[Pkg-shadow-devel] Bug#1005253: shadow: Improved manual page useradd.8
Markus Hiereth
translation at hiereth.de
Wed Feb 9 22:18:04 GMT 2022
Source: shadow
Version: 4.8.1
Severity: normal
Dear Serge,
attached to this bugreport the improved file useradd.8.xml and a diff.
A last check is certainly reasonable.
Best regards
Markus
-------------- next part --------------
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 1991 - 1994, Julianne Frances Haugh
Copyright (c) 2007 - 2011, Nicolas Fran?ois
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the copyright holders or contributors may not be used to
endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
<!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
<!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
<!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
<!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
<!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
<!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
<!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
<!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
<!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
<!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
<!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
<!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
<refentry id='useradd.8'>
<!-- $Id$ -->
<refentryinfo>
<author>
<firstname>Julianne Frances</firstname>
<surname>Haugh</surname>
<contrib>Creation, 1991</contrib>
</author>
<author>
<firstname>Thomas</firstname>
<surname>K?oczko</surname>
<email>kloczek at pld.org.pl</email>
<contrib>shadow-utils maintainer, 2000 - 2007</contrib>
</author>
<author>
<firstname>Nicolas</firstname>
<surname>Fran?ois</surname>
<email>nicolas.francois at centraliens.net</email>
<contrib>shadow-utils maintainer, 2007 - now</contrib>
</author>
</refentryinfo>
<refmeta>
<refentrytitle>useradd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
<refmiscinfo class="source">shadow-utils</refmiscinfo>
<refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>useradd</refname>
<refpurpose>create a new user or update default new user information</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>useradd</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
<arg choice='plain'><replaceable>LOGIN</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>useradd</command>
<arg choice='plain'>-D </arg>
</cmdsynopsis>
<cmdsynopsis>
<command>useradd</command>
<arg choice='plain'>-D </arg>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
When invoked without the <option>-D</option> option, the
<command>useradd</command> command creates a new user account using
the values specified on the command line plus the default values from
the system. Depending on command line options, the
<command>useradd</command> command
will update system files and may also create the new user's home
directory and copy initial files.
</para>
<para>
By default, a group will also be created for the new user (see
<option>-g</option>, <option>-N</option>, <option>-U</option>, and
<option>USERGROUPS_ENAB</option>).
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>The options which apply to the <command>useradd</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>--badname</option>
</term>
<listitem>
<para>
Allow names that do not conform to standards.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-b</option>, <option>--base-dir</option> <replaceable>BASE_DIR</replaceable>
</term>
<listitem>
<para>
The default base directory for the system if
<option>-d</option> <replaceable>HOME_DIR</replaceable>
is not specified. <replaceable>BASE_DIR</replaceable> is
concatenated with the account name to define the home
directory.
</para>
<para>
If this option is not specified, <command>useradd</command>
will use the base directory specified by the
<option>HOME</option> variable in
<filename>/etc/default/useradd</filename>, or
<filename>/home</filename> by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-c</option>, <option>--comment</option> <replaceable>COMMENT</replaceable>
</term>
<listitem>
<para>
Any text string. It is generally a short description of the
account, and is currently used as the field for the user's full
name.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-d</option>, <option>--home-dir</option> <replaceable>HOME_DIR</replaceable>
</term>
<listitem>
<para>
The new user will be created using
<replaceable>HOME_DIR</replaceable> as the value for the
user's login directory. The default is to append the
<replaceable>LOGIN</replaceable> name to
<replaceable>BASE_DIR</replaceable> and use that as the
login directory name. If the directory
<replaceable>HOME_DIR</replaceable> does not exist, then
it will be created unless the <option>-M</option> option
is specified.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-D</option>, <option>--defaults</option>
</term>
<listitem>
<para>
See below, the subsection "Changing the default values".
