1 USERADD(1M)                  Maintenance Commands                  USERADD(1M)
   2 
   3 
   4 
   5 NAME
   6        useradd - administer a new user login on the system
   7 
   8 SYNOPSIS
   9        useradd [-A authorization [,authorization...]]
  10             [-b base_dir] [-c comment] [-d dir] [-e expire]
  11             [-f inactive] [-g group] [-G group [,group]...]
  12             [-K key=value] [-m [-z|-Z] [-k skel_dir]] [-p projname]
  13             [-P profile [,profile...]] [-R role [,role...]]
  14             [-s shell] [-u uid [-o]] login
  15 
  16 
  17        useradd -D [-A authorization [,authorization...]]
  18             [-b base_dir] [-s shell [-k skel_dir]] [-e expire]
  19             [-f inactive] [-g group] [-K key=value] [-p projname]
  20             [-P profile [,profile...]] [-R role [,role...]]
  21 
  22 
  23 DESCRIPTION
  24        useradd adds a new user to the /etc/passwd and /etc/shadow and
  25        /etc/user_attr files. The -A and -P options respectively assign
  26        authorizations and profiles to the user. The -R option assigns roles to
  27        a user. The -p option associates a project with a user. The -K option
  28        adds a key=value pair to /etc/user_attr for the user. Multiple
  29        key=value pairs may be added with multiple -K options.
  30 
  31 
  32        useradd also creates supplementary group memberships for the user (-G
  33        option) and creates the home directory (-m option) for the user if
  34        requested. The new login remains locked until the passwd(1) command is
  35        executed.
  36 
  37 
  38        Specifying useradd -D with the -s, -k,-g, -b, -f, -e, -A, -P, -p, -R,
  39        or -K option (or any combination of these options) sets the default
  40        values for the respective fields. See the -D option, below. Subsequent
  41        useradd commands without the -D option use these arguments.
  42 
  43 
  44        The system file entries created with this command have a limit of 2048
  45        characters per line. Specifying long arguments to several options can
  46        exceed this limit.
  47 
  48 
  49        useradd requires that usernames be in the format described in
  50        passwd(4). A warning message is displayed if these restrictions are not
  51        met. See passwd(4) for the requirements for usernames.
  52 
  53        To change the action of useradd when the traditional login name length
  54        limit of eight characters is exceeded, edit the file
  55        /etc/default/useradd by removing the # (pound sign) before the
  56        appropriate EXCEED_TRAD= entry, and adding it before the others.
  57 
  58 OPTIONS
  59        The following options are supported:
  60 
  61        -A authorization
  62            One or more comma separated authorizations defined in auth_attr(4).
  63            Only a user or role who has grant rights to the authorization can
  64            assign it to an account.
  65 
  66 
  67        -b base_dir
  68            The base directory for new login home directories (see the -d
  69            option below. When a new user account is being created, base_dir
  70            must already exist unless the -m option or the -d option is also
  71            specified.
  72 
  73 
  74        -c comment
  75            Any text string. It is generally a short description of the login,
  76            and is currently used as the field for the user's full name. This
  77            information is stored in the user's /etc/passwd entry.
  78 
  79 
  80        -d dir
  81            The home directory of the new user. It defaults to
  82            base_dir/account_name, where base_dir is the base directory for new
  83            login home directories and account_name is the new login name.
  84 
  85 
  86        -D
  87            Display the default values for group, base_dir, skel_dir, shell,
  88            inactive, expire, proj, projname and key=value pairs. When used
  89            with the -g, -b, -f, -e, -A, -P, -p, -R, or -K options, the -D
  90            option sets the default values for the specified fields. The
  91            default values are:
  92 
  93            group
  94                other (GID of 1)
  95 
  96 
  97            base_dir
  98                /home
  99 
 100 
 101            skel_dir
 102                /etc/skel
 103 
 104 
 105            shell
 106                /bin/sh
 107 
 108 
 109            inactive
 110                0
 111 
 112 
 113            expire
 114                null
 115 
 116 
 117            auths
 118                null
 119 
 120 
 121            profiles
 122                null
 123 
 124 
 125            proj
 126                3
 127 
 128 
 129            projname
 130                default
 131 
 132 
 133            key=value (pairs defined in user_attr(4)
 134                not present
 135 
 136 
 137            roles
 138                null
 139 
 140 
 141 
 142        -e expire
 143            Specify the expiration date for a login. After this date, no user
 144            will be able to access this login. The expire option argument is a
 145            date entered using one of the date formats included in the template
 146            file /etc/datemsk. See getdate(3C).
 147 
 148            If the date format that you choose includes spaces, it must be
 149            quoted. For example, you can enter 10/6/90 or October 6, 1990. A
 150            null value (" ") defeats the status of the expired date. This
 151            option is useful for creating temporary logins.
 152 
 153 
 154        -f inactive
 155            The maximum number of days allowed between uses of a login ID
 156            before that ID is declared invalid. Normal values are positive
 157            integers. A value of 0 defeats the status.
 158 
 159 
 160        -g group
 161            An existing group's integer ID or character-string name. Without
 162            the -D option, it defines the new user's primary group membership
 163            and defaults to the default group. You can reset this default value
 164            by invoking useradd -D -g group. GIDs 0-99 are reserved for
 165            allocation by the Solaris Operating System.
 166 
 167 
 168        -G group
 169            An existing group's integer ID or character-string name. It defines
 170            the new user's supplementary group membership. Duplicates between
 171            group with the -g and -G options are ignored. No more than
 172            NGROUPS_MAX groups can be specified. GIDs 0-99 are reserved for
 173            allocation by the Solaris Operating System.
