1.\" $OpenBSD: adduser.8,v 1.33 2003/06/21 21:47:34 jmc Exp $ 2.\" 3.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $From: adduser.8,v 1.12 1996/08/28 17:54:13 adam Exp $ 28.Dd July 8, 1999 29.Dt ADDUSER 8 30.Os 31.Sh NAME 32.Nm adduser , 33.Nm rmuser 34.Nd add and delete users from the system 35.Sh SYNOPSIS 36.Nm adduser 37.Bk -words 38.Oo Fl batch Ar username 39.Oo Ar group Ns Op , Ns Ar group 40.Ar ... 41.Oc 42.Op Ar fullname 43.Op Ar password 44.Oc 45.Op Fl check_only 46.Op Fl class Ar login_class 47.Op Fl config_create 48.Op Fl dotdir Ar directory 49.Oo 50.Fl e 51.Ar method No \&| Fl encryption Ar method 52.Oc 53.Op Fl group Ar login_group 54.Op Fl h | help | ? 55.Op Fl home Ar partition 56.Op Fl message Ar file 57.Op Fl noconfig 58.Op Fl shell Ar shell 59.Op Fl s | silent | q | quiet 60.Op Fl uid_start Ar uid 61.Op Fl uid_end Ar uid 62.Op Fl v | verbose 63.Op Fl unencrypted 64.Ek 65.Pp 66.Nm rmuser 67.Op Ar username 68.Sh DESCRIPTION 69The 70.Nm adduser 71program adds new users to the system. 72The 73.Nm rmuser 74program removes users from the system. 75When not passed any arguments, both 76utilities operate in interactive mode and prompt for any required information. 77.Pp 78The options are as follows: 79.Bl -tag -width Ds 80.It Xo Fl batch Ar username 81.Oo Ar group Ns Op , Ns Ar group 82.Ar ... Oc 83.Op Ar fullname 84.Op Ar password 85.Xc 86Enter batch mode in which multiple users are specified on the command-line 87in a compact format. 88By default the password is assumed to already be properly encrypted. 89.It Fl check_only 90Check the passwd, group, and shells databases for consistency and problems 91then exit without performing any other operation. 92.It Fl class Ar login_class 93Use the specified 94.Ar login_class 95as the default user login class. 96See 97.Xr login.conf 5 98for further details. 99.It Fl config_create 100Create or edit default configuration information and message file before 101proceeding with the normal interactive adduser procedure. 102.It Fl dotdir Ar directory 103Copy files from 104.Ar directory 105into the HOME directory of new users. 106Files named in the fashion of 107.Dq Pa dot.foo 108will be renamed to 109.Dq Pa .foo . 110By default, all files are made writable and readable by 111their owner. 112.\" don't allow group or world to write files and allow only owner 113.\" to read/execute/write .rhost, .Xauthority, .kermrc, .netrc, Mail, 114.\" prv, iscreen, term. 115.It Fl encryption Ns No , Fl e Ar method 116Encrypt local passwords using 117.Ar method 118of encryption as described in 119.Xr login.conf 5 . 120If 121.Ar method 122is 123.Dq auto , 124the encryption type will be derived from the user's login class. 125.It Fl group Ar login_group 126Specify the default login group. 127A value of 128.Ar USER 129means that the username is to be used as the login group. 130.It Xo 131.Fl help Ns No , 132.Fl h Ns No , Fl ? 133.Xc 134Print a summary of options and exit. 135.It Fl home Ar partition 136Specify the default home partition where all users' home directories 137are to be located. 138.It Fl message Ar file 139Send new users a welcome message from 140.Ar file . 141Specifying a value of 142.Dq no 143for 144.Ar file 145causes no message to be sent to new users. 146.It Fl noconfig 147Do not read the default configuration file. 148.It Fl shell Ar shell 149Specify the default shell for new users. 150.It Xo 151.Fl silent Ns No , Fl s Ns No , 152.Fl quiet Ns No , Fl q 153.Xc 154Causes the program to print fewer warnings, questions, and bug reports. 155.It Fl uid_start Ar uid 156Use UIDs from 157.Ar uid 158up when automatically generating UIDs. 159.It Fl uid_end Ar uid 160Do not use UIDs higher than 161.Ar uid 162when generating UIDs. 163.It Fl unencrypted 164Causes the program to assume that the password given in batch mode is 165unencrypted. 