Wiki‎ > ‎

Adduser vs Useradd (Debian/Ubuntu)

posted Feb 23, 2016, 8:27 AM by Dong Xu   [ updated Dec 3, 2018, 4:59 PM ]
Should use adduser which is a perl script that calls useradd and has enhanced features:

http://unix.stackexchange.com/questions/121071/what-does-adduser-do-that-useradd-doesnt

First off, the respective man page snippets highlight the differences between the two commands and give some indication of what is going on. For adduser:

adduser and addgroup add users and groups to the system according to command line options and configuration information in /etc/adduser.conf. They are friendlier front ends to the low level tools like useradd, groupadd and usermod programs, by default choosing Debian policy conformant UID and GID values, creating a home directory with skeletal configuration, running a custom script, and other features.

Then for useradd:

useradd is a low level utility for adding users. On Debian, administrators should usually use adduser(8) instead.

Further investigation of adduser reveals that it is a perl script providing a high level interface to, and thus offering some of the functionality of, the following commands:

  • useradd
  • groupadd
  • passwd - used to add/change users passwords.
  • gpasswd - used to add/change group passwords.
  • usermod - used to change various user associated parameters.
  • chfn - used to add/change additional information held on a user.
  • chage - used to change password expiry information.
  • edquota - used to change disk usage quotas.

A basic run of the adduser command is as follows:

adduser username

This simple command will do a number of things:

  1. Create the user named username.
  2. Create the user's home directory (default is /home/username and copy the files from /etc/skel into it.
  3. Create a group with the same name as the user and place the user in it.
  4. Prompt for a password for the user.
  5. Prompt for additional information on the user.

The useradd program can most of accomplish most of this, however it does not do so by default and needs additional options. Some of the information requires more commands:

useradd -m -U username
passwd username
chfn username

Note that adduser ensures that created UIDs and GIDs conform with the Debian policy. Creating normal users with useradd seems to be ok, provided UID_MIN/UID_MAX in /etc/login.defs matches the Debian policy. What is a problem though is that Debian specifies a particular range for system user UIDs which only seems to be supported in /etc/adduser.conf, so naively adding a system user with useradd and not specifying a UID/GUID in the correct range leaves the potential for serious problems.

Another common use for adduser is to simplify the process of adding a user to a group. Here, the following command:

adduser username newgroup

replaces a more complex usermod command that requires the groups which the user is already a member of (and that you would like the user to remain a member) to be specified:

usermod -G all,other,groups,user,is,in,newgroup

One downside to using adduser here though is that you can only specify one group at a time.


Lock a Password

To disable / lock the password of user account use below command. This will not disallow ssh-access on Ubuntu. This prepends a ! to the password hash so that no password will match it anymore.

# take away peters password
sudo passwd -l peter

To unlock him:

# give peter back his password
sudo passwd -u peter

passwd -l

that might be what you're looking for :)

from the passwd man page:

-l, --lock Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ´!´ at the beginning of the password).

Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use

usermod --expiredate 1 (this set the account's expire date to Jan 2, 1970).

Users with a locked password are not allowed to change their password.

How to disable user's login without disabling the account

Alter /etc/passwd manually like below

user1:x:1001:1001:,,,:/home/user1:/usr/sbin/nologin

after making change user1 is not being able to login from terminal but surprisingly can login from gnome

Comments