1.\"- 2.\" SPDX-License-Identifier: BSD-2-Clause 3.\" 4.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. 5.\" All rights reserved. 6.\" Copyright (c) 2002-2004 Michael Telahun Makonnen <mtm@FreeBSD.org> 7.\" All rights reserved. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.Dd April 11, 2024 31.Dt ADDUSER 8 32.Os 33.Sh NAME 34.Nm adduser 35.Nd command for adding new users 36.Sh SYNOPSIS 37.Nm 38.Op Fl CDENSZhq 39.Op Fl G Ar groups 40.Op Fl L Ar login_class 41.Op Fl M Ar mode 42.Op Fl d Ar partition 43.Op Fl f Ar file 44.Op Fl g Ar login_group 45.Op Fl k Ar dotdir 46.Op Fl m Ar message_file 47.Op Fl s Ar shell 48.Op Fl u Ar uid_start 49.Op Fl w Ar type 50.Sh DESCRIPTION 51The 52.Nm 53utility is a shell script, implemented around the 54.Xr pw 8 55command, for adding new users. 56It creates passwd/group entries, a home directory, 57copies dotfiles and sends the new user a welcome message. 58On systems where the parent of home directory is a ZFS dataset, 59.Nm 60will create the home directory as a ZFS dataset by default, 61unless the system administrator specified otherwise. 62It supports two modes of operation. 63It may be used interactively 64at the command line to add one user at a time, or it may be directed 65to get the list of new users from a file and operate in batch mode 66without requiring any user interaction. 67.Sh RESTRICTIONS 68.Bl -tag -width indent 69.It username 70Login name. 71The user name is restricted to whatever 72.Xr pw 8 73will accept. 74Generally this means it 75may contain only lowercase characters or digits but cannot begin with the 76.Ql - 77character. 78Maximum length 79is 16 characters. 80The reasons for this limit are historical. 81Given that people have traditionally wanted to break this 82limit for aesthetic reasons, it has never been of great importance to break 83such a basic fundamental parameter in 84.Ux . 85You can change 86.Dv UT_NAMESIZE 87in 88.In utmp.h 89and recompile the 90world; people have done this and it works, but you will have problems 91with any precompiled programs, or source that assumes the 8-character 92name limit, such as NIS. 93The NIS protocol mandates an 8-character username. 94If you need a longer login name for e-mail addresses, 95you can define an alias in 96.Pa /etc/mail/aliases . 97.It "full name" 98This is typically known as the gecos field and usually contains 99the user's full name. 100Additionally, it may contain a comma separated 101list of values such as office number and work and home phones. 102If the 103name contains an ampersand it will be replaced by the capitalized 104login name when displayed by other programs. 105The 106.Ql \&: 107character is not allowed. 108.It shell 109Unless the 110.Fl S 111argument is supplied only valid shells from the shell database 112.Pq Pa /etc/shells 113are allowed. 114In addition, 115either the base name or the full path of the shell may be supplied. 116.It UID 117Automatically generated or your choice. 118It must be less than 32000. 119.It "GID/login group" 120Automatically generated or your choice. 121It must be less than 32000. 122.It password 123You may choose an empty password, disable the password, use a 124randomly generated password or specify your own plaintext password, 125which will be encrypted before being stored in the user database. 126.El 127.Sh UNIQUE GROUPS 128Perhaps you are missing what 129.Em can 130be done with this scheme that falls apart 131with most other schemes. 132With each user in their own group, 133they can safely run with a umask of 002 instead of the usual 022 134and create files in their home directory 135without worrying about others being able to change them. 136.Pp 137For a shared area you create a separate UID/GID, you place each person 138that should be able to access this area into that new group. 139.Pp 140This model of UID/GID administration allows far greater flexibility than lumping 141users into groups and having to muck with the umask when working in a shared 142area. 143.Pp 144I have been using this model for almost 10 years and found that it works 145for most situations, and has never gotten in the way. 146(Rod Grimes) 147.Sh CONFIGURATION 148The 149.Nm 150utility reads its configuration information from 151.Pa /etc/adduser.conf . 152If this file does not exist, it will use predefined defaults. 153While this file may be edited by hand, 154the safer option is to use the 155.Fl C 156command line argument. 157With this argument, 158.Nm 159will start interactive input, save the answers to its prompts in 160.Pa /etc/adduser.conf , 161and promptly exit without modifying the user 162database. 