shadow/man/useradd.8.xml
Masatake YAMATO 62d99ee3fc man (useradd): add a note about -r option and /etc/subuid and subgid
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
2022-07-15 09:42:21 +02:00

902 lines
30 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!--
SPDX-FileCopyrightText: 1991 - 1994, Julianne Frances Haugh
SPDX-FileCopyrightText: 2007 - 2011, Nicolas François
SPDX-License-Identifier: BSD-3-Clause
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
<!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
<!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
<!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
<!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
<!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
<!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
<!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
<!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
<!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
<!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
<!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
<!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
<!-- SHADOW-CONFIG-HERE -->
]>
<refentry id='useradd.8'>
<!-- $Id$ -->
<refentryinfo>
<author>
<firstname>Julianne Frances</firstname>
<surname>Haugh</surname>
<contrib>Creation, 1991</contrib>
</author>
<author>
<firstname>Thomas</firstname>
<surname>Kłoczko</surname>
<email>kloczek@pld.org.pl</email>
<contrib>shadow-utils maintainer, 2000 - 2007</contrib>
</author>
<author>
<firstname>Nicolas</firstname>
<surname>François</surname>
<email>nicolas.francois@centraliens.net</email>
<contrib>shadow-utils maintainer, 2007 - now</contrib>
</author>
</refentryinfo>
<refmeta>
<refentrytitle>useradd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
<refmiscinfo class="source">shadow-utils</refmiscinfo>
<refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>useradd</refname>
<refpurpose>create a new user or update default new user information</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>useradd</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
<arg choice='plain'><replaceable>LOGIN</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>useradd</command>
<arg choice='plain'>-D </arg>
</cmdsynopsis>
<cmdsynopsis>
<command>useradd</command>
<arg choice='plain'>-D </arg>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
When invoked without the <option>-D</option> option, the
<command>useradd</command> command creates a new user account using
the values specified on the command line plus the default values from
the system. Depending on command line options, the
<command>useradd</command> command
will update system files and may also create the new user's home
directory and copy initial files.
</para>
<para>
By default, a group will also be created for the new user (see
<option>-g</option>, <option>-N</option>, <option>-U</option>, and
<option>USERGROUPS_ENAB</option>).
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>The options which apply to the <command>useradd</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>--badname</option>&nbsp;
</term>
<listitem>
<para>
Allow names that do not conform to standards.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-b</option>, <option>--base-dir</option>&nbsp;<replaceable>BASE_DIR</replaceable>
</term>
<listitem>
<para>
The default base directory for the system if
<option>-d</option>&nbsp;<replaceable>HOME_DIR</replaceable>
is not specified. <replaceable>BASE_DIR</replaceable> is
concatenated with the account name to define the home
directory.
</para>
<para>
If this option is not specified, <command>useradd</command>
will use the base directory specified by the
<option>HOME</option> variable in
<filename>/etc/default/useradd</filename>, or
<filename>/home</filename> by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-c</option>, <option>--comment</option>&nbsp;<replaceable>COMMENT</replaceable>
</term>
<listitem>
<para>
Any text string. It is generally a short description of the
account, and is currently used as the field for the user's full
name.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-d</option>, <option>--home-dir</option>&nbsp;<replaceable>HOME_DIR</replaceable>
</term>
<listitem>
<para>
The new user will be created using
<replaceable>HOME_DIR</replaceable> as the value for the
user's login directory. The default is to append the
<replaceable>LOGIN</replaceable> name to
<replaceable>BASE_DIR</replaceable> and use that as the
login directory name. If the directory
<replaceable>HOME_DIR</replaceable> does not exist, then
it will be created unless the <option>-M</option> option
is specified.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-D</option>, <option>--defaults</option>
</term>
<listitem>
<para>
See below, the subsection "Changing the default values".
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-e</option>, <option>--expiredate</option>&nbsp;<replaceable>EXPIRE_DATE</replaceable>
</term>
<listitem>
<para>
The date on which the user account will be disabled. The date is
specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
</para>
<para>
If not specified, <command>useradd</command> will use the
default expiry date specified by the <option>EXPIRE</option>
variable in <filename>/etc/default/useradd</filename>, or
an empty string (no expiry) by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-f</option>, <option>--inactive</option>&nbsp;<replaceable>INACTIVE</replaceable>
</term>
<listitem>
<para>
defines the number of days after the password exceeded its maximum
age where the user is expected to replace this password. The value
is stored in the shadow password file. An input of 0 will disable an
expired password with no delay. An input of -1 will blank the
respective field in the shadow password file. See <citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>for more information.
