xref: /freebsd/usr.sbin/adduser/adduser.8 (revision e47161e5f1f01ef300c6e7efdb9c92e3a6c497ff)
1.\"-
2.\" SPDX-License-Identifier: BSD-2-Clause
3.\"
4.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin.
5.\" All rights reserved.
6.\" Copyright (c) 2002-2004 Michael Telahun Makonnen <mtm@FreeBSD.org>
7.\" All rights reserved.
8.\"
9.\" Redistribution and use in source and binary forms, with or without
10.\" modification, are permitted provided that the following conditions
11.\" are met:
12.\" 1. Redistributions of source code must retain the above copyright
13.\"    notice, this list of conditions and the following disclaimer.
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in the
16.\"    documentation and/or other materials provided with the distribution.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28.\" SUCH DAMAGE.
29.\"
30.Dd April 11, 2024
31.Dt ADDUSER 8
32.Os
33.Sh NAME
34.Nm adduser
35.Nd command for adding new users
36.Sh SYNOPSIS
37.Nm
38.Op Fl CDENSZhq
39.Op Fl G Ar groups
40.Op Fl L Ar login_class
41.Op Fl M Ar mode
42.Op Fl d Ar partition
43.Op Fl f Ar file
44.Op Fl g Ar login_group
45.Op Fl k Ar dotdir
46.Op Fl m Ar message_file
47.Op Fl s Ar shell
48.Op Fl u Ar uid_start
49.Op Fl w Ar type
50.Sh DESCRIPTION
51The
52.Nm
53utility is a shell script, implemented around the
54.Xr pw 8
55command, for adding new users.
56It creates passwd/group entries, a home directory,
57copies dotfiles and sends the new user a welcome message.
58On systems where the parent of home directory is a ZFS dataset,
59.Nm
60will create the home directory as a ZFS dataset by default,
61unless the system administrator specified otherwise.
62It supports two modes of operation.
63It may be used interactively
64at the command line to add one user at a time, or it may be directed
65to get the list of new users from a file and operate in batch mode
66without requiring any user interaction.
67.Sh RESTRICTIONS
68.Bl -tag -width indent
69.It username
70Login name.
71The user name is restricted to whatever
72.Xr pw 8
73will accept.
74Generally this means it
75may contain only lowercase characters or digits but cannot begin with the
76.Ql -
77character.
78Maximum length
79is 16 characters.
80The reasons for this limit are historical.
81Given that people have traditionally wanted to break this
82limit for aesthetic reasons, it has never been of great importance to break
83such a basic fundamental parameter in
84.Ux .
85You can change
86.Dv UT_NAMESIZE
87in
88.In utmp.h
89and recompile the
90world; people have done this and it works, but you will have problems
91with any precompiled programs, or source that assumes the 8-character
92name limit, such as NIS.
93The NIS protocol mandates an 8-character username.
94If you need a longer login name for e-mail addresses,
95you can define an alias in
96.Pa /etc/mail/aliases .
97.It "full name"
98This is typically known as the gecos field and usually contains
99the user's full name.
100Additionally, it may contain a comma separated
101list of values such as office number and work and home phones.
102If the
103name contains an ampersand it will be replaced by the capitalized
104login name when displayed by other programs.
105The
106.Ql \&:
107character is not allowed.
108.It shell
109Unless the
110.Fl S
111argument is supplied only valid shells from the shell database
112.Pq Pa /etc/shells
113are allowed.
114In addition,
115either the base name or the full path of the shell may be supplied.
116.It UID
117Automatically generated or your choice.
118It must be less than 32000.
119.It "GID/login group"
120Automatically generated or your choice.
121It must be less than 32000.
122.It password
123You may choose an empty password, disable the password, use a
124randomly generated password or specify your own plaintext password,
125which will be encrypted before being stored in the user database.
126.El
127.Sh UNIQUE GROUPS
128Perhaps you are missing what
129.Em can
130be done with this scheme that falls apart
131with most other schemes.
132With each user in their own group,
133they can safely run with a umask of 002 instead of the usual 022
134and create files in their home directory
135without worrying about others being able to change them.
136.Pp
137For a shared area you create a separate UID/GID, you place each person
138that should be able to access this area into that new group.
139.Pp
140This model of UID/GID administration allows far greater flexibility than lumping
141users into groups and having to muck with the umask when working in a shared
142area.
143.Pp
144I have been using this model for almost 10 years and found that it works
145for most situations, and has never gotten in the way.
146(Rod Grimes)
147.Sh CONFIGURATION
148The
149.Nm
150utility reads its configuration information from
151.Pa /etc/adduser.conf .
