Useradd: Unterschied zwischen den Versionen

Aus Foxwiki
Zeile 81: Zeile 81:


= TMP =
= TMP =
== OPTIONEN ==
The options which apply to the useradd command are:
--badname
erlaube Namen, die nicht den Standards entsprechen.
-b, --base-dir BASE_DIR
The default base directory for the system if -d HOME_DIR is not specified. BASE_DIR is
concatenated with the account name to define the home directory.
If this option is not specified, useradd will use the base directory specified by the HOME
variable in /etc/default/useradd, or /home by default.
-c, --comment COMMENT
Any text string. It is generally a short description of the account, and is currently used as
the field for the user's full name.
-d, --home-dir HOME_DIR
The new user will be created using HOME_DIR as the value for the user's login directory. The
default is to append the LOGIN name to BASE_DIR and use that as the login directory name. If
the directory HOME_DIR does not exist, then it will be created unless the -M option is
specified.
-D, --defaults
Lesen Sie dazu unten den Abschnitt »Die Standardwerte verändern«.
-e, --expiredate EXPIRE_DATE
The date on which the user account will be disabled. The date is specified in the format
YYYY-MM-DD.
If not specified, useradd will use the default expiry date specified by the EXPIRE variable
in /etc/default/useradd, or an empty string (no expiry) by default.
-f, --inactive INACTIVE
defines the number of days after the password exceeded its maximum age where the user is
expected to replace this password. The value is stored in the shadow password file. An input
of 0 will disable an expired password with no delay. An input of -1 will blank the respective
field in the shadow password file. See shadow(5)for more information.
If not specified, useradd will use the default inactivity period specified by the INACTIVE
variable in /etc/default/useradd, or -1 by default.
-F, --add-subids-for-system
Update /etc/subuid and /etc/subgid even when creating a system account with -r option.
-g, --gid GROUP
The name or the number of the user's primary group. The group name must exist. A group number
must refer to an already existing group.
If not specified, the behavior of useradd will depend on the USERGROUPS_ENAB variable in
/etc/login.defs. If this variable is set to yes (or -U/--user-group is specified on the
command line), a group will be created for the user, with the same name as her loginname. If
the variable is set to no (or -N/--no-user-group is specified on the command line), useradd
will set the primary group of the new user to the value specified by the GROUP variable in
/etc/default/useradd, or 100 by default.
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of. Each group is separated
from the next by a comma, with no intervening whitespace. The groups are subject to the same
restrictions as the group given with the -g option. The default is for the user to belong
only to the initial group. In addition to passing in the -G flag, you can add the option
GROUPS to the file /etc/default/useradd which in turn will add all users to those
supplementary groups.
-h, --help
zeigt die Hilfe an und beendet das Programm.
-k, --skel SKEL_DIR
The skeleton directory, which contains files and directories to be copied in the user's home
directory, when the home directory is created by useradd.
This option is only valid if the -m (or --create-home) option is specified.
If this option is not set, the skeleton directory is defined by the SKEL variable in
/etc/default/useradd or, by default, /etc/skel.
Absolute symlinks that link back to the skel directory will have the /etc/skel prefix
replaced with the user's home directory.
Soweit möglich, werden die ACLs und erweiterte Attribute kopiert.
-K, --key KEY=VALUE
Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others).
Example: -K PASS_MAX_DAYS =-1 can be used when creating an account to turn off password
aging. Multiple -K options can be specified, e.g.: -K UID_MIN =100 -K UID_MAX=499
-l, --no-log-init
lässt den Benutzer bei den Aufzeichnungen von lastlog(8) und faillog(8) außen vor.
Standardmäßig werden die Benutzereinträge in den Datenbanken für lastlog und faillog
zurückgesetzt, um zu vermeiden, dass der Eintrag eines früher gelöschten Benutzers erneut
verwendet wird.
If this option is not specified, useradd will also consult the variable LOG_INIT in the
/etc/default/useradd if set to no the user will not be added to the lastlog and faillog
databases.
-m, --create-home
Create the user's home directory if it does not exist. The files and directories contained in
the skeleton directory (which can be defined with the -k option) will be copied to the home
directory.
By default, if this option is not specified and CREATE_HOME is not enabled, no home
directories are created.
The directory where the user's home directory is created must exist and have proper SELinux
context and permissions. Otherwise the user's home directory cannot be created or accessed.
-M, --no-create-home
Do not create the user's home directory, even if the system wide setting from /etc/login.defs
(CREATE_HOME) is set to yes.
-N, --no-user-group
Do not create a group with the same name as the user, but add the user to the group specified
