1.\"- 2.\" SPDX-License-Identifier: BSD-2-Clause 3.\" 4.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. 5.\" All rights reserved. 6.\" Copyright (c) 2002-2004 Michael Telahun Makonnen <mtm@FreeBSD.org> 7.\" All rights reserved. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.Dd December 1, 2024 31.Dt ADDUSER 8 32.Os 33.Sh NAME 34.Nm adduser 35.Nd command for adding new users 36.Sh SYNOPSIS 37.Nm 38.Op Fl CDENSZhq 39.Op Fl G Ar groups 40.Op Fl L Ar login_class 41.Op Fl M Ar mode 42.Op Fl d Ar partition 43.Op Fl f Ar file 44.Op Fl g Ar login_group 45.Op Fl k Ar dotdir 46.Op Fl m Ar message_file 47.Op Fl s Ar shell 48.Op Fl u Ar uid_start 49.Op Fl w Ar type 50.Sh DESCRIPTION 51The 52.Nm 53utility is a shell script, implemented around the 54.Xr pw 8 55command, for adding new users. 56It creates passwd/group entries, a home directory, 57copies dotfiles and sends the new user a welcome message. 58On systems where the parent of home directory is a ZFS dataset, 59.Nm 60will create the home directory as a ZFS dataset by default, 61unless the system administrator specified otherwise. 62It supports two modes of operation. 63It may be used interactively 64at the command line to add one user at a time, or it may be directed 65to get the list of new users from a file and operate in batch mode 66without requiring any user interaction. 67.Sh RESTRICTIONS 68.Bl -tag -width indent 69.It username 70Login name. 71The user name is restricted to whatever 72.Xr pw 8 73will accept. 74Generally this means it 75may contain only lowercase characters or digits but cannot begin with the 76.Ql - 77character. 78Maximum length 79is 16 characters. 80The reasons for this limit are historical. 81Given that people have traditionally wanted to break this 82limit for aesthetic reasons, it has never been of great importance to break 83such a basic fundamental parameter in 84.Ux . 85You can change 86.Dv UT_NAMESIZE 87in 88.In utmp.h 89and recompile the 90world; people have done this and it works, but you will have problems 91with any precompiled programs, or source that assumes the 8-character 92name limit, such as NIS. 93The NIS protocol mandates an 8-character username. 94If you need a longer login name for e-mail addresses, 95you can define an alias in 96.Pa /etc/mail/aliases . 97.It "full name" 98This is typically known as the gecos field and usually contains 99the user's full name. 100Additionally, it may contain a comma separated 101list of values such as office number and work and home phones. 102If the 103name contains an ampersand it will be replaced by the capitalized 104login name when displayed by other programs. 105The 106.Ql \&: 107character is not allowed. 108.It shell 109Unless the 110.Fl S 111argument is supplied only valid shells from the shell database 112.Pq Pa /etc/shells 113are allowed. 114In addition, 115either the base name or the full path of the shell may be supplied. 116.It UID 117Automatically generated or your choice. 118It must be less than 32000. 119.It "GID/login group" 120Automatically generated or your choice. 121It must be less than 32000. 122.It password 123You may choose an empty password, disable the password, use a 124randomly generated password or specify your own plaintext password, 125which will be encrypted before being stored in the user database. 126.El 127.Sh UNIQUE GROUPS 128Perhaps you are missing what 129.Em can 130be done with this scheme that falls apart 131with most other schemes. 132With each user in their own group, 133they can safely run with a umask of 002 instead of the usual 022 134and create files in their home directory 135without worrying about others being able to change them. 136.Pp 137For a shared area you create a separate UID/GID, you place each person 138that should be able to access this area into that new group. 139.Pp 140This model of UID/GID administration allows far greater flexibility than lumping 141users into groups and having to muck with the umask when working in a shared 142area. 143.Pp 144I have been using this model for almost 10 years and found that it works 145for most situations, and has never gotten in the way. 146(Rod Grimes) 147.Sh CONFIGURATION 148The 149.Nm 150utility reads its configuration information from 151.Pa /etc/adduser.conf . 152If this file does not exist, it will use predefined defaults. 153While this file may be edited by hand, 154the safer option is to use the 155.Fl C 156command line argument. 157With this argument, 158.Nm 159will start interactive input, save the answers to its prompts in 160.Pa /etc/adduser.conf , 161and promptly exit without modifying the user 162database. 