Adding users to a Linux computer is a basic administration task, and there are several ways to achieve this. Each method has benefits and drawbacks. We explain three different techniques for you.
Computers Need Users
A personal computer without a user doesn’t really amount to much. Linux supports multiple users. Whether they log in at the same time and share the computer’s power, or sign in singly when they have exclusive use of the machine, each person needs a unique user account.
A user account encapsulates that user’s work and provides privacy. It also allows control and governance to be applied to the account. Different users can have different capabilities according to their needs or their role or function by changing the attributes of their user account, like which groups they belong to.
Whether you share your computer with family members or administer a multi-user installation for an organization, creating user accounts is a fundamental administrative skill.
Linux being Linux, you have several methods to choose from. We’re going to step you through three—two command-line methods and one GUI-based method—so that you can select the one you feel works best for you.
The useradd Command
The useradd
command is the lowest-level command used for adding users. Other commands act as friendlier front-ends for the useradd
command. This adds some convenience and makes the process easier, but the other commands don’t do anything that you can’t achieve with useradd
and a little help from the passwd
command.
The useradd
command has a lot of options, the ones you’ll need to add a typical new user are shown below. Needless to say, you’ll have to use sudo
to add a user.
sudo useradd -s /bin/bash -m -c "Mary Quinn" -Gsambashare maryq
The command is composed of:
- sudo: We need administrator privileges to allow a new user to access the computer.
- useradd: The
useradd
command. - -s /bin/bash: The shell option. This sets the default shell for this new user.
- -m: The make home directory option. This creates a directory in the “/home/” directory, with the same name as the new user account name.
- -c “Mary Quinn”: The full name of the new user. This is optional.
- -Gsambashare: The additional group option. This is optional. The new user is added to a group with the same name as their account name. The
-G
option (note, capital “G”) adds the user to supplementary groups. The groups must already exist. We’re also making the new user a member of the “sambashare” group. - maryq: The name of the new user account. This must be unique. It cannot already be in use for another user.
This creates the new user account, creates their home directory, and populates it with some default hidden files. We can look into their home directory like this:
sudo ls -ahl /home/maryq
Our new user will not be able to log in. We haven’t created a password for them. It is possible to pass the password to the useradd
command using its -p
(password) option, but this is considered bad practice. Moreover, you must provide the password in its encrypted form, so it isn’t as straightforward as it sounds.
It is easier, and more secure, to use the passwd
command to set the password for the new account.
sudo passwd maryq
You’re prompted for the password, then asked to enter it once more to verify it. This password must be communicated securely to the new user. It’s advisable that they are prompted to change their password when they log in. This means they can choose their own password, and no one else will know it.
sudo passwd --expire maryq
We can see our new user account and compare it to an existing one by looking inside the “/etc/passwd” file.
grep -E "dave|maryq" /etc/passwd
In order, the colon “:” separated fields are:
- maryq: The name of the user account.
- x: An “x” in this field means the user account password is encrypted and held in the “/etc/shadow” file.
- 1001: The user account ID.
- 1001: The ID of the default group for this user account.
- Mary Quinn: This is the GECOS field. It can hold a set of comma “,” separated values of extra information. All we added was the full name of the user.
- /home/maryq: The path to the home directory for this account.
- /bin/bash: The path to the default shell for this account.
When our new user first logs in, they will use the password you created for them.
Because we set their password to the “expired” condition, they’ll be prompted to change it. They must re-enter their existing password.
They are then prompted for their new password.
Once they type their new password and hit “Enter”, they are asked to re-enter the password to verify it.
Finally, they’re logged in. They must use the new password to log in from now on.
Some housekeeping is performed and the usual “Documents”, “Downloads”, and other directories are created for them in their home directory.
The GECOS field can contain up to five comma-separated pieces of information. These are rarely used. If any are populated at all, it is usually the first one, which holds the real-world name of the owner of this account.
The fields are:
- The real-world name of this user.
- The room number of this user.
- Their work phone.
- Their home phone.
- Any other information.
If we’d wanted to provide all of this when we created the account we could have done so, like this:
sudo useradd -s /bin/bash -m -c "Mary Quinn,Operations 1,555-6325,555-5412,Team Leader" -Gsambashare maryq
We can use grep
to see that this information has been stored in the “/etc/passwd” file.
grep maryq /etc/passwd
If you don’t have this information to hand when you create the account it can be added or changed later using the chfn
command.
This information is used by commands such as finger
and pinky
.
finger maryq
The adduser Command
The adduser
command wraps the creation of the account, its home directory, setting the password, and capturing the GECOS field information into one interactive session.
The adduser
command was already present on our Ubuntu and Fedora test machines but had to be installed on Manjaro. It’s in the Arch User Repository, so you’ll need to use an AUR helper such as yay
to install it.
yay adduser
To start the process, use sudo
and provide the name of the user account you’re adding:
sudo adduser maryq
The default group for the user account is created, and the user account is added with that group as its default. The home directory is created and the hidden configuration files are copied into it.
You’re prompted to provide a password.
When you provide a password and hit “Enter”, you’re prompted to re-enter the password to verify it.
You’re asked in turn for each of the pieces of information that can go into the GECOS field.
Either provide some information and hit “Enter” to move to the next field, or just hit “Enter” to skip a field.
Finally, you’re asked if the information you have provided is correct. Press the “Y” key, and hit “Enter” to complete the process.
Remember to set the password for the new account as “expired” so that the new user is required to change it when they first log in.
sudo password --expire maryq
The GUI Method
Open the system menu by clicking on the right-hand edge of the GNOME panel, near the power, volume, and network icons.
Click on the “Settings” menu entry.
The Settings application will open. Click on the “Users” entry in the sidebar, then click on the “Unlock” button in the “Users” pane.
You will need to enter your password.
A green “Add User” button will appear.
Click this button. The “Add user” dialog appears. It contains a form that captures the details of the new user.
Fill in the form with the details of the new user. If you want them to be able to use sudo
, click the “Administrator” button.
You can either set their password now or leave it to them to choose a password when they first log in. If you set a password you’ll have to remember to open a terminal window and use the passwd
command to set it to the “expired” state. That’ll force them to set their own password the first time they log in.
That’s a bit of a pain to have to go to the terminal when you’re trying to use the GUI to accomplish the creation of the new user.
If you click the “Allow user to set their own password when they next login” radio button the user is prompted for a new password when they try to log in. But the drawback here is that the first person who tries to use the new account can set the password. So anyone who knows the account has been created and who beats the genuine new user to trying to log in can take over the account.
Neither of these situations is ideal.
Click the green “Add” button when you’ve completed the form and made your selections.
We selected the “Allow user to set their own password when they next login” option. When the user tries to log in they’re prompted for a new password. But, unlike the sequence we saw earlier, they are not prompted for their current password—they don’t have one.
As you’d expect, they have to enter it once more to verify it.
Decisions Decisions
The useradd
command gives granular control, but there’s a lot to get right on the command line.
The adduser
command makes life easier but doesn’t allow you to enter the new user into additional groups.
The GUI method has drawbacks whichever password radio button you choose.
In most informal or domestic situations, adduser
command probably gives you the best balance between capability and functionality. If you need to add the new user to an additional group, you can do that once they’ve been created, using the usermod
command.