unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



useradd(8)							   useradd(8)



NAME

  useradd - Adds a new user login account

SYNOPSIS

  /usr/sbin/useradd [-c	comment] [-d dir |-H home_dir] [-e expire] [-g group]
  [-G group[,group...]]	[-m] [-p] [-P] [-s shell] [-t type] [-u	uid [-o]] [-x
  extended_option] login

  /usr/sbin/useradd -D [-d home_dir] [-e expire] [-f inactive] [-g group]
  [-sshell] </arg> [-x extended_option]

OPTIONS

  -c comment
	  A short description of the account, currently	used as	the field for
	  the user's full name in the user database file. The comment argu-
	  ment can be any text string. If the text string contains spaces,
	  enclose the string in	quotes.

  -d dir  Specifies the	home directory of the new user.	If not specified, dir
	  defaults to home_dir/login, where home_dir is	the default directory
	  for user login accounts and login is the name	of the new login
	  account. The -m option must be specified to create the user's	home
	  directory

	  The -H cannot	be used	with this option.

  -D	  Displays and sets the	default	values used by the account management
	  utilities for	user and group information.

	  When used without arguments, this flag displays the default values.
	  If invoked with any combination of the flags listed by the usermod
	  -D command, it sets the default values for those flags. Subsequent
	  invocations of useradd or usermod use	these new defaults.

  -e expire
	  This option is only for use on systems running in enhanced security
	  mode and is useful for creating temporary logins. The	value of the
	  expire argument is a date, and must be in one	of the valid formats
	  listed below.	A blank	value ("") defeats the status of the expired
	  date.	Note that if a two-digit year is specified, and	the number is
	  >=69 and <=99, the year is assumed to	be 19**	(20th century).	Oth-
	  erwise the year is assumed to	be 20**	(21st century).	The following
	  date formats are valid:

	    +  mmm dd yy (Oct 27 97)

	    +  mmm dd ccyy (Oct	27 1997)

	    +  dd mmm yy (27 Oct 97)

	    +  dd mmm ccyy (27 Oct 1997)

	    +  mm-dd-yy	(10-27-97)

	    +  mm-dd-ccyy (10-27-1997)

	    +  mm/dd/yy	(10/27/97)

	    +  mm/dd/ccyy (10/27/1997)

	    +  mmddyy (102797)

	    +  mmddccyy	(10271997)

	    +  mmdd (1027)

  -f inactive
	  This option is only for use on systems running in enhanced security
	  mode and specifies the number	of days	that can elapse	before an
	  inactive account is locked automatically. A value of 0 means there
	  is no	limit. The default value is 0.

	  The default value for	new accounts can be set	by combining this
	  option with the -D option.

  -g group
	  The account holder's primary group. The group	argument can be
	  specified as an existing group's identification number (GID) or
	  character-string name.

	  The default value for	new accounts can be set	by combining this
	  option with the -D option.

  -G group[,group...]
	  The user's secondary groups. This option is a	comma separated	list
	  of groups that defines the supplementary group membership for	a new
	  user.	Groups can be specified	by the group's name or by its group
	  identification number	(GID). An error	is displayed for each group
	  that does not	exist. Duplicate groups	are ignored. See the RESTRIC-
	  TIONS	section	for more information.

  -H home_dir
	  The path name	of the home directory location.	The path name is com-
	  bined	with the login name to form the	user's home directory. The -m
	  must be specified to create the user's home directory.

  -m	  Creates the new user's home directory	if it doesn't already exist.
	  If the directory already exists, it must have	read, write and	exe-
	  cute permissions by group, where group is the	user's primary group.
	  See also the -d and -H options.

  -p	  Indicates that you want to supply a password.	You will be prompted
	  to enter the password, which will not	be echoed to the screen.
	  After	entering a password, you will be prompted to verify it by
	  entering it a	second time.

  -P	  Creates a PC account only. This account is usable in an environment
	  using	the Advanced Server for	UNIX (ASU). See	the RESTRICTIONS sec-
	  tion for additional information.

  -s shell
	  Specifies the	full path name of the program used as the user's
	  login	shell. The shell argument must be a valid executable file.

	  The default value for	new accounts can be set	by combining this
	  option with the -D. If no default shell has been set,	the login
	  shell	for new	users will be /bin/sh.

  -t type Adds a local plus (+)	or local minus (-) NIS user from the user
	  database. The	value of the type parameter can	be + or	-.

  -u uid  Specifies the	user identification number (UID) of the	new user. The
	  uid must be specified	as a non-negative decimal integer.

  -o	  Allows a user	identification (UID) number to be duplicated (non-
	  unique). This	option can be used only	with the -u option.

