1.\" $OpenBSD: adduser.8,v 1.26 2001/12/22 18:11:17 millert Exp $ 2.\" 3.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $From: adduser.8,v 1.12 1996/08/28 17:54:13 adam Exp $ 28.Dd July 8, 1999 29.Dt ADDUSER 8 30.Os 31.Sh NAME 32.Nm adduser , 33.Nm rmuser 34.Nd add and delete users from the system 35.Sh SYNOPSIS 36.Nm adduser 37.Oo Fl batch Ar username 38.Oo Ar group Ns Op , Ns Ar group 39.Ar ... 40.Oc 41.Op Ar fullname 42.Op Ar password 43.Oc 44.Op Fl check_only 45.Op Fl config_create 46.Op Fl dotdir Ar directory 47.Oo 48.Fl e 49.Ar method No \&| Fl encryption Ar method 50.Oc 51.Op Fl group Ar login_group 52.Op Fl h | help | ? 53.Op Fl home Ar partition 54.Op Fl message Ar file 55.Op Fl noconfig 56.Op Fl shell Ar shell 57.Op Fl s | silent | q | quiet 58.Op Fl uid_start Ar uid 59.Op Fl uid_end Ar uid 60.Op Fl v | verbose 61.Op Fl unencrypted 62.Pp 63.Nm rmuser Op Ar username 64.Sh DESCRIPTION 65The 66.Nm adduser 67program adds new users to the system. 68The 69.Nm rmuser 70program removes users from the system. 71When not passed any arguments, both 72utilities operate in interactive mode and prompt for any required information. 73.Pp 74The options are as follows: 75.Bl -tag -width Ds 76.It Xo Fl batch Ar username 77.Oo Ar group Ns Op , Ns Ar group 78.Ar ... Oc 79.Op Ar fullname 80.Op Ar password 81.Xc 82Enter batch mode in which multiple users are specified on the command-line 83in a compact format. 84By default the password is assumed to already be properly encrypted. 85.It Fl check_only 86Check the passwd, group, and shells databases for consistency and problems 87then exit without performing any other operation. 88.It Fl config_create 89Create or edit default configuration information and message file before 90proceeding with the normal interactive adduser procedure. 91.It Fl dotdir Ar directory 92Copy files from 93.Ar directory 94into the HOME directory of new users. 95Files named in the fashion of 96.Dq Pa dot.foo 97will be renamed to 98.Dq Pa .foo . 99By default, all files are made writable and readable by 100their owner. 101.\" don't allow group or world to write files and allow only owner 102.\" to read/execute/write .rhost, .Xauthority, .kermrc, .netrc, Mail, 103.\" prv, iscreen, term. 104.It Fl encryption Ns No , Fl e Ar method 105Encrypt local passwords using 106.Ar method 107of encryption as described in 108.Xr passwd.conf 5 . 109.It Fl group Ar login_group 110Specify the default login group. 111A value of 112.Ar USER 113means that the username is to be used as the login group. 114.It Xo 115.Fl help Ns No , 116.Fl h Ns No , Fl ? 117.Xc 118Print a summary of options and exit. 119.It Fl home Ar partition 120Specify the default home partition where all users' home directories 121are to be located. 122.It Fl message Ar file 123Send new users a welcome message from 124.Ar file . 125Specifying a value of 126.Dq no 127for 128.Ar file 129causes no message to be sent to new users. 130.It Fl noconfig 131Do not read the default configuration file. 132.It Fl shell Ar shell 133Specify the default shell for new users. 134.It Xo 135.Fl silent Ns No , Fl s Ns No , 136.Fl quiet Ns No , Fl q 137.Xc 138Causes the program to print fewer warnings, questions, and bug reports. 139.It Fl uid_start Ar uid 140Use UIDs from 141.Ar uid 142up when automatically generating UIDs. 143.It Fl uid_end Ar uid 144Do not use UIDs higher than 145.Ar uid 146when generating UIDs. 147.It Fl unencrypted 148Causes the program to assume that the password given in batch mode is 149unencrypted. 150The password will be encrypted before it's added to the password file. 151Use of this option will leave username and cleartext password displayable 152for any user. 153.It Fl verbose Ns No , Fl v 154Causes the program to print many warnings and questions. 155This option is recommended for novice users. 156.El 157.Pp 158.Nm adduser 159first performs consistency checks on the password, group, and shell databases. 160This includes finding any duplicate user or group names, illegal shells, or 161shells that aren't executable. 162Once these tests are passed, 163.Nm 164performs the following operations for each new user: 165.Bl -enum -offset indent 166.It 167Add the appropriate entries to the password and group files and re-generate 168the password database using 169.Xr pwd_mkdb 8 . 170.It 171Create a home directory and copy all files from the skeletal 172login directory (normally 173.Pa /etc/skel ) 174to this new directory. 175Files named in the fashion of 176.Dq Pa dot.foo 177will be renamed to 178.Dq Pa .foo 179int the new directory. 180.It 181Mails the new user a welcome message at the discretion of the account creator. 182.El 183.Pp 184Similarly, when removing a user, 185.Nm rmuser 186performs the following operations for the given 187.Ar username : 188.Bl -enum -offset indent 189.It 190Removes any 191.Xr crontab 1 192entries or 193.Xr at 1 194jobs belonging to the user. 195.It 196Removes the user from the password database and all groups in the group 197database. 198If a group becomes empty and its name is the same as the username, 199the group is removed (this complements 200.Nm adduser Ns No 's 201unique per-user groups). 202.It 203Recursively deletes all files in the user's home directory and removes the 204directory itself (provided the directory actually belongs to the user). 