xref: /freebsd/usr.sbin/adduser/adduser.8 (revision 8aac90f18aef7c9eea906c3ff9a001ca7b94f375)
1.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin.
2.\" All rights reserved.
3.\" Copyright (c) 2002-2004 Michael Telahun Makonnen <mtm@FreeBSD.org>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.Dd April 11, 2024
28.Dt ADDUSER 8
29.Os
30.Sh NAME
31.Nm adduser
32.Nd command for adding new users
33.Sh SYNOPSIS
34.Nm
35.Op Fl CDENSZhq
36.Op Fl G Ar groups
37.Op Fl L Ar login_class
38.Op Fl M Ar mode
39.Op Fl d Ar partition
40.Op Fl f Ar file
41.Op Fl g Ar login_group
42.Op Fl k Ar dotdir
43.Op Fl m Ar message_file
44.Op Fl s Ar shell
45.Op Fl u Ar uid_start
46.Op Fl w Ar type
47.Sh DESCRIPTION
48The
49.Nm
50utility is a shell script, implemented around the
51.Xr pw 8
52command, for adding new users.
53It creates passwd/group entries, a home directory,
54copies dotfiles and sends the new user a welcome message.
55On systems where the parent of home directory is a ZFS dataset,
56.Nm
57will create the home directory as a ZFS dataset by default,
58unless the system administrator specified otherwise.
59It supports two modes of operation.
60It may be used interactively
61at the command line to add one user at a time, or it may be directed
62to get the list of new users from a file and operate in batch mode
63without requiring any user interaction.
64.Sh RESTRICTIONS
65.Bl -tag -width indent
66.It username
67Login name.
68The user name is restricted to whatever
69.Xr pw 8
70will accept.
71Generally this means it
72may contain only lowercase characters or digits but cannot begin with the
73.Ql -
74character.
75Maximum length
76is 16 characters.
77The reasons for this limit are historical.
78Given that people have traditionally wanted to break this
79limit for aesthetic reasons, it has never been of great importance to break
80such a basic fundamental parameter in
81.Ux .
82You can change
83.Dv UT_NAMESIZE
84in
85.In utmp.h
86and recompile the
87world; people have done this and it works, but you will have problems
88with any precompiled programs, or source that assumes the 8-character
89name limit, such as NIS.
90The NIS protocol mandates an 8-character username.
91If you need a longer login name for e-mail addresses,
92you can define an alias in
93.Pa /etc/mail/aliases .
94.It "full name"
95This is typically known as the gecos field and usually contains
96the user's full name.
97Additionally, it may contain a comma separated
98list of values such as office number and work and home phones.
99If the
100name contains an ampersand it will be replaced by the capitalized
101login name when displayed by other programs.
102The
103.Ql \&:
104character is not allowed.
105.It shell
106Unless the
107.Fl S
108argument is supplied only valid shells from the shell database
109.Pq Pa /etc/shells
110are allowed.
111In addition,
112either the base name or the full path of the shell may be supplied.
113.It UID
114Automatically generated or your choice.
115It must be less than 32000.
116.It "GID/login group"
117Automatically generated or your choice.
118It must be less than 32000.
119.It password
120You may choose an empty password, disable the password, use a
121randomly generated password or specify your own plaintext password,
122which will be encrypted before being stored in the user database.
123.El
124.Sh UNIQUE GROUPS
125Perhaps you are missing what
126.Em can
127be done with this scheme that falls apart
128with most other schemes.
129With each user in their own group,
130they can safely run with a umask of 002 instead of the usual 022
131and create files in their home directory
132without worrying about others being able to change them.
133.Pp
134For a shared area you create a separate UID/GID, you place each person
135that should be able to access this area into that new group.
136.Pp
137This model of UID/GID administration allows far greater flexibility than lumping
138users into groups and having to muck with the umask when working in a shared
139area.
140.Pp
141I have been using this model for almost 10 years and found that it works
142for most situations, and has never gotten in the way.
143(Rod Grimes)
144.Sh CONFIGURATION
145The
146.Nm
147utility reads its configuration information from
148.Pa /etc/adduser.conf .
149If this file does not exist, it will use predefined defaults.
150While this file may be edited by hand,
151the safer option is to use the
152.Fl C
153command line argument.
154With this argument,
155.Nm
156will start interactive input, save the answers to its prompts in
157.Pa /etc/adduser.conf ,
158and promptly exit without modifying the user
159database.