163Options specified on the command line will take precedence over 164any values saved in this file. 165.Sh OPTIONS 166.Bl -tag -width indent 167.It Fl C 168Create new configuration file and exit. 169This option is mutually exclusive with the 170.Fl f 171option. 172.It Fl d Ar partition 173Home partition. 174Default partition, under which all user directories 175will be located. 176The 177.Pa /nonexistent 178partition is considered special. 179The 180.Nm 181script will not create and populate a home directory by that name. 182Otherwise, 183by default it attempts to create a home directory. 184.It Fl D 185Do not attempt to create the home directory. 186.It Fl E 187Disable the account. 188This option will lock the account by prepending the string 189.Dq Li *LOCKED* 190to the password field. 191The account may be unlocked 192by the super-user with the 193.Xr pw 8 194command: 195.Pp 196.D1 Nm pw Cm unlock Op Ar name | uid 197.It Fl f Ar file 198Get the list of accounts to create from 199.Ar file . 200If 201.Ar file 202is 203.Dq Fl , 204then get the list from standard input. 205If this option is specified, 206.Nm 207will operate in batch mode and will not seek any user input. 208If an error is encountered while processing an account, it will write a 209message to standard error and move to the next account. 210The format 211of the input file is described below. 212.It Fl g Ar login_group 213Normally, 214if no login group is specified, 215it is assumed to be the same as the username. 216This option makes 217.Ar login_group 218the default. 219.It Fl G Ar groups 220Space-separated list of additional groups. 221This option allows the user to specify additional groups to add users to. 222The user is a member of these groups in addition to their login group. 223.It Fl h 224Print a summary of options and exit. 225.It Fl k Ar directory 226Copy files from 227.Ar directory 228into the home 229directory of new users; 230.Pa dot.foo 231will be renamed to 232.Pa .foo . 233.It Fl L Ar login_class 234Set default login class. 235.It Fl m Ar file 236Send new users a welcome message from 237.Ar file . 238Specifying a value of 239.Cm no 240for 241.Ar file 242causes no message to be sent to new users. 243Please note that the message 244file can reference the internal variables of the 245.Nm 246script. 247.It Fl M Ar mode 248Create the home directory with permissions set to 249.Ar mode , 250modified by the current 251.Xr umask 2 . 252.It Fl N 253Do not read the default configuration file. 254.It Fl q 255Minimal user feedback. 256In particular, the random password will not be echoed to 257standard output. 258.It Fl s Ar shell 259Default shell for new users. 260The 261.Ar shell 262argument may be the base name of the shell or the full path. 263Unless the 264.Fl S 265argument is supplied the shell must exist in 266.Pa /etc/shells 267or be the special shell 268.Em nologin 269to be considered a valid shell. 270.It Fl S 271The existence or validity of the specified shell will not be checked. 272.It Fl u Ar uid 273Use UIDs from 274.Ar uid 275on up. 276.It Fl w Ar type 277Password type. 278The 279.Nm 280utility allows the user to specify what type of password to create. 281The 282.Ar type 283argument may have one of the following values: 284.Bl -tag -width ".Cm random" 285.It Cm no 286Disable the password. 287Instead of an encrypted string, the password field will contain a single 288.Ql * 289character. 290The user may not log in until the super-user 291manually enables the password. 292.It Cm none 293Use an empty string as the password. 294.It Cm yes 295Use a user-supplied string as the password. 296In interactive mode, 297the user will be prompted for the password. 298In batch mode, the 299last (10th) field in the line is assumed to be the password. 300.It Cm random 301Generate a random string and use it as a password. 302The password will be echoed to standard output. 303In addition, it will be available for inclusion in the message file in the 304.Va randompass 305variable. 306.El 307.It Fl Z 308Do not attempt to create ZFS home dataset. 309.El 310.Sh FORMAT 311When the 312.Fl f 313option is used, the account information must be stored in a specific 314format. 315All empty lines or lines beginning with a 316.Ql # 317will be ignored. 318All other lines must contain ten colon 319.Pq Ql \&: 320separated fields as described below. 321Command line options do not take precedence 322over values in the fields. 323Only the password field may contain a 324.Ql \&: 325character as part of the string. 