 |
Index for
Section 8 |
|
 |
Alphabetical
listing for U |
|
 |
Bottom of
page |
|
useradd(8)
NAME
useradd - Adds a new user login account
SYNOPSIS
/usr/sbin/useradd [-c comment] [-d dir [-e expire]] [-m] [-g group] [-G
group[, group...]] [-H home_dir] [-p] [-P] [-R] [-s shell] [-t type] [-u
uid [-o]] [-x extended_option] login
/usr/sbin/useradd [-mpPR] [-c comment] [-d dir] [-e expire] [-ggroup] [-G
group,group...] [-H home_dir] [-s shell] [-t type] [-u uid[o]] [-x
extended_option] login
OPTIONS
-c comment
A short description of the account, currently used as the field for the
user's full name in the user database file. The comment argument can be
any text string. If the text string contains spaces, enclose the string
in quotes.
-d dir
Specifies the home directory of the new user. If not specified, dir
defaults to base_dir/login, where base_dir is the default directory for
user login accounts and login is the name of the new login account. The
-m option is specified to create the user's home directory. The -H
option cannot be used with this option.
-m Creates the new user's home directory if it doesn't already exist. If
the directory already exists, it must have read, write and execute
permissions by group, where group is the user's primary group. See
also the -d option.
-e expire
This option is only for use on systems running in enhanced security
mode and is useful for creating temporary logins. The value of the
expire argument is a date, must be in the format 10/27/97. A blank
value ("") defeats the status of the expired date. Note that if a
two-digit year is specified, and the number is >=69 and <=99, the year
is assumed to be 19** (20th century). Otherwise the year is assumed to
be 20** (21st century). Valid date formats are:
·
mmm dd yy (Oct 27 97)
·
mmm dd ccyy (Oct 27 1997)
·
dd mmm yy (27 Oct 97)
·
dd mmm ccyy (27 Oct 1997)
·
mm-dd-yy (10-27-97)
·
mm-dd-ccyy (10-27-1997)
·
mm/dd/yy (10/27/97)
·
mm/dd/ccyy (10/27/1997)
·
mmddyy (102797)
·
mmddccyy (10271997)
·
mmdd (1027)
-f inactive
Specifies the number of days that can elapse before an inactive account
is locked automatically. A value of 0 means there is no limit. The
default value is 0. The default value can be set by combining this
option with the -D option.
-g group
The account holder's primary group. The group argument can be specified
as an existing group's identification number (GID) or character-string
name.
When used without the -D option, it specifies the primary group for the
new user login account.
-G group[,group...]
The user's secondary groups This option is a comma separated list of
groups that defines the supplementary group membership for a new user.
Groups can be specified by the group's name or by its group
identification number (GID). An error is displayed for each group that
does not exist. Duplicate groups are ignored. See the RESTRICTIONS
section for more information.
-H home_dir
The path name of the home directory location. The path name is
combined with the login name to form the full path of the home
directory. The -d option cannot be used with this option.
-p Indicates that you want to supply a password. You will be prompted to
enter the password, which will not be echoed to the screen. After
entering a password, you will be prompted to verify it by entering it a
second time.
-P Creates a PC account only. This account is usable in an environment
using the Advanced Server for UNIX (ASU). See the RESTRICTIONS section
for additional information.
-R Retires the account, without removing user directories. This option is
valid only when enhanced security is enabled.
-s shell
When used without the -D option, it specifies the full path name of the
program used as the user's login shell. If both the -D and -s options
are not specified, the user's login shell defaults to /bin/sh. The
shell argument must be a valid executable file.
When used with the -D option, it defines the system default.
-t type
Adds a local plus (+) or local minus (-) NIS user from the user
database. The value of the type parameter can be + or -.
-u uid
Specifies the user identification number (UID) of the new user. The uid
must be specified as a non-negative decimal integer.
-o Allows a user identification (UID) number to be duplicated (non-
unique). This option can be used only with the -u option.
-x extended_option
The following sets of extended_option attributes are available. You can
enter any number of options (within the character limit of the command
line) by separating each option with a space. Note that some extended
options are only available under specific system environments.
A valid command string for extended options is:
% useradd -D -g 22 -b /home -x distributed=0
The following extended options are available:
distributed=0|1
Indicates that the account is a NIS user account. This value can
be set as a default with the -D option and is incompatible with the
local option. If distributed is set to 1, local is automatically
set to 0. The system default is 1 (locked).
local=0|1
Indicates that the account is local. This value can be set as a
default with the -D option and is incompatible with the
distributed. If local is set to 1, distributed is automatically set
to 0.
administrative_lock_applied=0|1
Indicates whether or not the account is locked by the system
administrator. The value of the administrative_lock_applied=n
attribute can be 0 or 1. If set to 0, the account is not locked.
If set to 1, (the default) the account is explicitly locked by the
system administrator.
pc_synchronize=0|1
Create synchronized PC accounts if ASU is installed. You cannot use
the pc_synchronize option if the -P option is in use. See the
RESTRICTIONS section for additional information. Note that this
option can be specified as a default or on the command line.