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-e</option>, <option>--expiredate</option> <replaceable>EXPIRE_DATE</replaceable>
</term>
<listitem>
<para>
The date on which the user account will be disabled. The date is
specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
</para>
<para>
If not specified, <command>useradd</command> will use the
default expiry date specified by the <option>EXPIRE</option>
variable in <filename>/etc/default/useradd</filename>, or
an empty string (no expiry) by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-f</option>, <option>--inactive</option> <replaceable>INACTIVE</replaceable>
</term>
<listitem>
<para>
defines the number of days after the password exceeded its maximum
age where the user is expected to replace this password. The value
is stored in the shadow password file. An input of 0 will disable an
expired password with no delay. An input of -1 will blank the
respective field in the shadow password file. See <citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>for more information.
</para>
<para>
If not specified, <command>useradd</command> will use the
default inactivity onset specified by the
<option>INACTIVE</option> variable in
<filename>/etc/default/useradd</filename>, or -1 by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option>, <option>--gid</option> <replaceable>GROUP</replaceable>
</term>
<listitem>
<!--MH35-->
<para>
The name or the number of the user's primary group. The
group name must exist. A group number must refer to an already
existing group.
</para>
<para>
If not specified, the behavior of <command>useradd</command>
will depend on the <option>USERGROUPS_ENAB</option> variable
in <filename>/etc/login.defs</filename>. If this variable is
set to <replaceable>yes</replaceable> (or
<option>-U/--user-group</option> is specified on the command
line), a group will be created for the user, with the same
name as the loginname. If the variable is set to
<replaceable>no</replaceable> (or
<option>-N/--no-user-group</option> is specified on the
command line), useradd will set the primary group of the new
user to the value specified by the <option>GROUP</option>
variable in <filename>/etc/default/useradd</filename>, or
100 by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-G</option>, <option>--groups</option> <replaceable>GROUP1</replaceable>[<emphasis remap='I'>,GROUP2,...</emphasis>[<emphasis remap='I'>,GROUPN</emphasis>]]]
</term>
<listitem>
<para>
A list of supplementary groups which the user is also a member
of. Each group is separated from the next by a comma, with no
intervening whitespace. The groups are subject to the same
restrictions as the group given with the <option>-g</option>
option. The default is for the user to belong only to the
initial group.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>, <option>--help</option></term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-k</option>, <option>--skel</option> <replaceable>SKEL_DIR</replaceable>
</term>
<listitem>
<para>
The skeleton directory, which contains files and directories
to be copied in the user's home directory, when the home
directory is created by <command>useradd</command>.
</para>
<para>
This option is only valid if the <option>-m</option> (or
<option>--create-home</option>) option is specified.
</para>
<para>
If this option is not set, the skeleton directory is defined
by the <option>SKEL</option> variable in
<filename>/etc/default/useradd</filename> or, by default,
<filename>/etc/skel</filename>.
</para>
<para>
If possible, the ACLs and extended attributes are copied.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-K</option>, <option>--key</option> <replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable>
</term>
<listitem>
<para>
Overrides <filename>/etc/login.defs</filename> defaults
(<option>UID_MIN</option>, <option>UID_MAX</option>,
<option>UMASK</option>, <option>PASS_MAX_DAYS</option>
and others).
</para>
<para>
Example:
<option>-K</option> <replaceable>PASS_MAX_DAYS
</replaceable>=<replaceable>-1</replaceable> can be used
when creating an account to turn off password aging.
Multiple <option>-K</option> options can be specified,
e.g.:
<option>-K</option> <replaceable>UID_MIN</replaceable>
=<replaceable>100</replaceable> <option>-K</option>
<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
</para>
<!--para>
Note: <option>-K</option> <replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
doesn't work yet.
</para-->
</listitem>
</varlistentry>
<varlistentry>
<term><option>-l</option>, <option>--no-log-init</option></term>
<listitem>
<para>
Do not add the user to the lastlog and faillog databases.
</para>
<para>
By default, the user's entries in the lastlog and faillog
databases are reset to avoid reusing the entry from a previously
deleted user.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-m</option>, <option>--create-home</option>
</term>
<listitem>
<para>
Create the user's home directory if it does not exist.