326.Pp 327.Sm off 328.D1 Ar name : uid : gid : class : change : expire : gecos : home_dir : shell : password 329.Sm on 330.Bl -tag -width ".Ar password" 331.It Ar name 332Login name. 333This field may not be empty. 334.It Ar uid 335Numeric login user ID. 336If this field is left empty, it will be automatically generated. 337.It Ar gid 338Numeric primary group ID. 339If this field is left empty, a group with the 340same name as the user name will be created and its GID will be used 341instead. 342.It Ar class 343Login class. 344This field may be left empty. 345.It Ar change 346Password ageing. 347This field denotes the password change date for the account. 348The format of this field is the same as the format of the 349.Fl p 350argument to 351.Xr pw 8 . 352It may be 353.Ar dd Ns - Ns Ar mmm Ns - Ns Ar yy Ns Op Ar yy , 354where 355.Ar dd 356is for the day, 357.Ar mmm 358is for the month in numeric or alphabetical format: 359.Dq Li 10 360or 361.Dq Li Oct , 362and 363.Ar yy Ns Op Ar yy 364is the four or two digit year. 365To denote a time relative to the current date the format is: 366.No + Ns Ar n Ns Op Ar mhdwoy , 367where 368.Ar n 369denotes a number, followed by the minutes, hours, days, weeks, 370months or years after which the password must be changed. 371This field may be left empty to turn it off. 372.It Ar expire 373Account expiration. 374This field denotes the expiry date of the account. 375The account may not be used after the specified date. 376The format of this field is the same as that for password ageing. 377This field may be left empty to turn it off. 378.It Ar gecos 379Full name and other extra information about the user. 380.It Ar home_dir 381Home directory. 382If this field is left empty, it will be automatically 383created by appending the username to the home partition. 384The 385.Pa /nonexistent 386home directory is considered special and 387is understood to mean that no home directory is to be 388created for the user. 389.It Ar shell 390Login shell. 391This field should contain either the base name or 392the full path to a valid login shell. 393.It Ar password 394User password. 395This field should contain a plaintext string, which will 396be encrypted before being placed in the user database. 397If the password type is 398.Cm yes 399and this field is empty, it is assumed the account will have an empty password. 400If the password type is 401.Cm random 402and this field is 403.Em not 404empty, its contents will be used 405as a password. 406This field will be ignored if the 407.Fl w 408option is used with a 409.Cm no 410or 411.Cm none 412argument. 413Be careful not to terminate this field with a closing 414.Ql \&: 415because it will be treated as part of the password. 416.El 417.Sh FILES 418.Bl -tag -width ".Pa /etc/adduser.message" -compact 419.It Pa /etc/master.passwd 420user database 421.It Pa /etc/group 422group database 423.It Pa /etc/shells 424shell database 425.It Pa /etc/login.conf 426login classes database 427.It Pa /etc/adduser.conf 428configuration file for 429.Nm 430.It Pa /etc/adduser.message 431message file for 432.Nm 433.It Pa /usr/share/skel 434skeletal login directory 435.It Pa /var/log/userlog 436logfile for 437.Nm 438.El 439.Sh SEE ALSO 440.Xr chpass 1 , 441.Xr passwd 1 , 442.Xr adduser.conf 5 , 443.Xr aliases 5 , 444.Xr group 5 , 445.Xr login.conf 5 , 446.Xr passwd 5 , 447.Xr shells 5 , 448.Xr pw 8 , 449.Xr pwd_mkdb 8 , 450.Xr rmuser 8 , 451.Xr vipw 8 , 452.Xr yp 8 453.Sh HISTORY 454The 455.Nm 456command appeared in 457.Fx 2.1 . 458.Sh AUTHORS 459.An -nosplit 460This manual page and the original script, in Perl, was written by 461.An Wolfram Schneider Aq Mt wosch@FreeBSD.org . 462The replacement script, written as a Bourne 463shell script with some enhancements, and the man page modification that 464came with it were done by 465.An Mike Makonnen Aq Mt mtm@identd.net . 466.Sh BUGS 467In order for 468.Nm 469to correctly expand variables such as 470.Va $username 471and 472.Va $randompass 473in the message sent to new users, it must let the shell evaluate 474each line of the message file. 475This means that shell commands can also be embedded in the message file. 476The 477.Nm 478utility attempts to mitigate the possibility of an attacker using this 479feature by refusing to evaluate the file if it is not owned and writable 480only by the root user. 481In addition, shell special characters and operators will have to be 482escaped when used in the message file. 483.Pp 484Also, password ageing and account expiry times are currently settable 485only in batch mode or when specified in 486.Pa /etc/adduser.conf . 487The user should be able to set them in interactive mode as well. 488