Overview
In this tutorial, you will learn how to create a user on CentOS using the useradd command. You also see several common and real world examples of user creation.
Instructions provided in this tutorial are compatible with the following versions of CentOS.
- CentOS 5
- CentOS 6
- CentOS 7
- CentOS 8
Creating a basic user
The most basic example of creating a new user in CentOS is to use the useradd command.
useradd student1The useradd command on its own will not set a password for your newly created user. While the -p flag can be used to set the password, it is strongly recommended that you do not use it. Password’s set from the command-line remain visible in a user’s history.
Instead, to set a password for the new user use the passwd command. It is much more secure, as it does not leave a log in a user’s shell history.
passwd student1The useradd command above did not use any arguments to customize the new user, meaning defaults were applied. The default behaviour of the useradd command is to:
- Create a new user
- Create a home directory in
/home/<username> - Create a user group with the name of the user
- Set the shell to default, which is bash
- Set the UID (User ID) to the next available ID, incrementing from 1000 for regular users.
Common Arguments
The following is a list of common arguments that can be used to further customize a new user.
| Flag | Description | Example |
|---|---|---|
-c--comment | A short description of the login, sometimes used for the user’s full name. | -c "John Doe" |
-d--home-dir | Create a home directory using the value set with this flag. | -d johndoe |
-f--inactive | Number of days account will become disabled after a password expires. A value of 0 will disable the account immediate after its password expires. | -f 5 |
-g--gid | The group name or ID of the user’s initial login group. The group name must exist, and a group number must refer to an already existing group. | -g ops-admins--gid 1500 |
-m--create-home | Create the user’s home directory, if it does not exist. | |
-M--no-create-home | Do not create the user’s home directory. | |
-r--system | Create a system account. System users will be created with no aging information in /etc/shadow, and their numerical identifiers are chosen in the `SYS_UID_MIN-SYS_UID_MAX range. A home directory is not created with a new system user. | |
-s--shell | The name of the user’s login shell. The default value is set in /etc/default/useradd, which defaults as bash. | -s /bin/bash |
-e`–expiredate | Set an expiration date for a user account. Format is YYYY-MM-DD | -e 2024-10-23 |
Creating a System User
System users are created for running system processes and tasks. These are not regular users, and should not be used as one.
As system user does not expire by default and it given a unique identifier from a range reserved for such accounts. Typical users are given an unique indentifer from 1000 onwards, while system users are given a 3 digit ID.
Also, a system user is not created with a home directory. This enforces the idea that the user is cannot have a login session, such as through SSH. A best practice to prevent someone from breaking into the system with a system user.
To create a system user you use the -r or --system flag.
useradd -r mysql-backupCreating a User with Custom Home Directory
To set the home directory of user and overwrite the default value you use the -m or --home-dir flag.
The example below will create a new user named student and set their home directory to /home/students/student1.
useradd -h /home/students/student1 student1Creating a User and Adding Multiple Groups
In most environments, privileges to files, directories, and executables are assigned to groups rather than individual users. For the sake of securing resources by area of concern, each resource should be grouped and assigned group privileges.
This strategy involves the creation of multiple groups, each with its own privileges. In order to add a new user to multiple groups, you use the -G or --groups flag.
For example, to create a new user named sysadmin1 and add them to multiple groups, you would do the following.
useradd -G webops,devops,sysops sysadmin1Creating a User with an Expiry Date
Some users are only expected to exist for a specified period of time. Afterwhich, the user should be effectively disabled on the system. This can be done using the -e or --expiredate flags.
For example, to add an expiration date to a newly created user you would run the following useradd command.
useradd --expiredate 2022-05-30The example above will expire the user account on May 30th, 2022.
Creating a User and Setting Their Shell
It’s not uncommon to run several different shells on a Linux server. While the default shell in CentOS is Bash, other popular shells are ZSH and Korn Shell, for example.
To create a new user with a specific shell you use the -s or --shell flag.
useradd -s /bin/ksh student1Setting a Password Expiration
The useradd command does not support setting limits for user passwords. Instead, the passwd command is used for such tasks.
The three main flags for setting time limits on user passwords are the following:
-n, --minimum— Sets the minimum password lifetime, in days.-x, --maximum— Sets the maximum password lifetime, in days.-w, --warning— Sets the number of days before expirations to send a warning, in days.
In order to set these values and have them take affect the user’s account must support password lifetimes.
For example, to set a user’s password to expire in 90 days, with a minimum of 2 days, you would run the following command.
sudo passwd -n 2 -x 90 student1Deleting a User Account
Deleting users is often need to remove unnecessary users that naturally build up over time. To delete a user in CentOS you use the userdel command.
sudo userdel student1Create a Sudo User on CentOS
A sudo user is a super user in Linux. There are several ways to accomplish this task, but simplest is to add the user to the wheel group.
In the following example, the new user student1 is added to the wheel group, giving him sudo rights.
sudo useradd -G wheel -c "Student1 is an admin" student1