160Options specified on the command line will take precedence over
161any values saved in this file.
162.Sh OPTIONS
163.Bl -tag -width indent
164.It Fl C
165Create new configuration file and exit.
166This option is mutually exclusive with the
167.Fl f
168option.
169.It Fl d Ar partition
170Home partition.
171Default partition, under which all user directories
172will be located.
173The
174.Pa /nonexistent
175partition is considered special.
176The
177.Nm
178script will not create and populate a home directory by that name.
179Otherwise,
180by default it attempts to create a home directory.
181.It Fl D
182Do not attempt to create the home directory.
183.It Fl E
184Disable the account.
185This option will lock the account by prepending the string
186.Dq Li *LOCKED*
187to the password field.
188The account may be unlocked
189by the super-user with the
190.Xr pw 8
191command:
192.Pp
193.D1 Nm pw Cm unlock Op Ar name | uid
194.It Fl f Ar file
195Get the list of accounts to create from
196.Ar file .
197If
198.Ar file
199is
200.Dq Fl ,
201then get the list from standard input.
202If this option is specified,
203.Nm
204will operate in batch mode and will not seek any user input.
205If an error is encountered while processing an account, it will write a
206message to standard error and move to the next account.
207The format
208of the input file is described below.
209.It Fl g Ar login_group
210Normally,
211if no login group is specified,
212it is assumed to be the same as the username.
213This option makes
214.Ar login_group
215the default.
216.It Fl G Ar groups
217Space-separated list of additional groups.
218This option allows the user to specify additional groups to add users to.
219The user is a member of these groups in addition to their login group.
220.It Fl h
221Print a summary of options and exit.
222.It Fl k Ar directory
223Copy files from
224.Ar directory
225into the home
226directory of new users;
227.Pa dot.foo
228will be renamed to
229.Pa .foo .
230.It Fl L Ar login_class
231Set default login class.
232.It Fl m Ar file
233Send new users a welcome message from
234.Ar file .
235Specifying a value of
236.Cm no
237for
238.Ar file
239causes no message to be sent to new users.
240Please note that the message
241file can reference the internal variables of the
242.Nm
243script.
244.It Fl M Ar mode
245Create the home directory with permissions set to
246.Ar mode .
247.It Fl N
248Do not read the default configuration file.
249.It Fl q
250Minimal user feedback.
251In particular, the random password will not be echoed to
252standard output.
253.It Fl s Ar shell
254Default shell for new users.
255The
256.Ar shell
257argument may be the base name of the shell or the full path.
258Unless the
259.Fl S
260argument is supplied the shell must exist in
261.Pa /etc/shells
262or be the special shell
263.Em nologin
264to be considered a valid shell.
265.It Fl S
266The existence or validity of the specified shell will not be checked.
267.It Fl u Ar uid
268Use UIDs from
269.Ar uid
270on up.
271.It Fl w Ar type
272Password type.
273The
274.Nm
275utility allows the user to specify what type of password to create.
276The
277.Ar type
278argument may have one of the following values:
279.Bl -tag -width ".Cm random"
280.It Cm no
281Disable the password.
282Instead of an encrypted string, the password field will contain a single
283.Ql *
284character.
285The user may not log in until the super-user
286manually enables the password.
287.It Cm none
288Use an empty string as the password.
289.It Cm yes
290Use a user-supplied string as the password.
291In interactive mode,
292the user will be prompted for the password.
293In batch mode, the
294last (10th) field in the line is assumed to be the password.
295.It Cm random
296Generate a random string and use it as a password.
297The password will be echoed to standard output.
298In addition, it will be available for inclusion in the message file in the
299.Va randompass
300variable.
301.El
302.It Fl Z
303Do not attempt to create ZFS home dataset.
304.El
305.Sh FORMAT
306When the
307.Fl f
308option is used, the account information must be stored in a specific
309format.
310All empty lines or lines beginning with a
311.Ql #
312will be ignored.
313All other lines must contain ten colon
314.Pq Ql \&:
315separated fields as described below.
316Command line options do not take precedence
317over values in the fields.
318Only the password field may contain a
319.Ql \&:
320character as part of the string.
321.Pp
322.Sm off
323.D1 Ar name : uid : gid : class : change : expire : gecos : home_dir : shell : password
324.Sm on
325.Bl -tag -width ".Ar password"
326.It Ar name
327Login name.
328This field may not be empty.
329.It Ar uid
330Numeric login user ID.
