1.\" $OpenBSD: adduser.8,v 1.23 2001/07/20 19:09:46 mpech Exp $ 2.\" 3.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $From: adduser.8,v 1.12 1996/08/28 17:54:13 adam Exp $ 28.Dd July 8, 1999 29.Dt ADDUSER 8 30.Os 31.Sh NAME 32.Nm adduser , 33.Nm rmuser 34.Nd add and delete users from the system 35.Sh SYNOPSIS 36.Nm adduser 37.Oo Fl batch Ar username 38.Oo Ar group Ns Op , Ns Ar group 39.Ar ... 40.Oc 41.Op Ar fullname 42.Op Ar password 43.Oc 44.Op Fl check_only 45.Op Fl config_create 46.Op Fl dotdir Ar directory 47.Oo 48.Fl e 49.Ar method No \&| Fl encrypt_method Ar method 50.Oc 51.Op Fl group Ar login_group 52.Op Fl h | help | ? 53.Op Fl home Ar partition 54.Op Fl message Ar file 55.Op Fl noconfig 56.Op Fl shell Ar shell 57.Op Fl s | silent | q | quiet 58.Op Fl uid Ar uid 59.Op Fl uid_start Ar uid 60.Op Fl uid_end Ar uid 61.Op Fl v | verbose 62.Op Fl unencrypted 63.Pp 64.Nm rmuser Op Ar username 65.Sh DESCRIPTION 66The 67.Nm adduser 68program adds new users to the system. 69The 70.Nm rmuser 71program removes users from the system. 72When not passed any arguments, both 73utilities operate in interactive mode and prompt for any required information. 74.Pp 75The options are as follows: 76.Bl -tag -width Ds 77.It Xo Fl batch Ar username 78.Oo Ar group Ns Op , Ns Ar group 79.Ar ... Oc 80.Op Ar fullname 81.Op Ar password 82.Xc 83Enter batch mode in which multiple users are specified on the command-line 84in a compact format. 85By default the password is assumed to already be properly encrypted. 86.It Fl check_only 87Check the passwd, group, and shells databases for consistency and problems 88then exit without performing any other operation. 89.It Fl config_create 90Create or edit default configuration information and message file before 91proceeding with the normal interactive adduser procedure. 92.It Fl dotdir Ar directory 93Copy files from 94.Ar directory 95into the HOME directory of new users. 96Files named in the fashion of 97.Dq Pa dot.foo 98will be renamed to 99.Dq Pa .foo . 100By default, all files are made writable and readable by 101their owner. 102.\" don't allow group or world to write files and allow only owner 103.\" to read/execute/write .rhost, .Xauthority, .kermrc, .netrc, Mail, 104.\" prv, iscreen, term. 105.It Fl encrypt Ns No , Fl e Ar method 106Encrypt local passwords using 107.Ar method 108of encryption as described in 109.Xr passwd.conf 5 . 110.It Fl group Ar login_group 111Specify the default login group. 112A value of 113.Ar USER 114means that the username is to be used as the login group. 115.It Xo 116.Fl help Ns No , 117.Fl h Ns No , Fl ? 118.Xc 119Print a summary of options and exit. 120.It Fl home Ar partition 121Specify the default home partition where all users' home directories 122are to be located. 123.It Fl message Ar file 124Send new users a welcome message from 125.Ar file . 126Specifying a value of 127.Dq no 128for 129.Ar file 130causes no message to be sent to new users. 131.It Fl noconfig 132Do not read the default configuration file. 133.It Fl shell Ar shell 134Specify the default shell for new users. 135.It Xo 136.Fl silent Ns No , Fl s Ns No , 137.Fl quiet Ns No , Fl q 138.Xc 139Causes the program to print fewer warnings, questions, and bug reports. 140.It Fl uid Ar uid 141Use UIDs from 142.Ar uid 143up when automatically generating UIDs. 144.It Fl unencrypted 145Causes the program to assume that the password given in batch mode is 146unencrypted. 147The password will be encrypted before it's added to the password file. 148Use of this option will leave username and cleartext password displayable 149for any user. 150.It Fl verbose Ns No , Fl v 151Causes the program to print many warnings and questions. 152This option is recommended for novice users. 153.El 154.Pp 155.Nm adduser 156first performs consistency checks on the password, group, and shell databases. 157This includes finding any duplicate user or group names, illegal shells, or 158shells that aren't executable. 159Once these tests are passed, 160.Nm 161performs the following operations for each new user: 162.Bl -enum -offset indent 163.It 164Add the appropriate entries to the password and group files and re-generate 165the password database using 166.Xr pwd_mkdb 8 . 167.It 168Create a home directory and copy all 169.Pa dot.* 170files from the skeletal login directory (normally 171.Pa /etc/skel ) 172to this new directory. 173.It 174Mails the new user a welcome message at the discretion of the account creator. 175.El 176.Pp 177Similarly, when removing a user, 178.Nm rmuser 179performs the following operations for the given 180.Ar username : 181.Bl -enum -offset indent 182.It 183Removes any 184.Xr crontab 1 185entries or 186.Xr at 1 187jobs belonging to the user. 188.It 189Removes the user from the password database and all groups in the group 190database. 191If a group becomes empty and its name is the same as the username, 192the group is removed (this complements 193.Nm adduser Ns No 's 194unique per-user groups). 195.It 196Recursively deletes all files in the user's home directory and removes the 197directory itself (provided the directory actually belongs to the user). 