USERADD(1M)USERADD(1M)NAMEuseradd - administer a new user login on the system
SYNOPSISuseradd [-A authorization [,authorization...]]
[-b base_dir] [-c comment] [-d dir] [-e expire]
[-f inactive] [-g group] [-G group [,group]...]
[-K key=value] [-m [-k skel_dir]] [-p projname]
[-P profile [,profile...]] [-R role [,role...]]
[-s shell] [-u uid [-o]] login
useradd-D [-A authorization [,authorization...]]
[-b base_dir] [-s shell [-k skel_dir]] [-e expire]
[-f inactive] [-g group] [-K key=value] [-p projname]
[-P profile [,profile...]] [-R role [,role...]]
DESCRIPTIONuseradd adds a new user to the /etc/passwd and /etc/shadow and
/etc/user_attr files. The -A and -P options respectively assign autho‐
rizations and profiles to the user. The -R option assigns roles to a
user. The -p option associates a project with a user. The -K option
adds a key=value pair to /etc/user_attr for the user. Multiple
key=value pairs may be added with multiple -K options.
useradd also creates supplementary group memberships for the user (-G
option) and creates the home directory (-m option) for the user if
requested. The new login remains locked until the passwd(1) command is
executed.
Specifying useradd-D with the -s, -k,-g, -b, -f, -e, -A, -P, -p, -R,
or -K option (or any combination of these options) sets the default
values for the respective fields. See the -D option, below. Subsequent
useradd commands without the -D option use these arguments.
The system file entries created with this command have a limit of 2048
characters per line. Specifying long arguments to several options can
exceed this limit.
useradd requires that usernames be in the format described in
passwd(4). A warning message is displayed if these restrictions are not
met. See passwd(4) for the requirements for usernames.
To change the action of useradd when the traditional login name length
limit of eight characters is exceeded, edit the file /etc/default/user‐
add by removing the # (pound sign) before the appropriate EXCEED_TRAD=
entry, and adding it before the others.
OPTIONS
The following options are supported:
-A authorization
One or more comma separated authorizations defined in auth_attr(4).
Only a user or role who has grant rights to the authorization can
assign it to an account.
-b base_dir
The base directory for new login home directories (see the -d
option below. When a new user account is being created, base_dir
must already exist unless the -m option or the -d option is also
specified.
-c comment
Any text string. It is generally a short description of the login,
and is currently used as the field for the user's full name. This
information is stored in the user's /etc/passwd entry.
-d dir
The home directory of the new user. It defaults to
base_dir/account_name, where base_dir is the base directory for new
login home directories and account_name is the new login name.
-D
Display the default values for group, base_dir, skel_dir, shell,
inactive, expire, proj, projname and key=value pairs. When used
with the -g, -b, -f, -e, -A, -P, -p, -R, or -K options, the -D
option sets the default values for the specified fields. The
default values are:
group
other (GID of 1)
base_dir
/home
skel_dir
/etc/skel
shell
/bin/sh
inactive
0
expire
null
auths
null
profiles
null
proj
3
projname
default
key=value (pairs defined in user_attr(4)
not present
roles
null
-e expire
Specify the expiration date for a login. After this date, no user
will be able to access this login. The expire option argument is a
date entered using one of the date formats included in the template
file /etc/datemsk. See getdate(3C).
If the date format that you choose includes spaces, it must be
quoted. For example, you can enter 10/6/90 or October 6, 1990. A
null value (" ") defeats the status of the expired date. This
option is useful for creating temporary logins.
-f inactive
The maximum number of days allowed between uses of a login ID
before that ID is declared invalid. Normal values are positive
integers. A value of 0 defeats the status.
-g group
An existing group's integer ID or character-string name. Without
the -D option, it defines the new user's primary group membership
and defaults to the default group. You can reset this default value
by invoking useradd-D -g group. GIDs 0-99 are reserved for alloca‐
tion by the Solaris Operating System.