  -x extended_option [extended_option...]
	  Extended options are of the form attribute=value. You	may enter any
	  number of extended options (within the character limit of the	com-
	  mand line) by	separating each	option with a space. Alternatively,
	  they may be entered separately following the -x switch. Note that
	  some extended	options	are only available under specific system
	  environments.

	  A valid command string for extended options is:
	       % useradd -D -g 22 -b /home -x distributed=0

	  The following	extended options are available:

	  local=0|1
		  Indicates that the account is	local. This value can be set
		  as a default with the	-D option and is incompatible with
		  the distributed option. If local is set to 1,	distributed
		  is automatically set to 0.

	  distributed=0|1
		  Indicates that the account is	a NIS user account. This
		  value	can be set as a	default	with the -D option and is
		  incompatible with the	local option. If distributed is	set
		  to 1,	local is automatically set to 0. You must be on	the
		  NIS master to	add a NIS user.

	  administrative_lock_applied=0|1
		  Indicates whether the	account	is to be locked	by the system
		  administrator. If set	to 0, the account is not locked. If
		  set to 1, (the default) the account is explicitly locked
		  and the user cannot log in to	the system.

	  The following	extended_option	attributes are available only on sys-
	  tems running in enhanced security mode.

	  passwd_expire_time=n
		  Specifies the	time, in days, between the last	password
		  change and the password expiration. (A new password must be
		  chosen.)

	  passwd_expire_date=date_string
		  The date on which the	current	password will expire. See the
		  -e option for	a list of valid	date formats.

	  passwd_choose_own=0|1
		  Allows the user to choose his	or her own password.

	  passwd_run_generator=0|1
		  Forces the automatic password	generator to run.

	  passwd_generated_length=n
		  Sets the maximum number of characters	for generated pass-
		  words.

	  passwd_checked_for_obviousness=0|1
		  Forces the automatic password	checker	to run.

	  passwd_min_change_time=n
		  Sets the minimum number of days that can elapse before a
		  password can be changed.

	  passwd_lifetime=n
		  Sets maximum number of days that can elapse before the
		  password must	be changed by the user.

	  passwd_must_change=0|1
		  Forces a password change.

	  passwd_min_length=n
		  Sets the minimum number of characters	in a password.

	  passwd_max_length=n
		  Sets the maximum number of characters	in a password.

	  passwd_history_limit=n
		  Sets the maximum number of times a password must change
		  before it can	be reused.

	  logon_hours=time-string
		  Sets the days	of the week and	hours of the day during	which
		  the account holder can log in	to the account.	The time
		  string format	is an entry of Dd0000-0000 for each day	and
		  time that logins are enabled.	Time is	given in a 24-hour
		  clock	format.	For example, to	restrict logins	to Sunday,
		  Monday and Wednesday:
		       Su0830-1730,Mo0830-1730,We0830-1730

		  The hours are	restricted to 8:30AM to	5:30PM.

	  account_expiration=date_string
		  Specifies a date on which logins will	be disabled automati-
		  cally.

	  account_lifetime=n
		  Specifies a date on which the	account	will expire and	will
		  be retired automatically.

	  account_inactive=n
		  Specifies the	number of days that can	elapse before an
		  inactive account is locked automatically.

	  max_login_attempts=n
		  Specifies the	number of failed login attempts	that can
		  occur	before an account is locked automatically.

	  grace_limit=n
		  When an account becomes disabled because of an expired
		  password, break-in evasive action, or	exceeded login inter-
		  val, a grace period provides an interval during which	the
		  disabling condition is overridden and	the user may log in.
		  This successful login	will automatically clear the disa-
		  bling	condition and the grace	limit. Note that this does
		  not unlock an	account	that has been administratively locked
		  or that has expired.	The grace limit	specifies the number
		  of days, starting immediately, that the user has to log in
		  and re-enable	the account.

	  template=template_name
		  Specifies the	template name to provide default enhanced
		  security features for	users.

	  The following	extended_option	attributes are available for creating
	  PC accounts that can be assigned to client PC	users on systems run-
	  ning ASU:

	  pc_username=name_string
		  The user account name	on the PC. This	can be identical to
		  the user's UNIX account, or it can map to a shared account.
		  See the System Administration	Guide for more information on
		  account mapping. See the RESTRICTIONS	section	for more
		  information.

	  pc_unix_username=login_name
		  The backing UNIX account name. If no name is entered it
		  will be the same as the PC user account name.	See the	RES-
		  TRICTIONS section for	more information.

	  pc_fullname=text__string
		  The full name	of the user or a description of	the account.

	  pc_comment=text_string
		  A brief description of the account that is modifiable	only
		  by the administrator.