205.Nm rmuser 206prompts for confirmation before actually doing this. 207.It 208Removes the user's incoming mail file if one exists. 209.El 210.Pp 211Understandably, 212.Nm rmuser 213politely refuses to remove users whose UID is 0 (typically root). 214.Sh RESTRICTIONS 215.Bl -tag -width Ds 216.It Sy username 217Login names should contain only lowercase characters or digits. 218They should be no longer than 31 characters (see BUGS section of 219.Xr setlogin 2 ) . 220.\" The reasons for this limit are "Historical". 221.\" Given that people have traditionally wanted to break this 222.\" limit for aesthetic reasons, it's never been of great importance to break 223.\" such a basic fundamental parameter in UNIX. 224.\" You can change UT_NAMESIZE in /usr/include/utmp.h and recompile the 225.\" world; people have done this and it works, but you will have problems 226.\" with any precompiled programs, or source that assumes the 8-character 227.\" name limit and NIS. The NIS protocol mandates an 8-character username. 228If you need a longer login name for e-mail addresses, 229you can define an alias in 230.Pa /etc/mail/aliases . 231.It Sy fullname 232This should contain the user's first name and surname. 233The 234.Ql \&: 235is not permitted. 236.It Sy shell 237Only valid entries from the 238.Xr shells 5 239database or entries corresponding to 240.Xr sliplogin 8 241and 242.Xr pppd 8 243are permitted. 244.It Sy uid_start 245This value is the start of the range where free UID values are 246searched for. 247This value must be less than the value of uid_end. 248The default value is 1000 or as configured in the configuration file. 249.It Sy uid_end 250This value is the end of the range where free UID values are 251searched for. 252This value must be more than the value of uid_start. 253The default value is 2147483647 or as configured in the configuration file. 254.It Sy gid/login group 255This value is generated automatically, but can be specified at the 256discretion of the person invoking the program. 257.It Sy password 258If not empty, the password is encrypted according to 259.Xr passwd.conf 5 . 260If empty, the account will be automatically disabled to prevent spurious 261access to it. 262.El 263.\" .Sh UNIQUE GROUP 264.\" Perhaps you're missing what *can* be done with this scheme that falls apart 265.\" with most other schemes. With each user in his/her own group the user can 266.\" safely run with a umask of 002 and have files created in their home 267.\" directory and not worry about others being able to read them. 268.\" 269.\" For a shared area you create a separate uid/gid (like cvs or ncvs on 270.\" freefall) you place each person that should be able to access this area 271.\" into that new group. 272.\" 273.\" This model of uid/gid administration allows far greater flexibility than 274.\" lumping users into groups and having to muck with the umask when working 275.\" in a shared area. 276.\" 277.\" I have been using this model for almost 10 years and found that it works 278.\" for most situations, and has never gotten in the way. (Rod Grimes) 279.Sh CONFIGURATION 280.Nm 281follows these steps to extract its configuration 282information: 283.Pp 284.Bl -tag -width Ds -compact 285.It Sy 1. 286Read internal variables. 287.It Sy 2. 288Read configuration file 289.Po Ns Pa /etc/adduser.conf 290.Pc . 291.It Sy 3. 292Parse command-line options. 293.El 294.Pp 295The 296.Em adduser.conf 297format is explained within that file and is quite straightforward. 298.\" .Sh FORMAT 299.\" .Bl -tag -width Ds -compact 300.\" .Ql Pa # 301.\" is a comment. 302.\" .P 303.\" .It Sy config file 304.\" .Nm adduser 305.\" reads and writes this file. 306.\" See /etc/adduser.conf for more details. 307.\" .It Sy message file 308.\" Eval variables in this file. See /etc/adduser.message for more 309.\" details. 310.\" .El 311.Sh EXAMPLES 312# adduser 313.Pp 314Start 315.Nm 316in interactive mode. 317.Pp 318# adduser -batch falken guest,staff,beer 'Prof. Falken' joshua 319.Pp 320Create user 321.Dq falken 322and 323login group 324.Dq falken . 325Invite user 326.Dq falken 327into groups 328.Dq guest , 329.Dq staff , 330and 331.Dq beer . 332Realname (fullname) 333is 334.Dq Prof. Falken . 335Password is 336.Dq joshua 337(don't use such a password!). 338Send user falken 339a welcome message. 340.Pp 341# adduser -uid_start 5000 -group guest -message no -batch vehlefanz 342.Pp 343Create user 344.Dq vehlefanz 345in login group 346.Dq guest . 347Start the free UID search at 5000. 348No other groups, no realname, no password. 349Do not send a welcome message. 350.Sh FILES 351.Bl -tag -width /etc/adduser.messageX -compact 352.It Pa /etc/master.passwd 353user database 354.It Pa /etc/group 355group database 356.It Pa /etc/shells 357shell database 358.It Pa /etc/ptmp 359lock file for the passwd database 360.It Pa /etc/adduser.conf 361configuration file for 362.Nm adduser 363.It Pa /etc/adduser.message 364message file for 365.Nm 366.It Pa /etc/skel 367skeletal login directory 368.It Pa /var/log/adduser 369log file for 370.Nm 371.El 372.Sh SEE ALSO 373.Xr chpass 1 , 374.Xr finger 1 , 375.Xr passwd 1 , 376.Xr setlogin 2 , 377.Xr aliases 5 , 378.Xr group 5 , 379.Xr passwd 5 , 380.Xr passwd.conf 5 , 381.Xr shells 5 , 382.Xr nologin 8 , 383.Xr pwd_mkdb 8 , 384.Xr vipw 8 , 385.Xr yp 8 386