xref: /freebsd/usr.sbin/adduser/adduser.8 (revision 22d7dd834bc5cd189810e414701e3ad1e98102e4)
1.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin.
2.\" All rights reserved.
3.\" Copyright (c) 2002-2004 Michael Telahun Makonnen <mtm@FreeBSD.org>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.Dd September 15, 2012
28.Dt ADDUSER 8
29.Os
30.Sh NAME
31.Nm adduser
32.Nd command for adding new users
33.Sh SYNOPSIS
34.Nm
35.Op Fl CDENShq
36.Op Fl G Ar groups
37.Op Fl L Ar login_class
38.Op Fl M Ar mode
39.Op Fl d Ar partition
40.Op Fl f Ar file
41.Op Fl g Ar login_group
42.Op Fl k Ar dotdir
43.Op Fl m Ar message_file
44.Op Fl s Ar shell
45.Op Fl u Ar uid_start
46.Op Fl w Ar type
47.Sh DESCRIPTION
48The
49.Nm
50utility is a shell script, implemented around the
51.Xr pw 8
52command, for adding new users.
53It creates passwd/group entries, a home directory,
54copies dotfiles and sends the new user a welcome message.
55It supports two modes of operation.
56It may be used interactively
57at the command line to add one user at a time, or it may be directed
58to get the list of new users from a file and operate in batch mode
59without requiring any user interaction.
60.Sh RESTRICTIONS
61.Bl -tag -width indent
62.It username
63Login name.
64The user name is restricted to whatever
65.Xr pw 8
66will accept.
67Generally this means it
68may contain only lowercase characters or digits but cannot begin with the
69.Ql -
70character.
71Maximum length
72is 16 characters.
73The reasons for this limit are historical.
74Given that people have traditionally wanted to break this
75limit for aesthetic reasons, it has never been of great importance to break
76such a basic fundamental parameter in
77.Ux .
78You can change
79.Dv UT_NAMESIZE
80in
81.In utmp.h
82and recompile the
83world; people have done this and it works, but you will have problems
84with any precompiled programs, or source that assumes the 8-character
85name limit, such as NIS.
86The NIS protocol mandates an 8-character username.
87If you need a longer login name for e-mail addresses,
88you can define an alias in
89.Pa /etc/mail/aliases .
90.It "full name"
91This is typically known as the gecos field and usually contains
92the user's full name.
93Additionally, it may contain a comma separated
94list of values such as office number and work and home phones.
95If the
96name contains an ampersand it will be replaced by the capitalized
97login name when displayed by other programs.
98The
99.Ql \&:
100character is not allowed.
101.It shell
102Unless the
103.Fl S
104argument is supplied only valid shells from the shell database
105.Pq Pa /etc/shells
106are allowed.
107In addition,
108either the base name or the full path of the shell may be supplied.
109.It UID
110Automatically generated or your choice.
111It must be less than 32000.
112.It "GID/login group"
113Automatically generated or your choice.
114It must be less than 32000.
115.It password
116You may choose an empty password, disable the password, use a
117randomly generated password or specify your own plaintext password,
118which will be encrypted before being stored in the user database.
119.El
120.Sh UNIQUE GROUPS
121Perhaps you are missing what
122.Em can
123be done with this scheme that falls apart
124with most other schemes.
125With each user in their own group,
126they can safely run with a umask of 002 instead of the usual 022
127and create files in their home directory
128without worrying about others being able to change them.
129.Pp
130For a shared area you create a separate UID/GID, you place each person
131that should be able to access this area into that new group.
132.Pp
133This model of UID/GID administration allows far greater flexibility than lumping
134users into groups and having to muck with the umask when working in a shared
135area.
136.Pp
137I have been using this model for almost 10 years and found that it works
138for most situations, and has never gotten in the way.
139(Rod Grimes)
140.Sh CONFIGURATION
141The
142.Nm
143utility reads its configuration information from
144.Pa /etc/adduser.conf .
145If this file does not exist, it will use predefined defaults.
146While this file may be edited by hand,
147the safer option is to use the
148.Fl C
149command line argument.
150With this argument,
151.Nm
152will start interactive input, save the answers to its prompts in
153.Pa /etc/adduser.conf ,
154and promptly exit without modifying the user
155database.
156Options specified on the command line will take precedence over
157any values saved in this file.
