In this tutorial, you will learn how to create a user on CentOS using the
useradd command. You also see several common and real world examples of user creation.
Instructions provided in this tutorial are compatible with the following versions of CentOS.
- CentOS 5
- CentOS 6
- CentOS 7
- CentOS 8
Creating a basic user
The most basic example of creating a new user in CentOS is to use the
useradd command on its own will not set a password for your newly created user. While the
-p flag can be used to set the password, it is strongly recommended that you do not use it. Password’s set from the command-line remain visible in a user’s history.
Instead, to set a password for the new user use the
passwd command. It is much more secure, as it does not leave a log in a user’s shell history.
useradd command above did not use any arguments to customize the new user, meaning defaults were applied. The default behaviour of the
useradd command is to:
- Create a new user
- Create a home directory in
- Create a user group with the name of the user
- Set the shell to default, which is bash
- Set the UID (User ID) to the next available ID, incrementing from 1000 for regular users.
The following is a list of common arguments that can be used to further customize a new user.
|A short description of the login, sometimes used for the user’s full name.|
|Create a home directory using the value set with this flag.|
|Number of days account will become disabled after a password expires. A value of |
|The group name or ID of the user’s initial login group. The group name must exist, and a group number must refer to an already existing group.|
|Create the user’s home directory, if it does not exist.|
|Do not create the user’s home directory.|
|Create a system account. |
System users will be created with no aging information in
A home directory is not created with a new system user.
|The name of the user’s login shell. The default value is set in |
|Set an expiration date for a user account. Format is |
Creating a System User
System users are created for running system processes and tasks. These are not regular users, and should not be used as one.
As system user does not expire by default and it given a unique identifier from a range reserved for such accounts. Typical users are given an unique indentifer from 1000 onwards, while system users are given a 3 digit ID.
Also, a system user is not created with a home directory. This enforces the idea that the user is cannot have a login session, such as through SSH. A best practice to prevent someone from breaking into the system with a system user.
To create a system user you use the
useradd -r mysql-backup
Creating a User with Custom Home Directory
To set the home directory of user and overwrite the default value you use the
The example below will create a new user named
student and set their home directory to
useradd -h /home/students/student1 student1
Creating a User and Adding Multiple Groups
In most environments, privileges to files, directories, and executables are assigned to groups rather than individual users. For the sake of securing resources by area of concern, each resource should be grouped and assigned group privileges.
This strategy involves the creation of multiple groups, each with its own privileges. In order to add a new user to multiple groups, you use the
For example, to create a new user named
sysadmin1 and add them to multiple groups, you would do the following.
useradd -G webops,devops,sysops sysadmin1
Creating a User with an Expiry Date
Some users are only expected to exist for a specified period of time. Afterwhich, the user should be effectively disabled on the system. This can be done using the
For example, to add an expiration date to a newly created user you would run the following
useradd --expiredate 2022-05-30
The example above will expire the user account on May 30th, 2022.
Creating a User and Setting Their Shell
It’s not uncommon to run several different shells on a Linux server. While the default shell in CentOS is Bash, other popular shells are ZSH and Korn Shell, for example.
To create a new user with a specific shell you use the
useradd -s /bin/ksh student1
Setting a Password Expiration
The useradd command does not support setting limits for user passwords. Instead, the passwd command is used for such tasks.
The three main flags for setting time limits on user passwords are the following:
-n, --minimum— Sets the minimum password lifetime, in days.
-x, --maximum— Sets the maximum password lifetime, in days.
-w, --warning— Sets the number of days before expirations to send a warning, in days.
In order to set these values and have them take affect the user’s account must support password lifetimes.
For example, to set a user’s password to expire in 90 days, with a minimum of 2 days, you would run the following command.
sudo passwd -n 2 -x 90 student1
Deleting a User Account
Deleting users is often need to remove unnecessary users that naturally build up over time. To delete a user in CentOS you use the
sudo userdel student1
Create a Sudo User on CentOS
A sudo user is a super user in Linux. There are several ways to accomplish this task, but simplest is to add the user to the wheel group.
In the following example, the new user student1 is added to the wheel group, giving him sudo rights.
sudo useradd -G wheel -c "Student1 is an admin" student1