-G group
An existing group's integer ID or character-string name. It defines
the new user's supplementary group membership. Duplicates between
group with the -g and -G options are ignored. No more than
NGROUPS_MAX groups can be specified. GIDs 0-99 are reserved for
allocation by the Solaris Operating System.
-K key=value
A key=value pair to add to the user's attributes. Multiple -K
options may be used to add multiple key=value pairs. The generic -K
option with the appropriate key may be used instead of the specific
implied key options (-A, -P, -R, -p). See user_attr(4) for a list
of valid key=value pairs. The "type" key is not a valid key for
this option. Keys may not be repeated.
-k skel_dir
A directory that contains skeleton information (such as .profile)
that can be copied into a new user's home directory. This directory
must already exist. The system provides the /etc/skel directory
that can be used for this purpose.
-m
Create the new user's home directory if it does not already exist.
If the directory already exists, it must have read, write, and exe‐
cute permissions by group, where group is the user's primary group.
-o
This option allows a UID to be duplicated (non-unique).
-P profile
One or more comma-separated execution profiles defined in
prof_attr(4).
-p projname
Name of the project with which the added user is associated. See
the projname field as defined in project(4).
-R role
One or more comma-separated execution profiles defined in
user_attr(4). Roles cannot be assigned to other roles.
-s shell
Full pathname of the program used as the user's shell on login. It
defaults to an empty field causing the system to use /bin/sh as the
default. The value of shell must be a valid executable file.
-u uid
The UID of the new user. This UID must be a non-negative decimal
integer below MAXUID as defined in <sys/param.h>. The UID defaults
to the next available (unique) number above the highest number cur‐
rently assigned. For example, if UIDs 100, 105, and 200 are
assigned, the next default UID number will be 201. UIDs 0-99 are
reserved for allocation by the Solaris Operating System.
FILES
/etc/default/useradd
/etc/datemsk
/etc/passwd
/etc/shadow
/etc/group
/etc/skel
/usr/include/limits.h
/etc/user_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌────────────────────┬─────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├────────────────────┼─────────────────┤
│Interface Stability │ Committed │
└────────────────────┴─────────────────┘
SEE ALSOpasswd(1), profiles(1), roles(1), users(1B), groupadd(1M),
groupdel(1M), groupmod(1M), grpck(1M), logins(1M), pwck(1M),
userdel(1M), usermod(1M), getdate(3C), auth_attr(4), passwd(4),
prof_attr(4), project(4), user_attr(4), attributes(5)DIAGNOSTICS
In case of an error, useradd prints an error message and exits with a
non-zero status.
The following indicates that login specified is already in use:
UX: useradd: ERROR: login is already in use. Choose another.
The following indicates that the uid specified with the -u option is
not unique:
UX: useradd: ERROR: uid uid is already in use. Choose another.
The following indicates that the group specified with the -g option is
already in use:
UX: useradd: ERROR: group group does not exist. Choose another.
The following indicates that the uid specified with the -u option is in
the range of reserved UIDs (from 0-99):
UX: useradd: WARNING: uid uid is reserved.
The following indicates that the uid specified with the -u option
exceeds MAXUID as defined in <sys/param.h>:
UX: useradd: ERROR: uid uid is too big. Choose another.
The following indicates that the /etc/passwd or /etc/shadow files do
not exist:
UX: useradd: ERROR: Cannot update system files - login cannot be created.
NOTES
The useradd utility adds definitions to only the local /etc/group,
etc/passwd, /etc/passwd, /etc/shadow, /etc/project, and /etc/user_attr
files. If a network name service such as NIS or NIS+ is being used to
supplement the local /etc/passwd file with additional entries, useradd
cannot change information supplied by the network name service. However
useradd will verify the uniqueness of the user name (or role) and user
id and the existence of any group names specified against the external
name service.
Apr 16, 2013 USERADD(1M)