152If this file does not exist, it will use predefined defaults.
153While this file may be edited by hand,
154the safer option is to use the
155.Fl C
156command line argument.
157With this argument,
158.Nm
159will start interactive input, save the answers to its prompts in
160.Pa /etc/adduser.conf ,
161and promptly exit without modifying the user
162database.
163Options specified on the command line will take precedence over
164any values saved in this file.
165.Sh OPTIONS
166.Bl -tag -width indent
167.It Fl C
168Create new configuration file and exit.
169This option is mutually exclusive with the
170.Fl f
171option.
172.It Fl d Ar partition
173Home partition.
174Default partition, under which all user directories
175will be located.
176The
177.Pa /nonexistent
178partition is considered special.
179The
180.Nm
181script will not create and populate a home directory by that name.
182Otherwise,
183by default it attempts to create a home directory.
184.It Fl D
185Do not attempt to create the home directory.
186.It Fl E
187Disable the account.
188This option will lock the account by prepending the string
189.Dq Li *LOCKED*
190to the password field.
191The account may be unlocked
192by the super-user with the
193.Xr pw 8
194command:
195.Pp
196.D1 Nm pw Cm unlock Op Ar name | uid
197.It Fl f Ar file
198Get the list of accounts to create from
199.Ar file .
200If
201.Ar file
202is
203.Dq Fl ,
204then get the list from standard input.
205If this option is specified,
206.Nm
207will operate in batch mode and will not seek any user input.
208If an error is encountered while processing an account, it will write a
209message to standard error and move to the next account.
210The format
211of the input file is described below.
212.It Fl g Ar login_group
213Normally,
214if no login group is specified,
215it is assumed to be the same as the username.
216This option makes
217.Ar login_group
218the default.
219.It Fl G Ar groups
220Space-separated list of additional groups.
221This option allows the user to specify additional groups to add users to.
222The user is a member of these groups in addition to their login group.
223.It Fl h
224Print a summary of options and exit.
225.It Fl k Ar directory
226Copy files from
227.Ar directory
228into the home
229directory of new users;
230.Pa dot.foo
231will be renamed to
232.Pa .foo .
233.It Fl L Ar login_class
234Set default login class.
235.It Fl m Ar file
236Send new users a welcome message from
237.Ar file .
238Specifying a value of
239.Cm no
240for
241.Ar file
242causes no message to be sent to new users.
243Please note that the message
244file can reference the internal variables of the
245.Nm
246script.
247.It Fl M Ar mode
248Create the home directory with permissions set to
249.Ar mode .
250.It Fl N
251Do not read the default configuration file.
252.It Fl q
253Minimal user feedback.
254In particular, the random password will not be echoed to
255standard output.
256.It Fl s Ar shell
257Default shell for new users.
258The
259.Ar shell
260argument may be the base name of the shell or the full path.
261Unless the
262.Fl S
263argument is supplied the shell must exist in
264.Pa /etc/shells
265or be the special shell
266.Em nologin
267to be considered a valid shell.
268.It Fl S
269The existence or validity of the specified shell will not be checked.
270.It Fl u Ar uid
271Use UIDs from
272.Ar uid
273on up.
274.It Fl w Ar type
275Password type.
276The
277.Nm
278utility allows the user to specify what type of password to create.
279The
280.Ar type
281argument may have one of the following values:
282.Bl -tag -width ".Cm random"
283.It Cm no
284Disable the password.
285Instead of an encrypted string, the password field will contain a single
286.Ql *
287character.
288The user may not log in until the super-user
289manually enables the password.
290.It Cm none
291Use an empty string as the password.
292.It Cm yes
293Use a user-supplied string as the password.
294In interactive mode,
295the user will be prompted for the password.
296In batch mode, the
297last (10th) field in the line is assumed to be the password.
298.It Cm random
299Generate a random string and use it as a password.
300The password will be echoed to standard output.
301In addition, it will be available for inclusion in the message file in the
302.Va randompass
303variable.
304.El
305.It Fl Z
306Do not attempt to create ZFS home dataset.
307.El
308.Sh FORMAT
309When the
310.Fl f
311option is used, the account information must be stored in a specific
312format.
313All empty lines or lines beginning with a
314.Ql #
315will be ignored.
316All other lines must contain ten colon
317.Pq Ql \&:
318separated fields as described below.
319Command line options do not take precedence
320over values in the fields.
321Only the password field may contain a
322.Ql \&:
323character as part of the string.
324.Pp
325.Sm off
326.D1 Ar name : uid : gid : class : change : expire : gecos : home_dir : shell : password
327.Sm on
328.Bl -tag -width ".Ar password"
329.It Ar name
330Login name.