The files and directories contained in the skeleton directory
(which can be defined with the <option>-k</option> option)
will be copied to the home directory.
</para>
<para>
By default, if this option is not specified and
<option>CREATE_HOME</option> is not enabled, no home
directories are created.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-M</option>, <option>--no-create-home</option>
</term>
<listitem>
<para>
Do no create the user's home directory, even if the system
wide setting from <filename>/etc/login.defs</filename>
(<option>CREATE_HOME</option>) is set to
<replaceable>yes</replaceable>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-N</option>, <option>--no-user-group</option>
</term>
<listitem>
<para>
Do not create a group with the same name as the user, but
add the user to the group specified by the <option>-g</option>
option or by the <option>GROUP</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
<para>
The default behavior (if the <option>-g</option>,
<option>-N</option>, and <option>-U</option> options are not
specified) is defined by the <option>USERGROUPS_ENAB</option>
variable in <filename>/etc/login.defs</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-o</option>, <option>--non-unique</option>
</term>
<listitem>
<para>
allows the creation of an account with an already existing
UID.
</para>
<para>
This option is only valid in combination with the
<option>-u</option> option. As a user identity
serves as
key to map between users on one hand and permissions, file
ownerships and other aspects that determine the system's
behavior on the other hand, more than one login name
will access the account of the given UID.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-p</option>, <option>--password</option> <replaceable>PASSWORD</replaceable>
</term>
<listitem>
<!--MH37-->
<para>
defines an initial password for the account. PASSWORD is expected to
be encrypted, as returned by <citerefentry><refentrytitle>crypt
</refentrytitle><manvolnum>3</manvolnum></citerefentry>. Within a
shell script, this option allows to create efficiently
batches of users.
</para>
<para>
Without this option, the new account will be locked and
with no password defined, i.e. a single exclamation mark
in the respective field of
<filename>/etc/shadow</filename>. This is a state where the
user won't be able to access the account or to define a
password himself.
</para>
<para>
<emphasis role="bold">Note:</emphasis>Avoid this option on the command
line because the password (or encrypted password) will
be visible by users listing the processes.
</para>
<para>
You should make sure the password respects the system's
password policy.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-r</option>, <option>--system</option>
</term>
<listitem>
<para>
Create a system account.
</para>
<para>
System users will be created with no aging information in
<filename>/etc/shadow</filename>, and their numeric
identifiers are chosen in the
<option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option>
range, defined in <filename>/etc/login.defs</filename>, instead of
<option>UID_MIN</option>-<option>UID_MAX</option> (and their
<option>GID</option> counterparts for the creation of groups).
</para>
<para>
Note that <command>useradd</command> will not create a home
directory for such a user, regardless of the default setting
in <filename>/etc/login.defs</filename>
(<option>CREATE_HOME</option>). You have to specify the
<option>-m</option> options if you want a home directory for a
system account to be created.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-R</option>, <option>--root</option> <replaceable>CHROOT_DIR</replaceable>
</term>
<listitem>
<para>
Apply changes in the <replaceable>CHROOT_DIR</replaceable>
directory and use the configuration files from the
<replaceable>CHROOT_DIR</replaceable> directory.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-P</option>, <option>--prefix</option> <replaceable>PREFIX_DIR</replaceable>
</term>
<listitem>
<para>
Apply changes in the <replaceable>PREFIX_DIR</replaceable>
directory and use the configuration files from the
<replaceable>PREFIX_DIR</replaceable> directory.
This option does not chroot and is intended for preparing
a cross-compilation target.
Some limitations: NIS and LDAP users/groups are not verified.
PAM authentication is using the host files.
No SELINUX support.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>, <option>--shell</option> <replaceable>SHELL</replaceable>
</term>
<listitem>
<para>
sets the path to the user's login shell. Without this option,
the system will use the <option>SHELL</option> variable specified
in <filename>/etc/default/useradd</filename>, or, if that is as
well not set, the field for the login shell in <filename>/etc/passwd
</filename>remains empty.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u</option>, <option>--uid</option> <replaceable>UID</replaceable>
</term>
<listitem>
<para>
The numerical value of the user's ID. This value must be unique,
unless the <option>-o</option> option is used. The value must be
non-negative. The default is to use the smallest ID value
greater than or equal to <option>UID_MIN</option> and greater
than every other user.