 174 
 175 
 176        -K key=value
 177            A key=value pair to add to the user's attributes. Multiple -K
 178            options may be used to add multiple key=value pairs. The generic -K
 179            option with the appropriate key may be used instead of the specific
 180            implied key options (-A, -P, -R, -p). See user_attr(4) for a list
 181            of valid key=value pairs. The "type" key is not a valid key for
 182            this option. Keys may not be repeated.
 183 
 184 
 185        -k skel_dir
 186            A directory that contains skeleton information (such as .profile)
 187            that can be copied into a new user's home directory. This directory
 188            must already exist. The system provides the /etc/skel directory
 189            that can be used for this purpose.
 190 
 191 
 192        -m [-z|-Z]
 193            Create the new user's home directory if it does not already exist.
 194            If the directory already exists, it must have read, write, and
 195            execute permissions by group, where group is the user's primary
 196            group.  CHANGE_ZFS_FS option in /etc/default/useradd file
 197            determines if ZFS filesystem will be created for new user. If this
 198            option is set to yes and parent directory of user's home directory
 199            is ZFS filesystem mount point, a new ZFS filesystem is created. -z
 200            and -Z options allow overwrite default behavior.  If -z option is
 201            specified, useradd tries to create new file system for user. If -Z
 202            option is specified, new file system is not created.
 203 
 204 
 205        -o
 206            This option allows a UID to be duplicated (non-unique).
 207 
 208 
 209        -P profile
 210            One or more comma-separated execution profiles defined in
 211            prof_attr(4).
 212 
 213 
 214        -p projname
 215            Name of the project with which the added user is associated. See
 216            the projname field as defined in project(4).
 217 
 218 
 219        -R role
 220            One or more comma-separated execution profiles defined in
 221            user_attr(4).  Roles cannot be assigned to other roles.
 222 
 223 
 224        -s shell
 225            Full pathname of the program used as the user's shell on login. It
 226            defaults to an empty field causing the system to use /bin/sh as the
 227            default. The value of shell must be a valid executable file.
 228 
 229 
 230        -u uid
 231            The UID of the new user. This UID must be a non-negative decimal
 232            integer below MAXUID as defined in <sys/param.h>. The UID defaults
 233            to the next available (unique) number above the highest number
 234            currently assigned. For example, if UIDs 100, 105, and 200 are
 235            assigned, the next default UID number will be 201. UIDs 0-99 are
 236            reserved for allocation by the Solaris Operating System.
 237 
 238 
 239 FILES
 240        /etc/default/useradd
 241 
 242 
 243        /etc/datemsk
 244 
 245 
 246        /etc/passwd
 247 
 248 
 249        /etc/shadow
 250 
 251 
 252        /etc/group
 253 
 254 
 255        /etc/skel
 256 
 257 
 258        /usr/include/limits.h
 259 
 260 
 261        /etc/user_attr
 262 
 263 ATTRIBUTES
 264        See attributes(5) for descriptions of the following attributes:
 265 
 266 
 267 
 268 
 269        +--------------------+-----------------+
 270        |  ATTRIBUTE TYPE    | ATTRIBUTE VALUE |
 271        +--------------------+-----------------+
 272        |Interface Stability | Committed       |
 273        +--------------------+-----------------+
 274 
 275 SEE ALSO
 276        passwd(1), profiles(1), roles(1), users(1B), groupadd(1M),
 277        groupdel(1M), groupmod(1M), grpck(1M), logins(1M), pwck(1M),
 278        userdel(1M), usermod(1M), getdate(3C), auth_attr(4), passwd(4),
 279        prof_attr(4), project(4), user_attr(4), attributes(5)
 280 
 281 DIAGNOSTICS
 282        In case of an error, useradd prints an error message and exits with a
 283        non-zero status.
 284 
 285 
 286        The following indicates that login specified is already in use:
 287 
 288          UX: useradd: ERROR: login is already in use. Choose another.
 289 
 290 
 291 
 292 
 293        The following indicates that the uid specified with the -u option is
 294        not unique:
 295 
 296          UX: useradd: ERROR: uid uid is already in use. Choose another.
 297 
 298 
 299 
 300 
 301        The following indicates that the group specified with the -g option is
 302        already in use:
 303 
 304          UX: useradd: ERROR: group group does not exist. Choose another.
 305 
 306 
 307 
 308 
 309        The following indicates that the uid specified with the -u option is in
 310        the range of reserved UIDs (from 0-99):
 311 
 312          UX: useradd: WARNING: uid uid is reserved.
 313 
 314 
 315 
 316 
 317        The following indicates that the uid specified with the -u option
 318        exceeds MAXUID as defined in <sys/param.h>:
 319 
 320          UX: useradd: ERROR: uid uid is too big. Choose another.
 321 
 322 
 323 
 324 
 325        The following indicates that the /etc/passwd or /etc/shadow files do
 326        not exist:
 327 
 328          UX: useradd: ERROR: Cannot update system files - login cannot be created.
 329 
 330 
 331 
 332 NOTES
 333        The useradd utility adds definitions to only the local /etc/group,
 334        etc/passwd, /etc/passwd, /etc/shadow, /etc/project, and /etc/user_attr
 335        files. If a network name service such as NIS or NIS+ is being used to
 336        supplement the local /etc/passwd file with additional entries, useradd
 337        cannot change information supplied by the network name service. However
 338        useradd will verify the uniqueness of the user name (or role) and user
 339        id and the existence of any group names specified against the external
 340        name service.
 341 
 342 
 343 
 344                                 April 16, 2013                     USERADD(1M)