Adding users to a Linux machine is a basic administrative task, and there are several ways to accomplish this. Each method has advantages and disadvantages. We explain three different methods for you.
A personal computer without a user doesn’t really mean anything. Linux supports multiple users. Whether they log in at the same time and share the power of the computer, or log in individually when they have the exclusive right to use the machine, each person needs a unique user account.
A user account encapsulates that user’s work and provides privacy. It also allows you to apply control and management to an account. Different users can have different capabilities according to their needs, their role or function by changing the attributes of their user account, such as which groups they belong to.
Whether you’re sharing your computer with family members or administering a multi-user setup for an organization, creating user accounts is a fundamental administrative skill.
Linux is Linux, you have several methods to choose from. We’ll introduce you to three – two command-line methods and one GUI-based method – so you can choose the one you think works best for you.
useraddis the lowest level command used to add users. Other commands act as friendlier external interfaces for
useraddthe command. It adds some convenience and simplifies the process, but the other commands don’t do anything you can’t achieve
useradd , and a little help from
useraddhas many options, the ones you need to add a regular new user are shown below. Needless to say, what you will have to use
sudoto add a user.
sudo useradd -s /bin/bash -m -c "Mary Quinn"-Gsambashare maryq
The team consists of:
- sudo: We need administrator rights so that the new user can access the computer.
- -s /bin/bash: shell option. This sets the default shell for this new user.
- -m: option to create a home directory. This creates a directory in the “/home/” directory with the same name as the new user account name.
- -c “Mary Quinn”: The full name of the new user. It’s not obligatory.
- -Gsambashare: additional group option. It’s not obligatory. The new user is added to the group with the same name as their account name. The option
-G(note the capital “G”) adds the user to additional groups. Groups must already exist. We also make the new user a member of the “sambashare” group.
- maryq: The name of the new user account. It must be unique. It cannot already be used by another user.
This creates a new user account, creates their home directory, and populates it with some default hidden files. We can look into their home directory like this:
sudo ls -ahl /home/maryq
Our new user will not be able to login. We have not created a password for it. It is possible to pass a password
useraddto a command using its
-poption (password), but this is considered bad practice. Also, you must provide an encrypted password, so it’s not as easy as it sounds.
It’s easier and safer to use
passwdthe command to set a password for a new account.
sudo passwd maryq
You will be asked to enter a password and then asked to enter it again to confirm it. This password must be securely communicated to the new user. Preferably, they should be prompted to change their password when they log in. This means that they can choose their own password and no one else will know it.
sudo passwd --expire maryq
We can see our new user account and compare it to the existing one by looking in the “/etc/passwd” file.
grep -E "dave|maryq"/etc/passwd
In order, colon-separated “:” fields:
- maryq: user account name.
- x: An “x” in this field means that the user account’s password is encrypted and stored in the “/etc/shadow” file.
- 1001: user account ID.
- 1001: The default group ID for this user account.
- Mary Quinn: This is the GECOS field . It may contain a set of additional information values separated by commas. All we’ve added is the full username.
- /home/maryq: The path to the home directory for this account.
- /bin/bash: path to the default shell for this account.
When our new user logs in for the first time, he will use the password you created for him.
Since we have set their password to “expired”, they will be prompted to change it. They must re-enter their existing password.
They will then be prompted to enter a new password.
After they enter their new password and press Enter, they will be prompted to enter the password again to confirm it.
Finally, they logged in. From now on, they must use the new password to log in.
Some cleanup is done and the usual Documents, Downloads, and others directories are created for them in their home directory.
The GECOS field can contain up to five pieces of information separated by commas. They are rarely used. If any of them are filled out at all, it’s usually the first one that contains the real name of that account’s owner.
- The real name of this user.
- This user’s room number.
- Their work phone.
- their home phone.
- Any other information.
If we wanted to provide all of this when creating an account, we could do it like this:
sudo useradd -s /bin/bash -m -c "Mary Quinn,Operations 1,555-6325,555-5412,Team Leader"-Gsambashare maryq
We can use
grepto see that this information has been stored in the “/etc/passwd” file.
grep maryq /etc/passwd
If you don’t have this information when you create your account, you can add or change it later with a
This information is used by commands such
addusercombines creating an account, its home directory, setting a password, and collecting GECOS field information into one interactive session.
addusercommand was already present on our Ubuntu and Fedora test machines, but needed to be installed on Manjaro. It’s in the Arch user repository, so you’ll need the AUR helper to install it, for example
To start the process, use
sudoand provide the name of the user account to be added:
sudo adduser maryq
A default group for the user account is created and the user account is added with this default group. A home directory is created and hidden configuration files are copied into it.
You will be prompted to enter a password.
When you enter your password and press Enter, you will be prompted to enter your password again to confirm it.
You are asked in turn about each piece of information that can be entered in the GECOS field.
Either provide some information and press enter to move on to the next field, or just press enter to skip the field.
Finally, you will be asked if the information you provided is correct. Press the “Y” key and press “Enter” to complete the process.
Don’t forget to set the password for the new account to “Expired” so that the new user will have to change it the first time they log in.
sudo password --expire maryq
Open the system menu by clicking on the right edge of the GNOME panel next to the power, volume, and network icons.
Click on the “Settings” menu item.
The Settings app will open. Click the Users entry in the sidebar, then click the Unblock button in the Users panel.
You will need to enter your password.
A green Add User button will appear.
Click this button. The Add User dialog box will appear. It contains a form in which information about the new user is recorded.
Fill out the form with the new user’s details. If you want them to be able to use
sudo, click the “Administrator” button.
You can either set their password now or let them choose a password when they first log in. If you set a password, you will need to remember to open a terminal window and use
passwd the command to set it to the “expiry” state. This will force them to set their own password the first time they log in.
It’s a bit of a pain to jump to the terminal when you’re trying to use the GUI to create a new user.
If you click the “Allow user to set their own password at next logon” radio button, the user will be prompted to enter a new password when they try to log in. But the downside here is that the first person who tries to use the new account can set a password. This way, anyone who knows that an account has been created and who is ahead of a real new user when trying to log in can get an account.
None of these situations are ideal.
Click the green “Add” button when you’ve completed the form and made your selection.
We selected the option “Allow the user to set their own password the next time they log in”. When a user attempts to log in, they are prompted for a new password. But, unlike the sequence we saw earlier, they are not prompted for their current password – they don’t have one.
As expected, they have to enter it again to confirm it.
useraddgives fine-grained control, but a lot can be done directly from the command line.
addusermakes life easier, but does not allow you to add a new user to additional groups.
The GUI method has drawbacks depending on which password switcher you choose.
In most informal or home situations
adduser, command probably gives you the best balance between features and functionality. If you need to add a new user to an additional group, you can do so after creating it with the