198.Nm rmuser 199prompts for confirmation before actually doing this. 200.It 201Removes the user's incoming mail file if one exists. 202.El 203.Pp 204Understandably, 205.Nm rmuser 206politely refuses to remove users whose UID is 0 (typically root). 207.Sh RESTRICTIONS 208.Bl -tag -width Ds 209.It Sy username 210Login names should contain only lowercase characters or digits. 211They should be no longer than 31 characters (see BUGS section of 212.Xr setlogin 2 ) . 213.\" The reasons for this limit are "Historical". 214.\" Given that people have traditionally wanted to break this 215.\" limit for aesthetic reasons, it's never been of great importance to break 216.\" such a basic fundamental parameter in UNIX. 217.\" You can change UT_NAMESIZE in /usr/include/utmp.h and recompile the 218.\" world; people have done this and it works, but you will have problems 219.\" with any precompiled programs, or source that assumes the 8-character 220.\" name limit and NIS. The NIS protocol mandates an 8-character username. 221If you need a longer login name for e-mail addresses, 222you can define an alias in 223.Pa /etc/mail/aliases . 224.It Sy fullname 225This should contain the user's first name and surname. 226The 227.Ql \&: 228is not permitted. 229.It Sy shell 230Only valid entries from the 231.Xr shells 5 232database or entries corresponding to 233.Xr sliplogin 8 234and 235.Xr pppd 8 236are permitted. 237.It Sy uid_start 238This value is the start of the range where free UID values are 239searched for. 240This value must be less than the value of uid_end. 241The default value is 1000 or as configured in the configuration file. 242.It Sy uid_end 243This value is the end of the range where free UID values are 244searched for. 245This value must be more than the value of uid_start. 246The default value is 2147483647 or as configured in the configuration file. 247.It Sy gid/login group 248This value is generated automatically, but can be specified at the 249discretion of the person invoking the program. 250.It Sy password 251If not empty, the password is encrypted according to 252.Xr passwd.conf 5 . 253If empty, the account will be automatically disabled to prevent spurious 254access to it. 255.El 256.\" .Sh UNIQUE GROUP 257.\" Perhaps you're missing what *can* be done with this scheme that falls apart 258.\" with most other schemes. With each user in his/her own group the user can 259.\" safely run with a umask of 002 and have files created in their home 260.\" directory and not worry about others being able to read them. 261.\" 262.\" For a shared area you create a separate uid/gid (like cvs or ncvs on 263.\" freefall) you place each person that should be able to access this area 264.\" into that new group. 265.\" 266.\" This model of uid/gid administration allows far greater flexibility than 267.\" lumping users into groups and having to muck with the umask when working 268.\" in a shared area. 269.\" 270.\" I have been using this model for almost 10 years and found that it works 271.\" for most situations, and has never gotten in the way. (Rod Grimes) 272.Sh CONFIGURATION 273.Nm 274follows these steps to extract its configuration 275information: 276.Pp 277.Bl -tag -width Ds -compact 278.It Sy 1. 279Read internal variables. 280.It Sy 2. 281Read configuration file 282.Po Ns Pa /etc/adduser.conf 283.Pc . 284.It Sy 3. 285Parse command-line options. 286.El 287.Pp 288The 289.Xr adduser.conf 5 290format is explained within that file and is quite straightforward. 291.\" .Sh FORMAT 292.\" .Bl -tag -width Ds -compact 293.\" .Ql Pa # 294.\" is a comment. 295.\" .P 296.\" .It Sy config file 297.\" .Nm adduser 298.\" reads and writes this file. 299.\" See /etc/adduser.conf for more details. 300.\" .It Sy message file 301.\" Eval variables in this file. See /etc/adduser.message for more 302.\" details. 303.\" .El 304.Sh EXAMPLES 305# adduser 306.Pp 307Start 308.Nm 309in interactive mode. 310.Pp 311# adduser -batch falken guest,staff,beer 'Prof. Falken' joshua 312.Pp 313Create user 314.Dq falken 315and 316login group 317.Dq falken . 318Invite user 319.Dq falken 320into groups 321.Dq guest , 322.Dq staff , 323and 324.Dq beer . 325Realname (fullname) 326is 327.Dq Prof. Falken . 328Password is 329.Dq joshua 330(don't use such a password!). 331Send user falken 332a welcome message. 333.Pp 334# adduser -uid_start 5000 -group guest -message no -batch vehlefanz 335.Pp 336Create user 337.Dq vehlefanz 338in login group 339.Dq guest . 340Start the free UID search at 5000. 341No other groups, no realname, no password. 342Do not send a welcome message. 343.Sh FILES 344.Bl -tag -width /etc/adduser.messageX -compact 345.It Pa /etc/master.passwd 346user database 347.It Pa /etc/group 348group database 349.It Pa /etc/shells 350shell database 351.It Pa /etc/adduser.conf 352configuration file for 353.Nm adduser 354.It Pa /etc/adduser.message 355message file for 356.Nm 357.It Pa /etc/skel 358skeletal login directory 359.It Pa /var/log/adduser 360log file for 361.Nm 362.El 363.Sh SEE ALSO 364.Xr chpass 1 , 365.Xr finger 1 , 366.Xr passwd 1 , 367.Xr setlogin 2 , 368.Xr aliases 5 , 369.Xr group 5 , 370.Xr passwd 5 , 371.Xr passwd.conf 5 , 372.Xr shells 5 , 373.Xr nologin 8 , 374.Xr pwd_mkdb 8 , 375.Xr vipw 8 , 376.Xr yp 8 377