</para>
<para>
See also the <option>-r</option> option and the
<option>UID_MAX</option> description.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-U</option>, <option>--user-group</option>
</term>
<listitem>
<para>
Create a group with the same name as the user, and
add the user to this group.
</para>
<para>
The default behavior (if the <option>-g</option>,
<option>-N</option>, and <option>-U</option> options are not
specified) is defined by the <option>USERGROUPS_ENAB</option>
variable in <filename>/etc/login.defs</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-Z</option>, <option>--selinux
-user</option> <replaceable>SEUSER</replaceable>
</term>
<listitem>
<para>
defines the SELinux user for the new account. Without this
option, a SELinux uses the default user. Note that the
shadow system doesn't store the selinux-user, it uses
<citerefentry><refentrytitle>semanage</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> for that.
</para>
</listitem>
</varlistentry>
</variablelist>
<refsect2 id='changing_the_default_values'>
<title>Changing the default values</title>
<para>
When invoked with only the <option>-D</option> option,
<command>useradd</command> will display the current default values.
When invoked with <option>-D</option> plus other options,
<command>useradd</command> will update the default values for the
specified options. Valid default-changing options are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-b</option>, <option>--base-dir</option> <replaceable>BASE_DIR</replaceable>
</term>
<listitem>
<para>
The path prefix for new users' home directory. The
user's name will be affixed to the end of
<replaceable>BASE_DIR</replaceable> to form the new user's
home directory name, if the <option>-d</option> option is not used
when creating a new account.
</para>
<para>
This option sets the <option>HOME</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-e</option>, <option>--expiredate</option> <replaceable>EXPIRE_DATE</replaceable>
</term>
<listitem>
<!--MH43-->
<para>The date on which newly created user accounts are disabled.</para>
<para>
This option sets the <option>EXPIRE</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-f</option>, <option>--inactive</option> <replaceable>INACTIVE</replaceable>
</term>
<listitem>
<!--MH44--><!--MH45-->
<para>
defines the number of days after the password exceeded its maximum
age where the user is expected to replace this password. See <citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>for more information.
</para>
<para>
This option sets the <option>INACTIVE</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option>, <option>--gid</option> <replaceable>GROUP</replaceable>
</term>
<listitem>
<para>sets the default primary group for newly created users,
accepting group names or a numerical group ID. The named
group must exist, and the GID must have an
existing entry.
</para>
<para>
This option sets the <option>GROUP</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>, <option>--shell</option> <replaceable>SHELL</replaceable>
</term>
<listitem>
<!--MH50-->
<para>
defines the default login shell for new users.
</para>
<para>
This option sets the <option>SHELL</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect2>
</refsect1>
<refsect1 id='notes'>
<title>NOTES</title>
<para>The system administrator is responsible for placing the default
user files in the <filename>/etc/skel/</filename> directory (or any
other skeleton directory specified in
<filename>/etc/default/useradd</filename> or on the command line).
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
You may not add a user to a NIS or LDAP group. This must be
performed on the corresponding server.
</para>
<para>
Similarly, if the username already exists in an external user
database such as NIS or LDAP, <command>useradd</command> will deny
the user account creation request.
</para>
<para>
Usernames must start with a lower case letter or an underscore,
followed by lower case letters, digits, underscores, or dashes.
They can end with a dollar sign.
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
</para>
<para>
Usernames may only be up to 32 characters long.