158.Sh OPTIONS
159.Bl -tag -width indent
160.It Fl C
161Create new configuration file and exit.
162This option is mutually exclusive with the
163.Fl f
164option.
165.It Fl d Ar partition
166Home partition.
167Default partition, under which all user directories
168will be located.
169The
170.Pa /nonexistent
171partition is considered special.
172The
173.Nm
174script will not create and populate a home directory by that name.
175Otherwise,
176by default it attempts to create a home directory.
177.It Fl D
178Do not attempt to create the home directory.
179.It Fl E
180Disable the account.
181This option will lock the account by prepending the string
182.Dq Li *LOCKED*
183to the password field.
184The account may be unlocked
185by the super-user with the
186.Xr pw 8
187command:
188.Pp
189.D1 Nm pw Cm unlock Op Ar name | uid
190.It Fl f Ar file
191Get the list of accounts to create from
192.Ar file .
193If
194.Ar file
195is
196.Dq Fl ,
197then get the list from standard input.
198If this option is specified,
199.Nm
200will operate in batch mode and will not seek any user input.
201If an error is encountered while processing an account, it will write a
202message to standard error and move to the next account.
203The format
204of the input file is described below.
205.It Fl g Ar login_group
206Normally,
207if no login group is specified,
208it is assumed to be the same as the username.
209This option makes
210.Ar login_group
211the default.
212.It Fl G Ar groups
213Space-separated list of additional groups.
214This option allows the user to specify additional groups to add users to.
215The user is a member of these groups in addition to their login group.
216.It Fl h
217Print a summary of options and exit.
218.It Fl k Ar directory
219Copy files from
220.Ar directory
221into the home
222directory of new users;
223.Pa dot.foo
224will be renamed to
225.Pa .foo .
226.It Fl L Ar login_class
227Set default login class.
228.It Fl m Ar file
229Send new users a welcome message from
230.Ar file .
231Specifying a value of
232.Cm no
233for
234.Ar file
235causes no message to be sent to new users.
236Please note that the message
237file can reference the internal variables of the
238.Nm
239script.
240.It Fl M Ar mode
241Create the home directory with permissions set to
242.Ar mode .
243.It Fl N
244Do not read the default configuration file.
245.It Fl q
246Minimal user feedback.
247In particular, the random password will not be echoed to
248standard output.
249.It Fl s Ar shell
250Default shell for new users.
251The
252.Ar shell
253argument may be the base name of the shell or the full path.
254Unless the
255.Fl S
256argument is supplied the shell must exist in
257.Pa /etc/shells
258or be the special shell
259.Em nologin
260to be considered a valid shell.
261.It Fl S
262The existence or validity of the specified shell will not be checked.
263.It Fl u Ar uid
264Use UIDs from
265.Ar uid
266on up.
267.It Fl w Ar type
268Password type.
269The
270.Nm
271utility allows the user to specify what type of password to create.
272The
273.Ar type
274argument may have one of the following values:
275.Bl -tag -width ".Cm random"
276.It Cm no
277Disable the password.
278Instead of an encrypted string, the password field will contain a single
279.Ql *
280character.
281The user may not log in until the super-user
282manually enables the password.
283.It Cm none
284Use an empty string as the password.
285.It Cm yes
286Use a user-supplied string as the password.
287In interactive mode,
288the user will be prompted for the password.
289In batch mode, the
290last (10th) field in the line is assumed to be the password.
291.It Cm random
292Generate a random string and use it as a password.
293The password will be echoed to standard output.
294In addition, it will be available for inclusion in the message file in the
295.Va randompass
296variable.
297.El
298.El
299.Sh FORMAT
300When the
301.Fl f
302option is used, the account information must be stored in a specific
303format.
304All empty lines or lines beginning with a
305.Ql #
306will be ignored.
307All other lines must contain ten colon
308.Pq Ql \&:
309separated fields as described below.
310Command line options do not take precedence
311over values in the fields.
312Only the password field may contain a
313.Ql \&:
314character as part of the string.
315.Pp
316.Sm off
317.D1 Ar name : uid : gid : class : change : expire : gecos : home_dir : shell : password
318.Sm on
319.Bl -tag -width ".Ar password"
320.It Ar name
321Login name.
322This field may not be empty.
323.It Ar uid
324Numeric login user ID.
325If this field is left empty, it will be automatically generated.
326.It Ar gid
327Numeric primary group ID.