The following extended_option attributes are available only on systems
running in enhanced security mode.
passwd_expire_time=n
Specifies the time, in days, between the last password change and
the password expiration. (A new password must be chosen.)
passwd_expire_date=date_string
The date on which the current password will expire. See the -e
option for a list of valid date formats.
passwd_choose_own=0|1
Allows the user to choose their own password.
passwd_run_generator=0|1
Forces the automatic password generator to run.
passwd_generated_length=n
Sets the number of characters for generated passwords
passwd_checked_for_obviousness=0|1
Forces the automatic password checker to run.
passwd_min_change_time=n
Sets the minimum number of days that can elapse before a password
can be changed.
passwd_lifetime=n
Sets maximum number of days that can elapse before the password
must be changed by the user.
passwd_must_change=0|1
Forces a password change.
passwd_min_length=n
Sets the minimum number of characters in a password.
passwd_max_length=n
Sets the maximum number of characters in a password.
passwd_history_limit=n
Sets the maximum number of times a password must change before it
can be reused.
logon_hours=time-string
Sets the days of the week and hours of the day during which the
account holder can log in to the account. The time string format
is an entry of Dd0000-0000 for each day and time that logins are
enabled. Time is given in a 24-hour clock format. For example to
restrict logins to Sunday, Monday and Wednesday:
Su0830-1730,Mo0830-1730,We0830-1730
The hours are restricted to 8:30AM to 5:30PM.
account_expiration=date_string
Specifies a date on which logins will be disabled automatically.
account_lifetime=n
Specifies a date on which the account will expire and will be
retired automatically.
account_inactive=n
Specifies the number of days that can elapse before an inactive
account is locked automatically.
max_login_attempts=n
Specifies the number of failed login attempts that can occur before
an account is locked automatically.
grace_limit=n
Specifies the number of days that can elapse after an account is
locked before the account will expire.
The following extended_option attributes are available for creating PC
accounts that can be assigned to client PC users on systems running
ASU:
pc_username=name_string
The user account name on the PC. This can be identical to the
user's UNIX account, or it can map to a shared account. See the
System Administration for more information on account mapping. See
the RESTRICTIONS section for more information.
pc_unix_username=login_name
The backing UNIX account name, if no name is entered it will be the
same as the PC usr account name. See the RESTRICTIONS section for
more information.
pc_fullname=text__string
The full name of the user or a description of the account.
pc_comment=text_string
A brief description of the account that is modifiable only by the
administrator.
pc_usercomment=text_string
A brief description of the account. This string can be changed by
the user.
pc_homedir=pathname
The path to the user's home directory, specified as an ASU share
format.
pc_primary_group=group
The primary ASU group (domain) to which the user belongs.
pc_secondary_groups=group,group....
The secondary ASU groups (domains) to which the user belongs. This
value is specified as a comma-delimited list.
pc_logon_workstations=client_name
A list of client host systems from which the user can log on. This
value is specified as a comma-delimited list and a null value (" ")
means that the user can log on from all workstations.
pc_logon_script=pathname
The directory where the default login script is located. This
directory is created during ASU configuration.
pc_account_type=local|global
Specifies whether the PC account is a local or global account in
the ASU domain
pc_account_expiration=date_string
Specifies the date on which the account will expire and logins will
be prevented.
pc_logon_hours=Dd0000-0000,Dd0000-0000....
Specifies the days of the week and hours of the day during which
logins will expire and logins will be permitted or denied. See
logon_hours for details of the string format.
pc_user_profile_path=pathname
Specifies the pathname to the default user profile directory.
pc_disable_account =0|1
Specifies whether the account is locked, disabling logins.
pc_passwd
A text string that will be the initial account password. Note that
you must precede the pc_passwd option with the -x option and you
will be prompted to enter a password, and then confirm the entry.
The password will not be echoed to the display.
pc_passwd_choose_own=0|1
Controls whether the user can set their own password.
pc_passwd_change_required=0|1
Forces password change during the initial login.
pc_forced_logoff=n_seconds
Specifies a forced log off when the user's account or logon time
expires. If there is a live server connection when the time
expires, and this value is set to 1, the connection will be
dropped. This option is only available with the -D option to change
the default setting. A value of -1 specifies never, meaning that
the user is not disconnected. The account expires after the user
logs off.
pc_min_passwd_age=n
Specifies the minimum number of days that can elapse before a
password can be changed by the user. This option is only available
with the -D option to change the default setting.
pc_max_passwd_age=n
Specifies the maximum number of days that can elapse before a
password must be changed by the user. This option is only available
with the -D option to change the default setting.
pc_passwd_min_length=n
Specifies the minimum number of characters in a valid password
string. This option is only available with the -D option to change
the default setting.
pc_passwd_uniqueness=n
Forces validation of the password for uniqueness. This option is
only available with the -D option to change the default setting.
