22.3 Creating User Accounts

22.3.1 About umask and the setgid and Restricted Deletion Bits

To create a user account by using the useradd command:

  1. Enter the following command to create a user account:

    # useradd [options] username

    You can specify options to change the account's settings from the default ones.

    By default, if you specify a user name argument but do not specify any options, useradd creates a locked user account using the next available UID and assigns a user private group (UPG) rather than the value defined for GROUP as the user's group.

  2. Assign a password to the account to unlock it:

    # passwd username

    The command prompts you to enter a password for the account.

    If you want to change the password non-interactively (for example, from a script), use the chpasswd command instead:

    echo "username:password" | chpasswd

Alternatively, you can use the newusers command to create a number of user accounts at the same time.

For more information, see the chpasswd(8), newusers(8), passwd(1), and useradd(8) manual pages.

22.3.1 About umask and the setgid and Restricted Deletion Bits

Users whose primary group is not a UPG have a umask of 0022 set by /etc/profile or /etc/bashrc, which prevents other users, including other members of the primary group, from modifying any file that the user owns.

A user whose primary group is a UPG has a umask of 0002. It is assumed that no other user has the same group.

To grant users in the same group write access to files within the same directory, change the group ownership on the directory to the group, and set the setgid bit on the directory:

# chgrp groupname directory
# chmod g+s directory

Files created in such a directory have their group set to that of the directory rather than the primary group of the user who creates the file.

The restricted deletion bit prevents unprivileged users from removing or renaming a file in the directory unless they own either the file or the directory.

To set the restricted deletion bit on a directory:

# chmod a+t directory

For more information, see the chmod(1) manual page.