1990ies. This vision has been abandoned as of 2022. The rationale behind this includes:
that in practice, a small server system is not going to have write access to an
enterprise-wide directory service anyway, that locally installed packages are hard to
manage with centrally controlled system accounts, that enterprise directory services have
their own management processes anyway and that the personpower of the adduser is unlikely
to be ever strong enough to write or support the plethora of directory services that need
support.
adduser will constrict itself to being a policy layer for the management of local system
accounts, using the tools from the password package for the actual work.
BUGS
Inconsistent use of terminology around the term system account in docs and code is a bug.
Please report this and allow us to improve our docs.
adduser takes special attention to be directly usable in Debian maintainer scripts without
conditional wrappers, error suppression and other scaffolding. The only thing that the
package maintainer should need to code is a check for the presence of the executable in
the postrm script. The adduser maintainers consider the need for additional scaffolding a
bug and encourage their fellow Debian package maintainers to file bugs against the adduser
package in this case.
SEE ALSO
adduser.conf(5), deluser(8), groupadd(8), useradd(8), usermod(8), Debian Policy 9.2.2.
COPYRIGHT
Copyright (C) 1997, 1998, 1999 Guy Maor. Modifications by Roland Bauerschmidt and Marc
Haber. Additional patches by Joerg Hoh and Stephen Gran.
Copyright (C) 1995 Ted Hajek, with a great deal borrowed from the original Debian adduser
Copyright (C) 1994 Ian Murdock. adduser is free software; see the GNU General Public
Licence version 2 or later for copying conditions. There is no warranty.