331This field may not be empty.
332.It Ar uid
333Numeric login user ID.
334If this field is left empty, it will be automatically generated.
335.It Ar gid
336Numeric primary group ID.
337If this field is left empty, a group with the
338same name as the user name will be created and its GID will be used
339instead.
340.It Ar class
341Login class.
342This field may be left empty.
343.It Ar change
344Password ageing.
345This field denotes the password change date for the account.
346The format of this field is the same as the format of the
347.Fl p
348argument to
349.Xr pw 8 .
350It may be
351.Ar dd Ns - Ns Ar mmm Ns - Ns Ar yy Ns Op Ar yy ,
352where
353.Ar dd
354is for the day,
355.Ar mmm
356is for the month in numeric or alphabetical format:
357.Dq Li 10
358or
359.Dq Li Oct ,
360and
361.Ar yy Ns Op Ar yy
362is the four or two digit year.
363To denote a time relative to the current date the format is:
364.No + Ns Ar n Ns Op Ar mhdwoy ,
365where
366.Ar n
367denotes a number, followed by the minutes, hours, days, weeks,
368months or years after which the password must be changed.
369This field may be left empty to turn it off.
370.It Ar expire
371Account expiration.
372This field denotes the expiry date of the account.
373The account may not be used after the specified date.
374The format of this field is the same as that for password ageing.
375This field may be left empty to turn it off.
376.It Ar gecos
377Full name and other extra information about the user.
378.It Ar home_dir
379Home directory.
380If this field is left empty, it will be automatically
381created by appending the username to the home partition.
382The
383.Pa /nonexistent
384home directory is considered special and
385is understood to mean that no home directory is to be
386created for the user.
387.It Ar shell
388Login shell.
389This field should contain either the base name or
390the full path to a valid login shell.
391.It Ar password
392User password.
393This field should contain a plaintext string, which will
394be encrypted before being placed in the user database.
395If the password type is
396.Cm yes
397and this field is empty, it is assumed the account will have an empty password.
398If the password type is
399.Cm random
400and this field is
401.Em not
402empty, its contents will be used
403as a password.
404This field will be ignored if the
405.Fl w
406option is used with a
407.Cm no
408or
409.Cm none
410argument.
411Be careful not to terminate this field with a closing
412.Ql \&:
413because it will be treated as part of the password.
414.El
415.Sh FILES
416.Bl -tag -width ".Pa /etc/adduser.message" -compact
417.It Pa /etc/master.passwd
418user database
419.It Pa /etc/group
420group database
421.It Pa /etc/shells
422shell database
423.It Pa /etc/login.conf
424login classes database
425.It Pa /etc/adduser.conf
426configuration file for
427.Nm
428.It Pa /etc/adduser.message
429message file for
430.Nm
431.It Pa /usr/share/skel
432skeletal login directory
433.It Pa /var/log/userlog
434logfile for
435.Nm
436.El
437.Sh SEE ALSO
438.Xr chpass 1 ,
439.Xr passwd 1 ,
440.Xr adduser.conf 5 ,
441.Xr aliases 5 ,
442.Xr group 5 ,
443.Xr login.conf 5 ,
444.Xr passwd 5 ,
445.Xr shells 5 ,
446.Xr pw 8 ,
447.Xr pwd_mkdb 8 ,
448.Xr rmuser 8 ,
449.Xr vipw 8 ,
450.Xr yp 8
451.Sh HISTORY
452The
453.Nm
454command appeared in
455.Fx 2.1 .
456.Sh AUTHORS
457.An -nosplit
458This manual page and the original script, in Perl, was written by
459.An Wolfram Schneider Aq Mt wosch@FreeBSD.org .
460The replacement script, written as a Bourne
461shell script with some enhancements, and the man page modification that
462came with it were done by
463.An Mike Makonnen Aq Mt mtm@identd.net .
464.Sh BUGS
465In order for
466.Nm
467to correctly expand variables such as
468.Va $username
469and
470.Va $randompass
471in the message sent to new users, it must let the shell evaluate
472each line of the message file.
473This means that shell commands can also be embedded in the message file.
474The
475.Nm
476utility attempts to mitigate the possibility of an attacker using this
477feature by refusing to evaluate the file if it is not owned and writable
478only by the root user.
479In addition, shell special characters and operators will have to be
480escaped when used in the message file.
481.Pp
482Also, password ageing and account expiry times are currently settable
483only in batch mode or when specified in
484.Pa /etc/adduser.conf .
485The user should be able to set them in interactive mode as well.
486