</para>
<para>
If not specified, <command>useradd</command> will use the
default inactivity period specified by the
<option>INACTIVE</option> variable in
<filename>/etc/default/useradd</filename>, or -1 by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option>, <option>--gid</option>&nbsp;<replaceable>GROUP</replaceable>
</term>
<listitem>
<para>
The name or the number of the user's primary group. The
group name must exist. A group number must refer to an already
existing group.
</para>
<para>
If not specified, the behavior of <command>useradd</command>
will depend on the <option>USERGROUPS_ENAB</option> variable
in <filename>/etc/login.defs</filename>. If this variable is
set to <replaceable>yes</replaceable> (or
<option>-U/--user-group</option> is specified on the command
line), a group will be created for the user, with the same
name as her loginname. If the variable is set to
<replaceable>no</replaceable> (or
<option>-N/--no-user-group</option> is specified on the
command line), useradd will set the primary group of the new
user to the value specified by the <option>GROUP</option>
variable in <filename>/etc/default/useradd</filename>, or
100 by default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-G</option>, <option>--groups</option>&nbsp;<replaceable>GROUP1</replaceable>[<emphasis remap='I'>,GROUP2,...</emphasis>[<emphasis remap='I'>,GROUPN</emphasis>]]]
</term>
<listitem>
<para>
A list of supplementary groups which the user is also a member
of. Each group is separated from the next by a comma, with no
intervening whitespace. The groups are subject to the same
restrictions as the group given with the <option>-g</option>
option. The default is for the user to belong only to the
initial group.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>, <option>--help</option></term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-k</option>, <option>--skel</option>&nbsp;<replaceable>SKEL_DIR</replaceable>
</term>
<listitem>
<para>
The skeleton directory, which contains files and directories
to be copied in the user's home directory, when the home
directory is created by <command>useradd</command>.
</para>
<para>
This option is only valid if the <option>-m</option> (or
<option>--create-home</option>) option is specified.
</para>
<para>
If this option is not set, the skeleton directory is defined
by the <option>SKEL</option> variable in
<filename>/etc/default/useradd</filename> or, by default,
<filename>/etc/skel</filename>.
</para>
<para>
If possible, the ACLs and extended attributes are copied.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable>
</term>
<listitem>
<para>
Overrides <filename>/etc/login.defs</filename> defaults
(<option>UID_MIN</option>, <option>UID_MAX</option>,
<option>UMASK</option>, <option>PASS_MAX_DAYS</option>
and others).
</para>
<para>
Example:
<option>-K</option>&nbsp;<replaceable>PASS_MAX_DAYS
</replaceable>=<replaceable>-1</replaceable> can be used
when creating an account to turn off password aging.
Multiple <option>-K</option> options can be specified,
e.g.:
<option>-K</option>&nbsp;<replaceable>UID_MIN</replaceable>
=<replaceable>100</replaceable>&nbsp;<option>-K</option>&nbsp;
<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
</para>
<!--para>
Note: <option>-K</option>&nbsp;<replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
doesn't work yet.
</para-->
</listitem>
</varlistentry>
<varlistentry>
<term><option>-l</option>, <option>--no-log-init</option></term>
<listitem>
<para>
Do not add the user to the lastlog and faillog databases.
</para>
<para>
By default, the user's entries in the lastlog and faillog
databases are reset to avoid reusing the entry from a previously
deleted user.
</para>
<para>
If this option is not specified, <command>useradd</command>
will also consult the variable <option>LOG_INIT</option> in
the <filename>/etc/default/useradd</filename> if set to no
the user will not be added to the lastlog and faillog databases.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-m</option>, <option>--create-home</option>
</term>
<listitem>
<para>
Create the user's home directory if it does not exist.
The files and directories contained in the skeleton directory
(which can be defined with the <option>-k</option> option)
will be copied to the home directory.
</para>
<para>
By default, if this option is not specified and
<option>CREATE_HOME</option> is not enabled, no home
directories are created.
</para>
<para>
The directory where the user's home directory is created must
exist and have proper SELinux context and permissions. Otherwise
the user's home directory cannot be created or accessed.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-M</option>, <option>--no-create-home</option>
</term>
<listitem>
<para>
Do not create the user's home directory, even if the system
wide setting from <filename>/etc/login.defs</filename>
(<option>CREATE_HOME</option>) is set to
<replaceable>yes</replaceable>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-N</option>, <option>--no-user-group</option>
</term>
<listitem>
<para>
Do not create a group with the same name as the user, but
add the user to the group specified by the <option>-g</option>
option or by the <option>GROUP</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
<para>
The default behavior (if the <option>-g</option>,
<option>-N</option>, and <option>-U</option> options are not
specified) is defined by the <option>USERGROUPS_ENAB</option>
variable in <filename>/etc/login.defs</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-o</option>, <option>--non-unique</option>
</term>
<listitem>
<para>
allows the creation of an account with an already existing
UID.