by the -g option or by the GROUP variable in /etc/default/useradd.
The default behavior (if the -g, -N, and -U options are not specified) is defined by the
USERGROUPS_ENAB variable in /etc/login.defs.
-o, --non-unique
allows the creation of an account with an already existing UID.
This option is only valid in combination with the -u option. As a user identity serves as key
to map between users on one hand and permissions, file ownerships and other aspects that
determine the system's behavior on the other hand, more than one login name will access the
account of the given UID.
-p, --password PASSWORD
defines an initial password for the account. PASSWORD is expected to be encrypted, as
returned by crypt (3). Within a shell script, this option allows to create efficiently
batches of users.
Without this option, the new account will be locked and with no password defined, i.e. a
single exclamation mark in the respective field of /etc/shadow. This is a state where the
user won't be able to access the account or to define a password himself.
Note:Avoid this option on the command line because the password (or encrypted password) will
be visible by users listing the processes.
Sie sollten sicherstellen, dass das Passwort den Passwortrichtlinien des Systems entspricht.
-r, --system
erstellt ein Systemkonto
System users will be created with no aging information in /etc/shadow, and their numeric
identifiers are chosen in the SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs,
instead of UID_MIN-UID_MAX (and their GID counterparts for the creation of groups).
Note that useradd will not create a home directory for such a user, regardless of the default
setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a
home directory for a system account to be created.
Note that this option will not update /etc/subuid and /etc/subgid. You have to specify the -F
options if you want to update the files for a system account to be created.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR
directory. Only absolute paths are supported.
-P, --prefix PREFIX_DIR
Apply changes to configuration files under the root filesystem found under the directory
PREFIX_DIR. This option does not chroot and is intended for preparing a cross-compilation
target. Some limitations: NIS and LDAP users/groups are not verified. PAM authentication is
using the host files. No SELINUX support.
-s, --shell SHELL
sets the path to the user's login shell. Without this option, the system will use the SHELL
variable specified in /etc/default/useradd, or, if that is as well not set, the field for the
login shell in /etc/passwd remains empty.
-u, --uid UID
The numerical value of the user's ID. This value must be unique, unless the -o option is
used. The value must be non-negative. The default is to use the smallest ID value greater
than or equal to UID_MIN and greater than every other user.
See also the -r option and the UID_MAX description.
-U, --user-group
erstellt eine Gruppe mit dem gleichen Namen wie der Benutzer und fügt diesen der Gruppe
hinzu.
The default behavior (if the -g, -N, and -U options are not specified) is defined by the
USERGROUPS_ENAB variable in /etc/login.defs.
-Z, --selinux-user SEUSER
defines the SELinux user for the new account. Without this option, SELinux uses the default
user. Note that the shadow system doesn't store the selinux-user, it uses semanage(8) for
that.
--selinux-range SERANGE
defines the SELinux MLS range for the new account. Without this option, SELinux uses the
default range. Note that the shadow system doesn't store the selinux-range, it uses
semanage(8) for that.
This option is only valid if the -Z (or --selinux-user) option is specified.
Die Standardwerte verändern
When invoked with only the -D option, useradd will display the current default values. When
invoked with -D plus other options, useradd will update the default values for the specified
options. Valid default-changing options are:
-b, --base-dir BASE_DIR
sets the path prefix for a new user's home directory. The user's name will be affixed to the
end of BASE_DIR to form the new user's home directory name, if the -d option is not used when
creating a new account.
This option sets the HOME variable in /etc/default/useradd.
-e, --expiredate EXPIRE_DATE
sets the date on which newly created user accounts are disabled.
This option sets the EXPIRE variable in /etc/default/useradd.
-f, --inactive INACTIVE
defines the number of days after the password exceeded its maximum age where the user is
expected to replace this password. See shadow(5)for more information.
This option sets the INACTIVE variable in /etc/default/useradd.
-g, --gid GROUP
sets the default primary group for newly created users, accepting group names or a numerical
group ID. The named group must exist, and the GID must have an existing entry.
This option sets the GROUP variable in /etc/default/useradd.
-s, --shell SHELL
defines the default login shell for new users.
This option sets the SHELL variable in /etc/default/useradd.
== ANMERKUNGEN ==
== ANMERKUNGEN ==
The system administrator is responsible for placing the default user files in the /etc/skel/
The system administrator is responsible for placing the default user files in the /etc/skel/