</para>
</refsect1>
<refsect1 id='configuration'>
<title>CONFIGURATION</title>
<para>
The following configuration variables in
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<variablelist>
&CREATE_HOME;
&GID_MAX; <!-- documents also GID_MIN -->
&HOME_MODE;
&LASTLOG_UID_MAX;
&MAIL_DIR;
&MAX_MEMBERS_PER_GROUP;
&PASS_MAX_DAYS;
&PASS_MIN_DAYS;
&PASS_WARN_AGE;
&SUB_GID_COUNT; <!-- documents also SUB_GID_MAX and SUB_GID_MIN -->
&SUB_UID_COUNT; <!-- documents also SUB_UID_MAX and SUB_UID_MIN -->
&SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
&SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
&TCB_AUTH_GROUP;
&TCB_SYMLINKS;
&UID_MAX; <!-- documents also UID_MIN -->
&UMASK;
&USE_TCB;
&USERGROUPS_ENAB;
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>User account information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>Secure user account information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>Group account information.</para>
</listitem>
</varlistentry>
<varlistentry condition="gshadow">
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>Secure group account information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/default/useradd</filename></term>
<listitem>
<para>Default values for account creation.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/skel/</filename></term>
<listitem>
<para>Directory containing default files.</para>
</listitem>
</varlistentry>
<varlistentry condition="subids">
<term><filename>/etc/subgid</filename></term>
<listitem>
<para>Per user subordinate group IDs.</para>
</listitem>
</varlistentry>
<varlistentry condition="subids">
<term><filename>/etc/subuid</filename></term>
<listitem>
<para>Per user subordinate user IDs.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>Shadow password suite configuration.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>useradd</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>1</replaceable></term>
<listitem>
<para>can't update password file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>3</replaceable></term>
<listitem>
<para>invalid argument to option</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>4</replaceable></term>
<listitem>
<para>UID already in use (and no <option>-o</option>)</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>6</replaceable></term>
<listitem>
<para>specified group doesn't exist</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>9</replaceable></term>
<listitem>
<para>username already in use</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>10</replaceable></term>
<listitem>
<para>can't update group file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>12</replaceable></term>
<listitem>
<para>can't create home directory</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>14</replaceable></term>
<listitem>
<para>can't update SELinux user mapping</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>newusers</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<phrase condition="subids">
<citerefentry>
<refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
</phrase>
<citerefentry>
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
-------------- next part --------------
--- shadow-4.8.1/man/useradd.8.xml 2020-01-17 16:47:56.000000000 +0100
+++ shadow-4.8.1_mh/man/useradd.8.xml 2022-02-09 23:09:13.241687932 +0100
@@ -143,11 +143,11 @@
</term>
<listitem>
<para>
- The default base directory for the system if <option>-d</option> <replaceable>HOME_DIR</replaceable> is not specified.
- <replaceable>BASE_DIR</replaceable> is
- concatenated with the account name to define the home directory.
- If the <option>-m</option> option is not used,
- <replaceable>BASE_DIR</replaceable> must exist.
+ The default base directory for the system if
+ <option>-d</option> <replaceable>HOME_DIR</replaceable>
+ is not specified. <replaceable>BASE_DIR</replaceable> is
+ concatenated with the account name to define the home
+ directory.
</para>
<para>
If this option is not specified, <command>useradd</command>
@@ -165,7 +165,7 @@
<listitem>
<para>
Any text string. It is generally a short description of the
- login, and is currently used as the field for the user's full
+ account, and is currently used as the field for the user's full
name.
</para>
</listitem>
@@ -177,12 +177,14 @@
<listitem>
<para>
The new user will be created using
- <replaceable>HOME_DIR</replaceable> as the value for the user's
- login directory. The default is to append the
+ <replaceable>HOME_DIR</replaceable> as the value for the
+ user's login directory. The default is to append the
<replaceable>LOGIN</replaceable> name to
- <replaceable>BASE_DIR</replaceable> and use that as the login
- directory name. The directory <replaceable>HOME_DIR</replaceable>
- does not have to exist but will not be created if it is missing.
+ <replaceable>BASE_DIR</replaceable> and use that as the
+ login directory name. If the directory
+ <replaceable>HOME_DIR</replaceable> does not exist, then
+ it will be created unless the <option>-M</option> option
+ is specified.