328If this field is left empty, a group with the
329same name as the user name will be created and its GID will be used
330instead.
331.It Ar class
332Login class.
333This field may be left empty.
334.It Ar change
335Password ageing.
336This field denotes the password change date for the account.
337The format of this field is the same as the format of the
338.Fl p
339argument to
340.Xr pw 8 .
341It may be
342.Ar dd Ns - Ns Ar mmm Ns - Ns Ar yy Ns Op Ar yy ,
343where
344.Ar dd
345is for the day,
346.Ar mmm
347is for the month in numeric or alphabetical format:
348.Dq Li 10
349or
350.Dq Li Oct ,
351and
352.Ar yy Ns Op Ar yy
353is the four or two digit year.
354To denote a time relative to the current date the format is:
355.No + Ns Ar n Ns Op Ar mhdwoy ,
356where
357.Ar n
358denotes a number, followed by the minutes, hours, days, weeks,
359months or years after which the password must be changed.
360This field may be left empty to turn it off.
361.It Ar expire
362Account expiration.
363This field denotes the expiry date of the account.
364The account may not be used after the specified date.
365The format of this field is the same as that for password ageing.
366This field may be left empty to turn it off.
367.It Ar gecos
368Full name and other extra information about the user.
369.It Ar home_dir
370Home directory.
371If this field is left empty, it will be automatically
372created by appending the username to the home partition.
373The
374.Pa /nonexistent
375home directory is considered special and
376is understood to mean that no home directory is to be
377created for the user.
378.It Ar shell
379Login shell.
380This field should contain either the base name or
381the full path to a valid login shell.
382.It Ar password
383User password.
384This field should contain a plaintext string, which will
385be encrypted before being placed in the user database.
386If the password type is
387.Cm yes
388and this field is empty, it is assumed the account will have an empty password.
389If the password type is
390.Cm random
391and this field is
392.Em not
393empty, its contents will be used
394as a password.
395This field will be ignored if the
396.Fl w
397option is used with a
398.Cm no
399or
400.Cm none
401argument.
402Be careful not to terminate this field with a closing
403.Ql \&:
404because it will be treated as part of the password.
405.El
406.Sh FILES
407.Bl -tag -width ".Pa /etc/adduser.message" -compact
408.It Pa /etc/master.passwd
409user database
410.It Pa /etc/group
411group database
412.It Pa /etc/shells
413shell database
414.It Pa /etc/login.conf
415login classes database
416.It Pa /etc/adduser.conf
417configuration file for
418.Nm
419.It Pa /etc/adduser.message
420message file for
421.Nm
422.It Pa /usr/share/skel
423skeletal login directory
424.It Pa /var/log/adduser
425logfile for
426.Nm
427.El
428.Sh SEE ALSO
429.Xr chpass 1 ,
430.Xr passwd 1 ,
431.Xr adduser.conf 5 ,
432.Xr aliases 5 ,
433.Xr group 5 ,
434.Xr login.conf 5 ,
435.Xr passwd 5 ,
436.Xr shells 5 ,
437.Xr pw 8 ,
438.Xr pwd_mkdb 8 ,
439.Xr rmuser 8 ,
440.Xr vipw 8 ,
441.Xr yp 8
442.Sh HISTORY
443The
444.Nm
445command appeared in
446.Fx 2.1 .
447.Sh AUTHORS
448.An -nosplit
449This manual page and the original script, in Perl, was written by
450.An Wolfram Schneider Aq Mt wosch@FreeBSD.org .
451The replacement script, written as a Bourne
452shell script with some enhancements, and the man page modification that
453came with it were done by
454.An Mike Makonnen Aq Mt mtm@identd.net .
455.Sh BUGS
456In order for
457.Nm
458to correctly expand variables such as
459.Va $username
460and
461.Va $randompass
462in the message sent to new users, it must let the shell evaluate
463each line of the message file.
464This means that shell commands can also be embedded in the message file.
465The
466.Nm
467utility attempts to mitigate the possibility of an attacker using this
468feature by refusing to evaluate the file if it is not owned and writable
469only by the root user.
470In addition, shell special characters and operators will have to be
471escaped when used in the message file.
472.Pp
473Also, password ageing and account expiry times are currently settable
474only in batch mode or when specified in
475.Pa /etc/adduser.conf .
476The user should be able to set them in interactive mode as well.
477