</para>
<para>
This option is only valid in combination with the
<option>-u</option> option. As a user identity
serves as
key to map between users on one hand and permissions, file
ownerships and other aspects that determine the system's
behavior on the other hand, more than one login name
will access the account of the given UID.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-p</option>, <option>--password</option>&nbsp;<replaceable>PASSWORD</replaceable>
</term>
<listitem>
<para>
defines an initial password for the account. PASSWORD is expected to
be encrypted, as returned by <citerefentry><refentrytitle>crypt
</refentrytitle><manvolnum>3</manvolnum></citerefentry>. Within a
shell script, this option allows to create efficiently
batches of users.
</para>
<para>
Without this option, the new account will be locked and
with no password defined, i.e. a single exclamation mark
in the respective field of
<filename>/etc/shadow</filename>. This is a state where the
user won't be able to access the account or to define a
password himself.
</para>
<para>
<emphasis role="bold">Note:</emphasis>Avoid this option on the command
line because the password (or encrypted password) will
be visible by users listing the processes.
</para>
<para>
You should make sure the password respects the system's
password policy.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-r</option>, <option>--system</option>
</term>
<listitem>
<para>
Create a system account.
</para>
<para>
System users will be created with no aging information in
<filename>/etc/shadow</filename>, and their numeric
identifiers are chosen in the
<option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option>
range, defined in <filename>/etc/login.defs</filename>, instead of
<option>UID_MIN</option>-<option>UID_MAX</option> (and their
<option>GID</option> counterparts for the creation of groups).
</para>
<para>
Note that <command>useradd</command> will not create a home
directory for such a user, regardless of the default setting
in <filename>/etc/login.defs</filename>
(<option>CREATE_HOME</option>). You have to specify the
<option>-m</option> options if you want a home directory for a
system account to be created.
</para>
<para>
Note that this option will not update <filename>/etc/subuid
</filename> and <filename>/etc/subgid</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-R</option>, <option>--root</option>&nbsp;<replaceable>CHROOT_DIR</replaceable>
</term>
<listitem>
<para>
Apply changes in the <replaceable>CHROOT_DIR</replaceable>
directory and use the configuration files from the
<replaceable>CHROOT_DIR</replaceable> directory.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
</term>
<listitem>
<para>
Apply changes to configuration files under the root filesystem
found under the directory <replaceable>PREFIX_DIR</replaceable>.
This option does not chroot and is intended for preparing a cross-compilation
target. Some limitations: NIS and LDAP users/groups are
not verified. PAM authentication is using the host files.
No SELINUX support.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>, <option>--shell</option>&nbsp;<replaceable>SHELL</replaceable>
</term>
<listitem>
<para>
sets the path to the user's login shell. Without this option,
the system will use the <option>SHELL</option> variable specified
in <filename>/etc/default/useradd</filename>, or, if that is as
well not set, the field for the login shell in <filename>/etc/passwd
</filename>remains empty.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u</option>, <option>--uid</option>&nbsp;<replaceable>UID</replaceable>
</term>
<listitem>
<para>
The numerical value of the user's ID. This value must be unique,
unless the <option>-o</option> option is used. The value must be
non-negative. The default is to use the smallest ID value
greater than or equal to <option>UID_MIN</option> and greater
than every other user.
</para>
<para>
See also the <option>-r</option> option and the
<option>UID_MAX</option> description.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-U</option>, <option>--user-group</option>
</term>
<listitem>
<para>
Create a group with the same name as the user, and
add the user to this group.
</para>
<para>
The default behavior (if the <option>-g</option>,
<option>-N</option>, and <option>-U</option> options are not
specified) is defined by the <option>USERGROUPS_ENAB</option>
variable in <filename>/etc/login.defs</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-Z</option>, <option>--selinux-user</option>&nbsp;<replaceable>SEUSER</replaceable>
</term>
<listitem>
<para>
defines the SELinux user for the new account. Without this
option, a SELinux uses the default user. Note that the
shadow system doesn't store the selinux-user, it uses
<citerefentry><refentrytitle>semanage</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> for that.
</para>
</listitem>
</varlistentry>
</variablelist>
<refsect2 id='changing_the_default_values'>
<title>Changing the default values</title>
<para>
When invoked with only the <option>-D</option> option,
<command>useradd</command> will display the current default values.
When invoked with <option>-D</option> plus other options,
<command>useradd</command> will update the default values for the
specified options. Valid default-changing options are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-b</option>, <option>--base-dir</option>&nbsp;<replaceable>BASE_DIR</replaceable>
</term>
<listitem>
<para>
sets the path prefix for a new user's home directory. The
user's name will be affixed to the end of
<replaceable>BASE_DIR</replaceable> to form the new user's
home directory name, if the <option>-d</option> option is not used
when creating a new account.