</para>
</listitem>
</varlistentry>
@@ -219,14 +221,17 @@
</term>
<listitem>
<para>
- The number of days after a password expires until the account is
- permanently disabled. A value of 0 disables the account as soon
- as the password has expired, and a value of -1 disables the
- feature.
+ defines the number of days after the password exceeded its maximum
+ age where the user is expected to replace this password. The value
+ is stored in the shadow password file. An input of 0 will disable an
+ expired password with no delay. An input of -1 will blank the
+ respective field in the shadow password file. See <citerefentry>
+ <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>for more information.
</para>
<para>
If not specified, <command>useradd</command> will use the
- default inactivity period specified by the
+ default inactivity onset specified by the
<option>INACTIVE</option> variable in
<filename>/etc/default/useradd</filename>, or -1 by default.
</para>
@@ -237,8 +242,9 @@
<option>-g</option>, <option>--gid</option> <replaceable>GROUP</replaceable>
</term>
<listitem>
+ <!--MH35-->
<para>
- The group name or number of the user's initial login group. The
+ The name or the number of the user's primary group. The
group name must exist. A group number must refer to an already
existing group.
</para>
@@ -249,7 +255,7 @@
set to <replaceable>yes</replaceable> (or
<option>-U/--user-group</option> is specified on the command
line), a group will be created for the user, with the same
- name as her loginname. If the variable is set to
+ name as the loginname. If the variable is set to
<replaceable>no</replaceable> (or
<option>-N/--no-user-group</option> is specified on the
command line), useradd will set the primary group of the new
@@ -315,14 +321,17 @@
(<option>UID_MIN</option>, <option>UID_MAX</option>,
<option>UMASK</option>, <option>PASS_MAX_DAYS</option>
and others).
- <para>
</para>
- Example: <option>-K</option> <replaceable>PASS_MAX_DAYS</replaceable>=<replaceable>-1</replaceable>
- can be used when creating system account to turn off password
- aging, even though system account has no password at all.
- Multiple <option>-K</option> options can be specified, e.g.:
- <option>-K</option> <replaceable>UID_MIN</replaceable>=<replaceable>100</replaceable>
- <option>-K</option> <replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
+ <para>
+ Example:
+ <option>-K</option> <replaceable>PASS_MAX_DAYS
+ </replaceable>=<replaceable>-1</replaceable> can be used
+ when creating an account to turn off password aging.
+ Multiple <option>-K</option> options can be specified,
+ e.g.:
+ <option>-K</option> <replaceable>UID_MIN</replaceable>
+ =<replaceable>100</replaceable> <option>-K</option>
+ <replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
</para>
<!--para>
Note: <option>-K</option> <replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
@@ -398,10 +407,18 @@
<option>-o</option>, <option>--non-unique</option>
</term>
<listitem>
- <para>Allow the creation of a user account with a duplicate (non-unique) UID.</para>
+ <para>
+ allows the creation of an account with an already existing
+ UID.
+ </para>
<para>
This option is only valid in combination with the
- <option>-u</option> option.
+ <option>-u</option> option. As a user identity
+ serves as
+ key to map between users on one hand and permissions, file
+ ownerships and other aspects that determine the system's
+ behavior on the other hand, more than one login name
+ will access the account of the given UID.
</para>
</listitem>
</varlistentry>
@@ -410,14 +427,25 @@
<option>-p</option>, <option>--password</option> <replaceable>PASSWORD</replaceable>
</term>
<listitem>
+ <!--MH37-->
<para>
- The encrypted password, as returned by <citerefentry>
- <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry>. The default is to disable the password.
+ defines an initial password for the account. PASSWORD is expected to
+ be encrypted, as returned by <citerefentry><refentrytitle>crypt
+ </refentrytitle><manvolnum>3</manvolnum></citerefentry>. Within a
+ shell script, this option allows to create efficiently
+ batches of users.