Version vom 6. November 2024, 12:33 Uhr


useradd - erstellt einen neuen Benutzer oder aktualisiert die Standardwerte für neue Benutzer

Beschreibung

useradd is a low level utility for adding users. On Debian, administrators should usually use adduser(8) instead.

When invoked without the -D option, the useradd command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files.

By default, a group will also be created for the new user (see -g, -N, -U, and USERGROUPS_ENAB).

Installation

Syntax

useradd [options] LOGIN
useradd -D
useradd -D [options]

Optionen

Parameter

Umgebungsvariablen

Exit-Status

0 success
1 can't update password file
2 invalid command syntax
3 invalid argument to option
4 UID already in use (and no -o)
6 specified group doesn't exist
9 username or group name already in use
10 can't update group file
12 can't create home directory
14 can't update SELinux user mapping

Anwendung

Problembehebung

Konfiguration

Dateien

Anhang

Siehe auch

shadow-utils 4.16.0

Dokumentation

Man-Page

chfn(1) chsh(1) passwd(1) crypt(3) groupadd(8) groupdel(8) groupmod(8) login.defs(5) newusers(8) subgid(5) subuid(5) userdel(8) usermod(8)

Info-Pages

Links

Projekt
Weblinks

TMP

ANMERKUNGEN

The system administrator is responsible for placing the default user files in the /etc/skel/ directory (or any other skeleton directory specified in /etc/default/useradd or on the command line).

WARNUNGEN

Sie dürfen einer NIS- oder LDAP-Gruppe keine Benutzer hinzufügen. Dies muss auf dem entsprechenden Server durchgeführt werden.

Similarly, if the username already exists in an external user database such as NIS or LDAP, useradd will deny the user account creation request.

Usernames may contain only lower and upper case letters, digits, underscores, or dashes. They can end with a dollar sign. Dashes are not allowed at the beginning of the username. Fully numeric usernames and usernames . or .. are also disallowed. It is not recommended to use usernames beginning with . character as their home directories will be hidden in the ls output.

Benutzernamen dürfen nur bis zu 256 Zeichen lang sein.

On Debian, the only constraints are that usernames must neither start with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a colon (':'), a comma (','), or a whitespace (space: ' ', end of line: '\n', tabulation: '\t', etc.). Note that using a slash ('/') may break the default algorithm for the definition of the user's home directory.

KONFIGURATION

The following configuration variables in /etc/login.defs change the behavior of this tool:

DATEIEN

/etc/passwd Informationen zu den Benutzerkonten
/etc/shadow geschützte Informationen zu den Benutzerkonten
/etc/group Informationen zu den Gruppenkonten
/etc/gshadow geschützte Informationen zu den Gruppenkonten
/etc/default/useradd Standardwerte für die Erstellung eines Kontos
/etc/shadow-maint/useradd-pre.d/*, /etc/shadow-maint/useradd-post.d/* Run-part files to execute during user addition. The environment variable ACTION will be populated with useradd and SUBJECT with the username. useradd-pre.d will be executed prior to any user addition. useradd-post.d will execute after user addition. If a script exits non-zero then execution will terminate
/etc/skel/ Verzeichnis, das die Dateien mit Standardwerten enthält
/etc/subgid enthält untergeordnete Gruppenkennungen der einzelnen Benutzer
/etc/subuid enthält untergeordnete Benutzerkennungen der einzelnen Benutzer
/etc/login.defs konfiguriert die Shadow-Hilfsprogramme