	  pc_usercomment=text_string
		  A brief description of the account. This string can be
		  changed by the user.

	  pc_homedir=pathname
		  The path to the user's home directory, specified as an ASU
		  share	format.

	  pc_primary_group=group
		  The primary ASU group	(domain) to which the user belongs.

	  pc_secondary_groups=group[,group...]
		  The secondary	ASU groups (domains) to	which the user
		  belongs.  This value is specified as a comma-delimited
		  list.

	  pc_logon_workstations=client_name
		  A list of client host	systems	from which the user can	log
		  on. This value is specified as a comma-delimited list, and
		  a null value (" ") means that	the user can log on from all
		  workstations.

	  pc_logon_script=pathname
		  The directory	where the default login	script is located.
		  This directory is created during ASU configuration.

	  pc_account_type=local|global
		  Specifies whether the	PC account is a	local or global
		  account in the ASU domain.

	  pc_account_expiration=date_string
		  Specifies the	date on	which the account will expire and
		  logins will be prevented.

	  pc_logon_hours=Dd0000-0000[,Dd0000-0000...]
		  Specifies the	days of	the week and hours of the day during
		  which	logins will expire and logins will be permitted	or
		  denied. See logon_hours for details of the string format.

	  pc_user_profile_path=pathname
		  Specifies the	pathname to the	default	user profile direc-
		  tory.

	  pc_disable_account =0|1
		  Specifies whether the	account	is locked, disabling logins.

	  pc_passwd
		  A text string	that will be the initial account password.
		  Note that you	must precede the pc_passwd option with the -x
		  option. Then you will	be prompted to enter a password, and
		  then prompted	to confirm the entry.  The password will not
		  be echoed to the display.

	  pc_passwd_choose_own=0|1
		  Controls whether the user can	set his	or her own password.

	  pc_passwd_change_required=0|1
		  Forces password change during	the initial login.

	  pc_forced_logoff=n_seconds
		  Specifies a forced log off when the user's account or	logon
		  time expires.	If there is a live server connection when the
		  time expires,	and this value is set to 1, the	connection
		  will be dropped. This	option is only available with the -D
		  option to change the default setting.	A value	of -1 speci-
		  fies never, meaning that the user is not disconnected. The
		  account expires after	the user logs off.

	  pc_synchronize=0|1
		  Create synchronized PC accounts if ASU is installed. You
		  cannot use the pc_synchronize	option if the -P option	is in
		  use. See the RESTRICTIONS section for	additional informa-
		  tion.

		  This option can be specified as a default or on the command
		  lin in combination with the -D option	to set the default
		  value.

	  pc_min_passwd_age=n
		  Specifies the	minimum	number of days that can	elapse before
		  a password can be changed by the user. This option is	only
		  available with the -D	option to change the default setting.

	  pc_max_passwd_age=n
		  Specifies the	maximum	number of days that can	elapse before
		  a password must be changed by	the user. This option is only
		  available with the -D	option to change the default setting.

	  pc_passwd_min_length=n
		  Specifies the	minimum	number of characters in	a valid	pass-
		  word string. This option is only available with the -D
		  option to change the default setting.

	  pc_passwd_uniqueness=n
		  Forces validation of the password for	uniqueness. This
		  option is only available with	the -D option to change	the
		  default setting.  This option	is equivalent to the
		  passwd_history_limit option.

  login	  Specifies the	new login name of the user. There are restrictions,
	  described below, on the length and allowable characters in the
	  login	name.








DESCRIPTION

  The useradd command is part of a set of command-line interfaces (CLI)	that
  are used to create and administer user accounts on the system. When The
  Advanced Server for UNIX (ASU) is installed and running, the useradd
  command can also be used to create and administer PC accounts, including
  synchronized creation	of PC accounts whenever	a UNIX account is created.
  Accounts can also be created with the	/usr/bin/X11/dxaccounts	graphical
  user interface (GUI) or the sysman(8)	Accounts menu.

  Different options are	available depending on how the local system is con-
  figured:

    +  In the default UNIX environment,	user account management	is compliant
       with the	IEEE POSIX Standard P1387.3.

    +  If enhanced (C2)	security is configured,	additional options and
       extended	options	can be used.

    +  The CLI is backwards-compatible,	so all existing	local scripts will
       function. However, you should consider testing your legacy account
       management scripts before use.

  Invoking useradd without the -D option adds a	new user entry to the user
  database. It also creates supplementary group	memberships for	the user if
  requested with the -G	option,	and creates the	home directory for the user
  if requested with the	-m option.

  Invoking useradd -D with no additional options displays the system default
  values that are used when creating a new login account.