</para>
<para>
- <emphasis role="bold">Note:</emphasis> This option is not
- recommended because the password (or encrypted password) will
+ Without this option, the new account will be locked and
+ with no password defined, i.e. a single exclamation mark
+ in the respective field of
+ <filename>/etc/shadow</filename>. This is a state where the
+ user won't be able to access the account or to define a
+ password himself.
+ </para>
+ <para>
+ <emphasis role="bold">Note:</emphasis>Avoid this option on the command
+ line because the password (or encrypted password) will
be visible by users listing the processes.
</para>
<para>
@@ -488,11 +516,11 @@
</term>
<listitem>
<para>
- The name of the user's login shell. The default is to leave this
- field blank, which causes the system to select the default login
- shell specified by the <option>SHELL</option> variable in
- <filename>/etc/default/useradd</filename>, or an empty string
- by default.
+ sets the path to the user's login shell. Without this option,
+ the system will use the <option>SHELL</option> variable specified
+ in <filename>/etc/default/useradd</filename>, or, if that is as
+ well not set, the field for the login shell in <filename>/etc/passwd
+ </filename>remains empty.
</para>
</listitem>
</varlistentry>
@@ -533,13 +561,16 @@
</varlistentry>
<varlistentry>
<term>
- <option>-Z</option>, <option>--selinux-user</option> <replaceable>SEUSER</replaceable>
+ <option>-Z</option>, <option>--selinux
+ -user</option> <replaceable>SEUSER</replaceable>
</term>
<listitem>
<para>
- The SELinux user for the user's login. The default is to leave this
- field blank, which causes the system to select the default SELinux
- user.
+ defines the SELinux user for the new account. Without this
+ option, a SELinux uses the default user. Note that the
+ shadow system doesn't store the selinux-user, it uses
+ <citerefentry><refentrytitle>semanage</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> for that.
</para>
</listitem>
</varlistentry>
@@ -561,7 +592,7 @@
</term>
<listitem>
<para>
- The path prefix for a new user's home directory. The
+ The path prefix for new users' home directory. The
user's name will be affixed to the end of
<replaceable>BASE_DIR</replaceable> to form the new user's
home directory name, if the <option>-d</option> option is not used
@@ -578,7 +609,8 @@
<option>-e</option>, <option>--expiredate</option> <replaceable>EXPIRE_DATE</replaceable>
</term>
<listitem>
- <para>The date on which the user account is disabled.</para>
+ <!--MH43-->
+ <para>The date on which newly created user accounts are disabled.</para>
<para>
This option sets the <option>EXPIRE</option> variable in
<filename>/etc/default/useradd</filename>.
@@ -590,9 +622,12 @@
<option>-f</option>, <option>--inactive</option> <replaceable>INACTIVE</replaceable>
</term>
<listitem>
+ <!--MH44--><!--MH45-->
<para>
- The number of days after a password has expired before the
- account will be disabled.
+ defines the number of days after the password exceeded its maximum
+ age where the user is expected to replace this password. See <citerefentry>
+ <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>for more information.
</para>
<para>
This option sets the <option>INACTIVE</option> variable in
@@ -605,13 +640,9 @@
<option>-g</option>, <option>--gid</option> <replaceable>GROUP</replaceable>
</term>
<listitem>
- <para>
- The group name or ID for a new user's initial group (when
- the <option>-N/--no-user-group</option> is used or when the
- <option>USERGROUPS_ENAB</option> variable is set to
- <replaceable>no</replaceable> in
- <filename>/etc/login.defs</filename>). The named
- group must exist, and a numerical group ID must have an
+ <para>sets the default primary group for newly created users,
+ accepting group names or a numerical group ID. The named
+ group must exist, and the GID must have an
existing entry.
</para>
<para>
@@ -625,8 +656,9 @@
<option>-s</option>, <option>--shell</option> <replaceable>SHELL</replaceable>
</term>
<listitem>
+ <!--MH50-->
<para>
- The name of a new user's login shell.
+ defines the default login shell for new users.
</para>
<para>
This option sets the <option>SHELL</option> variable in
More information about the Pkg-shadow-devel
mailing list