163Options specified on the command line will take precedence over 164any values saved in this file. 165.Sh OPTIONS 166.Bl -tag -width indent 167.It Fl C 168Create new configuration file and exit. 169This option is mutually exclusive with the 170.Fl f 171option. 172.It Fl d Ar partition 173Home partition. 174Default partition, under which all user directories 175will be located. 176The 177.Pa /nonexistent 178partition is considered special. 179The 180.Nm 181script will not create and populate a home directory by that name. 182Otherwise, 183by default it attempts to create a home directory. 184.It Fl D 185Do not attempt to create the home directory. 186.It Fl E 187Disable the account. 188This option will lock the account by prepending the string 189.Dq Li *LOCKED* 190to the password field. 191The account may be unlocked 192by the super-user with the 193.Xr pw 8 194command: 195.Pp 196.D1 Nm pw Cm unlock Op Ar name | uid 197.It Fl f Ar file 198Get the list of accounts to create from 199.Ar file . 200If 201.Ar file 202is 203.Dq Fl , 204then get the list from standard input. 205If this option is specified, 206.Nm 207will operate in batch mode and will not seek any user input. 208If an error is encountered while processing an account, it will write a 209message to standard error and move to the next account. 210The format 211of the input file is described below. 212.It Fl g Ar login_group 213Normally, 214if no login group is specified, 215it is assumed to be the same as the username. 216This option makes 217.Ar login_group 218the default. 219.It Fl G Ar groups 220Space-separated list of additional groups. 221This option allows the user to specify additional groups to add users to. 222The user is a member of these groups in addition to their login group. 223.It Fl h 224Print a summary of options and exit. 225.It Fl k Ar directory 226Copy files from 227.Ar directory 228into the home 229directory of new users; 230.Pa dot.foo 231will be renamed to 232.Pa .foo . 233.It Fl L Ar login_class 234Set default login class. 235.It Fl m Ar file 236Send new users a welcome message from 237.Ar file . 238Specifying a value of 239.Cm no 240for 241.Ar file 242causes no message to be sent to new users. 243Please note that the message 244file can reference the internal variables of the 245.Nm 246script. 247.It Fl M Ar mode 248Create the home directory with permissions set to 249.Ar mode . 250.It Fl N 251Do not read the default configuration file. 252.It Fl q 253Minimal user feedback. 254In particular, the random password will not be echoed to 255standard output. 256.It Fl s Ar shell 257Default shell for new users. 258The 259.Ar shell 260argument may be the base name of the shell or the full path. 261Unless the 262.Fl S 263argument is supplied the shell must exist in 264.Pa /etc/shells 265or be the special shell 266.Em nologin 267to be considered a valid shell. 268.It Fl S 269The existence or validity of the specified shell will not be checked. 270.It Fl u Ar uid 271Use UIDs from 272.Ar uid 273on up. 274.It Fl w Ar type 275Password type. 276The 277.Nm 278utility allows the user to specify what type of password to create. 279The 280.Ar type 281argument may have one of the following values: 282.Bl -tag -width ".Cm random" 283.It Cm no 284Disable the password. 285Instead of an encrypted string, the password field will contain a single 286.Ql * 287character. 288The user may not log in until the super-user 289manually enables the password. 290.It Cm none 291Use an empty string as the password. 292.It Cm yes 293Use a user-supplied string as the password. 294In interactive mode, 295the user will be prompted for the password. 296In batch mode, the 297last (10th) field in the line is assumed to be the password. 298.It Cm random 299Generate a random string and use it as a password. 300The password will be echoed to standard output. 301In addition, it will be available for inclusion in the message file in the 302.Va randompass 303variable. 304.El 305.It Fl Z 306Do not attempt to create ZFS home dataset. 307.El 308.Sh FORMAT 309When the 310.Fl f 311option is used, the account information must be stored in a specific 312format. 313All empty lines or lines beginning with a 314.Ql # 315will be ignored. 316All other lines must contain ten colon 317.Pq Ql \&: 318separated fields as described below. 319Command line options do not take precedence 320over values in the fields. 321Only the password field may contain a 322.Ql \&: 323character as part of the string. 