331If this field is left empty, it will be automatically generated.
332.It Ar gid
333Numeric primary group ID.
334If this field is left empty, a group with the
335same name as the user name will be created and its GID will be used
336instead.
337.It Ar class
338Login class.
339This field may be left empty.
340.It Ar change
341Password ageing.
342This field denotes the password change date for the account.
343The format of this field is the same as the format of the
344.Fl p
345argument to
346.Xr pw 8 .
347It may be
348.Ar dd Ns - Ns Ar mmm Ns - Ns Ar yy Ns Op Ar yy ,
349where
350.Ar dd
351is for the day,
352.Ar mmm
353is for the month in numeric or alphabetical format:
354.Dq Li 10
355or
356.Dq Li Oct ,
357and
358.Ar yy Ns Op Ar yy
359is the four or two digit year.
360To denote a time relative to the current date the format is:
361.No + Ns Ar n Ns Op Ar mhdwoy ,
362where
363.Ar n
364denotes a number, followed by the minutes, hours, days, weeks,
365months or years after which the password must be changed.
366This field may be left empty to turn it off.
367.It Ar expire
368Account expiration.
369This field denotes the expiry date of the account.
370The account may not be used after the specified date.
371The format of this field is the same as that for password ageing.
372This field may be left empty to turn it off.
373.It Ar gecos
374Full name and other extra information about the user.
375.It Ar home_dir
376Home directory.
377If this field is left empty, it will be automatically
378created by appending the username to the home partition.
379The
380.Pa /nonexistent
381home directory is considered special and
382is understood to mean that no home directory is to be
383created for the user.
384.It Ar shell
385Login shell.
386This field should contain either the base name or
387the full path to a valid login shell.
388.It Ar password
389User password.
390This field should contain a plaintext string, which will
391be encrypted before being placed in the user database.
392If the password type is
393.Cm yes
394and this field is empty, it is assumed the account will have an empty password.
395If the password type is
396.Cm random
397and this field is
398.Em not
399empty, its contents will be used
400as a password.
401This field will be ignored if the
402.Fl w
403option is used with a
404.Cm no
405or
406.Cm none
407argument.
408Be careful not to terminate this field with a closing
409.Ql \&:
410because it will be treated as part of the password.
411.El
412.Sh FILES
413.Bl -tag -width ".Pa /etc/adduser.message" -compact
414.It Pa /etc/master.passwd
415user database
416.It Pa /etc/group
417group database
418.It Pa /etc/shells
419shell database
420.It Pa /etc/login.conf
421login classes database
422.It Pa /etc/adduser.conf
423configuration file for
424.Nm
425.It Pa /etc/adduser.message
426message file for
427.Nm
428.It Pa /usr/share/skel
429skeletal login directory
430.It Pa /var/log/adduser
431logfile for
432.Nm
433.El
434.Sh SEE ALSO
435.Xr chpass 1 ,
436.Xr passwd 1 ,
437.Xr adduser.conf 5 ,
438.Xr aliases 5 ,
439.Xr group 5 ,
440.Xr login.conf 5 ,
441.Xr passwd 5 ,
442.Xr shells 5 ,
443.Xr pw 8 ,
444.Xr pwd_mkdb 8 ,
445.Xr rmuser 8 ,
446.Xr vipw 8 ,
447.Xr yp 8
448.Sh HISTORY
449The
450.Nm
451command appeared in
452.Fx 2.1 .
453.Sh AUTHORS
454.An -nosplit
455This manual page and the original script, in Perl, was written by
456.An Wolfram Schneider Aq Mt wosch@FreeBSD.org .
457The replacement script, written as a Bourne
458shell script with some enhancements, and the man page modification that
459came with it were done by
460.An Mike Makonnen Aq Mt mtm@identd.net .
461.Sh BUGS
462In order for
463.Nm
464to correctly expand variables such as
465.Va $username
466and
467.Va $randompass
468in the message sent to new users, it must let the shell evaluate
469each line of the message file.
470This means that shell commands can also be embedded in the message file.
471The
472.Nm
473utility attempts to mitigate the possibility of an attacker using this
474feature by refusing to evaluate the file if it is not owned and writable
475only by the root user.
476In addition, shell special characters and operators will have to be
477escaped when used in the message file.
478.Pp
479Also, password ageing and account expiry times are currently settable
480only in batch mode or when specified in
481.Pa /etc/adduser.conf .
482The user should be able to set them in interactive mode as well.
483