This option is equivalent to the passwd_history_limit option.
login
Specifies the new login name of the user. It can be a string of any
printable characters, except a colon (:) or newline (\n) character.
DESCRIPTION
The useradd command is part of a set of command-line interfaces (CLI) that
are used to create and administer user accounts on the system. When The
Advanced Server for UNIX (ASU) is installed and running, the useradd
command can also be used to create and administer PC accounts, including
synchronized creation of PC accounts whenever an UNIX account is created.
Accounts can also be created with the /usr/bin/X11/dxaccounts graphical
user interface (GUI).
Different options are available depending on how the local system is
configured:
· In the default UNIX environment, user account management is compliant
with the IEEE POSIX Draft P13873.3 standard.
· If enhanced (C2) security is configured, additional options and
extended options can be used.
· The CLI is backwards-compatible, so all existing local scripts will
function. However, you should consider testing your legacy account
management scripts before use.
Invoking useradd without the -D option adds a new user entry to the user
database. It also creates supplementary group memberships for the user
(with the -G option) and creates the home directory for the user, if
requested with the -m option.
Invoking useradd -D with no additional options displays the system default
values that are used when creating a new login account.
With the -x option, the system administrator can specify extended options,
such as whether the user login account to be modified is local or whether
it resides in the NIS master database. If the -x option is not specified,
the user login account is modified from the appropriate database as
specified by the system defaults.
The default behavior on the system for the useradd command is distributed=0
and local=1. With these values, the system adds the user login account to
the local database by default. Setting the distributed= and local=
attributes to the same value (for example, distributed=0 and local=0)
produces an error.
If the user identification number (UID) is not specified, it defaults to
the next available (unique) number. The number is the next available UID
greater than minUID. The value nextUID specifies the next UID to use. If
not available, the next available UID greater than nextUID is used.
The user database file entries created with useradd cannot exceed 512
characters per line. Specifying long arguments to several options may
exceed this limit.
You must have superuser privilege to execute this command.
RESTRICTIONS
Note the following restrictions that apply to this release:
-P option
When creating PC only accounts, the PC account will be backed to the
UNIX account lmworld. This account must exist when adding PC only
accounts. The lmworld account is created when the ASU is installed.
When the -P option is used, the specified login is the PC account name.
When the -P option is not used, the specified login is the UNIX account
name. When the extended option pc_synchronize is used, the specified
login is the UNIX account name.
pc_unix_username extended option
The extended attribute pc_unix_username can only be used when the -P
option is specified on the command line. This extended option is used
to specify a UNIX account name when creating or modifying a PC account.
pc_username extended option
The extended attribute pc_username cannot be used when the -P option is
specified on the command line. It is used to specify a PC account name
when creating or modifying a UNIX account.
pc_synchronize extended option
The pc_synchronize option cannot be used with the -P option
Distributed accounts can only be added or modified on NIS servers.
Note that restrictions also apply when modifying existing account
attributes. Refer to the usermod(8) reference page for more information.
EXIT STATUS
The useradd command exits with one of the following values:
0 Success.
1 Failure.
2 Warning.
EXAMPLES
1. The following example adds the user, newuser, to the user database:
% useradd newuser
2. The following example enables synchronized PC accounts, and the second
command adds a user Contractor1 who will then have both a UNIX and a
PC account using the system default account set up options:
% usermod -D -x pc_synchronize=1
% useradd -x pc_logon_workstations=sofdev Contractor1
3. The following example adds the user, newuser, to the user database
with user id of 451:
% useradd -u 451 newuser
4. The following example adds the user, newuser, using the next available
UID with csh as the login shell, and creates the home directory
/basehome_dir/newuser:
% useradd -m -s /bin/csh newuser
5. The following example adds the local user, xyz, that overrides the
default home directory in the NIS master database:
% useradd -t + -d /users/xyz xyz
6. The following example changes the default base directory to
/user/users1 for all new users:
% useradd -D -b /user/users1
7. The following example adds the new user, xyz, to the NIS master
database:
% useradd -x distributed=1 xyz
8. The following example adds the new PC user, Contractor1, sets logon
hours and the logon system:
% useradd -P -x Contractor1 /
pc_logon_hours=Mo0900-2300,We0900-2300 /
pc_logon_workstations=sofdev
9. The following example adds the new PC user, Contractor1, showing the
password:
% useradd -P -x pc_passwd Contractor1
New PC password:
Retype new PC password:
Note that depending on the status of the pc_synchronize option, you
may be required to confirm the password twice, once for the UNIX
account and once for the PC account.
FILES
The useradd command operates on the appropriate files for the specific
level of system security.
SEE ALSO
Commands: groupadd(8), groupdel(8), groupmod(8), passwd(1), userdel(8),
usermod(8)
System Administration
Security
Advanced Server for UNIX administration and configuration documents.
|
Index for
Section 8 |
|
|
Alphabetical
listing for U |
|
 |
Top of
page |
|