  The -x options local and distributed let the system administrator specify
  whether the new user is local	or distributed by NIS. If these	options	are
  not specified	on the command line, the system	adds the new user to the
  appropriate database as specified by the system defaults. System defaults
  for users may	be set with the	usermod	-D option. In the absence of any
  defaults, useradd creates a local user. Certain combinations of these	set-
  tings	are incompatible and produce an	error: it is invalid to	set both of
  these	values to 0 or both of them to 1.

  If the user identification number (UID) is not specified, it defaults	to
  the next available (unique) number. The number is the	next available UID
  greater than minUID. The value nextUID specifies the next UID	to use.	If
  not available, the next available UID	greater	than nextUID is	used.

  When NIS is available, the new user may be given secondary group member-
  ships	with the -Goption in more than one type	of group. The indicated
  groups are sought first in the database that is of the same type as the
  user.	If not found, the alternate database is	checked. If the	group is not
  found	in either database, a warning is issued	but the	account	is created.

  The user database file entries created with useradd cannot exceed 512	char-
  acters per line for local and	NIS accounts. Specifying long arguments	to
  several options may exceed this limit.

RESTRICTIONS

  Note the following restrictions that apply to	this release:

  You must have	superuser privilege to execute this command.

  Certain characters that have special meaning for the shells are not allowed
  in the login name. This list includes	$@/[]:;|=,*?<>(){}"'`#,	backslash
  (\), and white space (space, tab, newline, form-feed,	return). In addition,
  the first character of the new login name cannot be one of +-!~.

  The maximum length of	the login name is 8 characters in this release.

  -P option
	  When creating	PC only	accounts, the PC account will be backed	to
	  the UNIX account lmworld. This account must exist when adding	PC-
	  only accounts. The lmworld account is	created	when the ASU is
	  installed.

	  When the -P option is	used, the specified login is the PC account
	  name.	When the -P option is not used,	the specified login is the
	  UNIX account name. When the extended option pc_synchronize is	used,
	  the specified	login is the UNIX account name.

  pc_unix_username extended option
	  The extended attribute pc_unix_username can only be used when	the
	  -P option is specified on the	command	line. This extended option is
	  used to specify a UNIX account name when creating or modifying a PC
	  account.

  pc_username extended option
	  The extended attribute pc_username cannot be used when the -P
	  option is specified on the command line. It is used to specify a PC
	  account name when creating or	modifying a UNIX account.

  pc_synchronize extended option
	  The pc_synchronize option cannot be used with	the -P option.

	  Distributed accounts can only	be added or modified on	NIS servers.

  Note that restrictions also apply when modifying existing account attri-
  butes. Refer to the usermod(8) reference page	for more information.

EXIT STATUS

  The useradd command exits with one of	the following values:

  0	  Success.

  1	  Failure.

  2	  Warning.

EXAMPLES

   1.  The following example adds the user, newuser, to	the user database:
	    % useradd newuser

   2.  The following example enables synchronized PC accounts, and the second
       command adds a user Contractor1 who will	then have both a UNIX and a
       PC account using	the system default account setup options:
	    % usermod -D -x   pc_synchronize=1

	    % useradd -x pc_logon_workstations=sofdev Contractor1

   3.  The following example adds the user, newuser, to	the user database
       with user id of 451:
	    % useradd -u 451 newuser

   4.  The following example adds the user, newuser, using the next available
       UID with	csh as the login shell.	It creates the user's home directory
       /home_dir/newuser, where	/home_dir is the default location for creat-
       ing home	directories:
	    % useradd -m -s /bin/csh newuser

   5.  The following example adds the local user, xyz, that overrides the
       default home directory in the NIS master	database:
	    % useradd -t + -d /users/xyz xyz

   6.  The following example changes the default base directory	to
       /user/users1 for	all new	users:
	    % useradd -D -b /user/users1

   7.  The following example adds the new user,	xyz, to	the NIS	master data-
       base:
	    % useradd -x distributed=1 xyz

   8.  The following example adds the new PC user, Contractor1,	sets logon
       hours and the logon system:
	    % useradd -P  -x /
	    pc_logon_hours=Mo0900-2300,We0900-2300 /
	    pc_logon_workstations=sofdev  Contractor1

   9.  The following example adds the new PC user, Contractor1,	supplying the
       PC password:
	    % useradd -P -x pc_passwd Contractor1
	    New	PC password:
	    Retype new PC password:



FILES

  The useradd command operates on the appropriate files	for the	specific
  level	of system security.

SEE ALSO

  Commands:  groupadd(8), groupdel(8), groupmod(8), passwd(1), userdel(8),
  usermod(8)

  Manuals: System Administration, Security, Advanced Server for	UNIX Instal-
  lation and Administration