166The password will be encrypted before it's added to the password file. 167Use of this option will leave username and cleartext password displayable 168for any user. 169.It Fl verbose Ns No , Fl v 170Causes the program to print many warnings and questions. 171This option is recommended for novice users. 172.El 173.Pp 174.Nm adduser 175first performs consistency checks on the password, group, and shell databases. 176This includes finding any duplicate user or group names, illegal shells, or 177shells that aren't executable. 178Once these tests are passed, 179.Nm 180performs the following operations for each new user: 181.Bl -enum -offset indent 182.It 183Add the appropriate entries to the password and group files and re-generate 184the password database using 185.Xr pwd_mkdb 8 . 186.It 187Create a home directory and copy all files from the skeletal 188login directory (normally 189.Pa /etc/skel ) 190to this new directory. 191Files named in the fashion of 192.Dq Pa dot.foo 193will be renamed to 194.Dq Pa .foo 195in the new directory. 196.It 197Mails the new user a welcome message at the discretion of the account creator. 198.El 199.Pp 200Similarly, when removing a user, 201.Nm rmuser 202performs the following operations for the given 203.Ar username : 204.Bl -enum -offset indent 205.It 206Removes any 207.Xr crontab 1 208entries or 209.Xr at 1 210jobs belonging to the user. 211.It 212Removes the user from the password database and all groups in the group 213database. 214If a group becomes empty and its name is the same as the username, 215the group is removed (this complements 216.Nm adduser Ns No 's 217unique per-user groups). 218.It 219Recursively deletes all files in the user's home directory and removes the 220directory itself (provided the directory actually belongs to the user). 221.Nm rmuser 222prompts for confirmation before actually doing this. 223.It 224Removes the user's incoming mail file if one exists. 225.El 226.Pp 227Understandably, 228.Nm rmuser 229politely refuses to remove users whose UID is 0 (typically root). 230.Sh RESTRICTIONS 231.Bl -tag -width Ds 232.It Sy username 233It is recommended that login names contain only lowercase characters 234and digits. 235They may also contain uppercase characters, non-leading hyphens, 236periods, and a trailing '$'. 237Login names may not be longer than 31 characters (see BUGS section of 238.Xr setlogin 2 ) . 239.\" The reasons for this limit are "Historical". 240.\" Given that people have traditionally wanted to break this 241.\" limit for aesthetic reasons, it's never been of great importance to break 242.\" such a basic fundamental parameter in UNIX. 243.\" You can change UT_NAMESIZE in /usr/include/utmp.h and recompile the 244.\" world; people have done this and it works, but you will have problems 245.\" with any precompiled programs, or source that assumes the 8-character 246.\" name limit and NIS. The NIS protocol mandates an 8-character username. 247If you need a longer login name for e-mail addresses, 248you can define an alias in 249.Pa /etc/mail/aliases . 250.It Sy fullname 251This should contain the user's first name and surname. 252The 253.Ql \&: 254is not permitted. 255.It Sy login_class 256The specified user login class 257must exist in 258.Pa /etc/login.conf . 259.It Sy shell 260Only valid entries from the 261.Xr shells 5 262database or entries corresponding to 263.Xr sliplogin 8 264and 265.Xr pppd 8 266are permitted. 