324.Pp 325.Sm off 326.D1 Ar name : uid : gid : class : change : expire : gecos : home_dir : shell : password 327.Sm on 328.Bl -tag -width ".Ar password" 329.It Ar name 330Login name. 331This field may not be empty. 332.It Ar uid 333Numeric login user ID. 334If this field is left empty, it will be automatically generated. 335.It Ar gid 336Numeric primary group ID. 337If this field is left empty, a group with the 338same name as the user name will be created and its GID will be used 339instead. 340.It Ar class 341Login class. 342This field may be left empty. 343.It Ar change 344Password ageing. 345This field denotes the password change date for the account. 346The format of this field is the same as the format of the 347.Fl p 348argument to 349.Xr pw 8 . 350It may be 351.Ar dd Ns - Ns Ar mmm Ns - Ns Ar yy Ns Op Ar yy , 352where 353.Ar dd 354is for the day, 355.Ar mmm 356is for the month in numeric or alphabetical format: 357.Dq Li 10 358or 359.Dq Li Oct , 360and 361.Ar yy Ns Op Ar yy 362is the four or two digit year. 363To denote a time relative to the current date the format is: 364.No + Ns Ar n Ns Op Ar mhdwoy , 365where 366.Ar n 367denotes a number, followed by the minutes, hours, days, weeks, 368months or years after which the password must be changed. 369This field may be left empty to turn it off. 370.It Ar expire 371Account expiration. 372This field denotes the expiry date of the account. 373The account may not be used after the specified date. 374The format of this field is the same as that for password ageing. 375This field may be left empty to turn it off. 376.It Ar gecos 377Full name and other extra information about the user. 378.It Ar home_dir 379Home directory. 380If this field is left empty, it will be automatically 381created by appending the username to the home partition. 382The 383.Pa /nonexistent 384home directory is considered special and 385is understood to mean that no home directory is to be 386created for the user. 387.It Ar shell 388Login shell. 389This field should contain either the base name or 390the full path to a valid login shell. 391.It Ar password 392User password. 393This field should contain a plaintext string, which will 394be encrypted before being placed in the user database. 395If the password type is 396.Cm yes 397and this field is empty, it is assumed the account will have an empty password. 398If the password type is 399.Cm random 400and this field is 401.Em not 402empty, its contents will be used 403as a password. 404This field will be ignored if the 405.Fl w 406option is used with a 407.Cm no 408or 409.Cm none 410argument. 411Be careful not to terminate this field with a closing 412.Ql \&: 413because it will be treated as part of the password. 414.El 415.Sh FILES 416.Bl -tag -width ".Pa /etc/adduser.message" -compact 417.It Pa /etc/master.passwd 418user database 419.It Pa /etc/group 420group database 421.It Pa /etc/shells 422shell database 423.It Pa /etc/login.conf 424login classes database 425.It Pa /etc/adduser.conf 426configuration file for 427.Nm 428.It Pa /etc/adduser.message 429message file for 430.Nm 431.It Pa /usr/share/skel 432skeletal login directory 433.It Pa /var/log/userlog 434logfile for 435.Nm 436.El 437.Sh SEE ALSO 438.Xr chpass 1 , 439.Xr passwd 1 , 440.Xr adduser.conf 5 , 441.Xr aliases 5 , 442.Xr group 5 , 443.Xr login.conf 5 , 444.Xr passwd 5 , 445.Xr shells 5 , 446.Xr pw 8 , 447.Xr pwd_mkdb 8 , 448.Xr rmuser 8 , 449.Xr vipw 8 , 450.Xr yp 8 451.Sh HISTORY 452The 453.Nm 454command appeared in 455.Fx 2.1 . 456.Sh AUTHORS 457.An -nosplit 458This manual page and the original script, in Perl, was written by 459.An Wolfram Schneider Aq Mt wosch@FreeBSD.org . 460The replacement script, written as a Bourne 461shell script with some enhancements, and the man page modification that 462came with it were done by 463.An Mike Makonnen Aq Mt mtm@identd.net . 464.Sh BUGS 465In order for 466.Nm 467to correctly expand variables such as 468.Va $username 469and 470.Va $randompass 471in the message sent to new users, it must let the shell evaluate 472each line of the message file. 473This means that shell commands can also be embedded in the message file. 474The 475.Nm 476utility attempts to mitigate the possibility of an attacker using this 477feature by refusing to evaluate the file if it is not owned and writable 478only by the root user. 479In addition, shell special characters and operators will have to be 480escaped when used in the message file. 481.Pp 482Also, password ageing and account expiry times are currently settable 483only in batch mode or when specified in 484.Pa /etc/adduser.conf . 485The user should be able to set them in interactive mode as well. 486