</para>
<para>
This option sets the <option>HOME</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-e</option>, <option>--expiredate</option>&nbsp;<replaceable>EXPIRE_DATE</replaceable>
</term>
<listitem>
<para>sets the date on which newly created user accounts are disabled.</para>
<para>
This option sets the <option>EXPIRE</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-f</option>, <option>--inactive</option>&nbsp;<replaceable>INACTIVE</replaceable>
</term>
<listitem>
<para>
defines the number of days after the password exceeded its maximum
age where the user is expected to replace this password. See <citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>for more information.
</para>
<para>
This option sets the <option>INACTIVE</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option>, <option>--gid</option>&nbsp;<replaceable>GROUP</replaceable>
</term>
<listitem>
<para>sets the default primary group for newly created users,
accepting group names or a numerical group ID. The named
group must exist, and the GID must have an
existing entry.
</para>
<para>
This option sets the <option>GROUP</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>, <option>--shell</option>&nbsp;<replaceable>SHELL</replaceable>
</term>
<listitem>
<para>
defines the default login shell for new users.
</para>
<para>
This option sets the <option>SHELL</option> variable in
<filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect2>
</refsect1>
<refsect1 id='notes'>
<title>NOTES</title>
<para>The system administrator is responsible for placing the default
user files in the <filename>/etc/skel/</filename> directory (or any
other skeleton directory specified in
<filename>/etc/default/useradd</filename> or on the command line).
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
You may not add a user to a NIS or LDAP group. This must be
performed on the corresponding server.
</para>
<para>
Similarly, if the username already exists in an external user
database such as NIS or LDAP, <command>useradd</command> will deny
the user account creation request.
</para>
<para>
Usernames must start with a lower case letter or an underscore,
followed by lower case letters, digits, underscores, or dashes.
They can end with a dollar sign.
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
</para>
<para>
Usernames may only be up to 32 characters long.
</para>
</refsect1>
<refsect1 id='configuration'>
<title>CONFIGURATION</title>
<para>
The following configuration variables in
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<variablelist>
&CREATE_HOME;
&GID_MAX; <!-- documents also GID_MIN -->
&HOME_MODE;
&LASTLOG_UID_MAX;
&MAIL_DIR;
&MAX_MEMBERS_PER_GROUP;
&PASS_MAX_DAYS;
&PASS_MIN_DAYS;
&PASS_WARN_AGE;
&SUB_GID_COUNT; <!-- documents also SUB_GID_MAX and SUB_GID_MIN -->
&SUB_UID_COUNT; <!-- documents also SUB_UID_MAX and SUB_UID_MIN -->
&SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
&SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
&TCB_AUTH_GROUP;
&TCB_SYMLINKS;
&UID_MAX; <!-- documents also UID_MIN -->
&UMASK;
&USE_TCB;
&USERGROUPS_ENAB;
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>User account information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>Secure user account information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>Group account information.</para>
</listitem>
</varlistentry>
<varlistentry condition="gshadow">
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>Secure group account information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/default/useradd</filename></term>
<listitem>
<para>Default values for account creation.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow-maint/useradd-pre.d/*</filename>, <filename>/etc/shadow-maint/useradd-post.d/*</filename></term>
<listitem>
<para>Run-part files to execute during user addition. The environment variable <command>ACTION</command> will be populated with useradd and <command>SUBJECT</command> with the <command>username</command>. <filename>useradd-pre.d</filename> will be executed prior to any user addition. <filename>useradd-post.d</filename> will execute after user addition. If a script exits non-zero then execution will terminate.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/skel/</filename></term>
<listitem>
<para>Directory containing default files.</para>
</listitem>
</varlistentry>
<varlistentry condition="subids">
<term><filename>/etc/subgid</filename></term>
<listitem>
<para>Per user subordinate group IDs.</para>
</listitem>
</varlistentry>
<varlistentry condition="subids">
<term><filename>/etc/subuid</filename></term>
<listitem>
<para>Per user subordinate user IDs.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>Shadow password suite configuration.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>useradd</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>1</replaceable></term>
<listitem>
<para>can't update password file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>3</replaceable></term>
<listitem>
<para>invalid argument to option</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>4</replaceable></term>
<listitem>
<para>UID already in use (and no <option>-o</option>)</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>6</replaceable></term>
<listitem>
<para>specified group doesn't exist</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>9</replaceable></term>
<listitem>
<para>username already in use</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>10</replaceable></term>
<listitem>
<para>can't update group file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>12</replaceable></term>
<listitem>
<para>can't create home directory</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>14</replaceable></term>
<listitem>
<para>can't update SELinux user mapping</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>newusers</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<phrase condition="subids">
<citerefentry>
<refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
</phrase>
<citerefentry>
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>