267.It Sy uid_start 268This value is the start of the range where free UID values are 269searched for. 270This value must be less than the value of uid_end. 271The default value is 1000 or as configured in the configuration file. 272.It Sy uid_end 273This value is the end of the range where free UID values are 274searched for. 275This value must be more than the value of uid_start. 276The default value is 2147483647 or as configured in the configuration file. 277.It Sy gid/login group 278This value is generated automatically, but can be specified at the 279discretion of the person invoking the program. 280.It Sy password 281If not empty, the password is encrypted according to 282.Xr login.conf 5 . 283If empty, the account will be automatically disabled to prevent spurious 284access to it. 285.El 286.\" .Sh UNIQUE GROUP 287.\" Perhaps you're missing what *can* be done with this scheme that falls apart 288.\" with most other schemes. With each user in his/her own group the user can 289.\" safely run with a umask of 002 and have files created in their home 290.\" directory and not worry about others being able to read them. 291.\" 292.\" For a shared area you create a separate uid/gid (like cvs or ncvs on 293.\" freefall) you place each person that should be able to access this area 294.\" into that new group. 295.\" 296.\" This model of uid/gid administration allows far greater flexibility than 297.\" lumping users into groups and having to muck with the umask when working 298.\" in a shared area. 299.\" 300.\" I have been using this model for almost 10 years and found that it works 301.\" for most situations, and has never gotten in the way. (Rod Grimes) 302.Sh CONFIGURATION 303.Nm 304follows these steps to extract its configuration 305information: 306.Pp 307.Bl -enum -offset indent -compact 308.It 309Read internal variables. 310.It 311Read configuration file 312.Pq Pa /etc/adduser.conf . 313.It 314Parse command-line options. 315.El 316.Pp 317The 318.Em adduser.conf 319format is explained within that file and is quite straightforward. 320.\" .Sh FORMAT 321.\" .Bl -tag -width Ds -compact 322.\" .Ql Pa # 323.\" is a comment. 324.\" .P 325.\" .It Sy config file 326.\" .Nm adduser 327.\" reads and writes this file. 328.\" See /etc/adduser.conf for more details. 329.\" .It Sy message file 330.\" Eval variables in this file. See /etc/adduser.message for more 331.\" details. 332.\" .El 333.Sh FILES 334.Bl -tag -width /etc/adduser.messageX -compact 335.It Pa /etc/master.passwd 336user database 337.It Pa /etc/group 338group database 339.It Pa /etc/shells 340shell database 341.It Pa /etc/ptmp 342lock file for the passwd database 343.It Pa /etc/adduser.conf 344configuration file for 345.Nm adduser 346.It Pa /etc/adduser.message 347message file for 348.Nm 349.It Pa /etc/skel 350skeletal login directory 351.It Pa /var/log/adduser 352log file for 353.Nm 354.El 355.Sh EXAMPLES 356# adduser 357.Pp 358Start 359.Nm 360in interactive mode. 361.Pp 362# adduser -batch falken guest,staff,beer 'Prof. Falken' joshua 363.Pp 364Create user 365.Dq falken 366and 367login group 368.Dq falken . 369Invite user 370.Dq falken 371into groups 372.Dq guest , 373.Dq staff , 374and 375.Dq beer . 376Realname (fullname) 377is 378.Dq Prof. Falken . 379Password is 380.Dq joshua 381(don't use such a password!). 382Send user falken 383a welcome message. 384.Pp 385# adduser -uid_start 5000 -group guest -message no -batch vehlefanz 386.Pp 387Create user 388.Dq vehlefanz 389in login group 390.Dq guest . 391Start the free UID search at 5000. 392No other groups, no realname, no password. 393Do not send a welcome message. 394.Sh SEE ALSO 395.Xr chpass 1 , 396.Xr finger 1 , 397.Xr passwd 1 , 398.Xr setlogin 2 , 399.Xr aliases 5 , 400.Xr group 5 , 401.Xr login.conf 5 , 402.Xr passwd 5 , 403.Xr shells 5 , 404.Xr nologin 8 , 405.Xr pwd_mkdb 8 , 406.Xr vipw 8 , 407.Xr yp 8 408