The useradd command in Unix-like operating systems is used to create new user accounts. When used with the -r or --system option, it specifically creates system accounts which are intended for services or daemons rather than regular users.
Here are several examples demonstrating the usage of useradd with the -r option:
Example 1: Creating a system account for a web server:
$ sudo useradd -r nginx
This command creates a system account named nginx. To verify its creation, you can check the existence of nginx in the /etc/passwd file.
Example 2: Creating a system account with a specific UID and GID:
$ sudo useradd -r -u 1001 -g 1001 myservice
Here, -u 1001 specifies the UID (User ID) and -g 1001 specifies the GID (Group ID) for the system account myservice.
Example 3: Creating a system account with a custom home directory:
$ sudo useradd -r -d /var/lib/myapp -s /sbin/nologin myappuser
This command creates a system account myappuser with a home directory /var/lib/myapp and a login shell set to /sbin/nologin, which restricts interactive logins.
Example 4: Creating a system account with an expired password:
$ sudo useradd -r -e 2024-12-31 mydaemon
The -e 2024-12-31 option sets an expiration date for the account mydaemon. To verify, check the account details in /etc/shadow.
Example 5: Creating a system account with a comment:
$ sudo useradd -r -c "Backup Service Account" backup
This command creates a system account backup with the comment “Backup Service Account”, visible in the /etc/passwd file.
Example 6: Creating a system account with a specific login shell:
$ sudo useradd -r -s /bin/false daemonuser
The -s /bin/false option sets /bin/false as the login shell for the system account daemonuser, preventing interactive login.
Example 7: Creating a system account without creating a home directory:
$ sudo useradd -r -M sysuser
The -M option ensures that no home directory is created for the system account sysuser.
Example 8: Creating a system account with a specific expiration warning period:
$ sudo useradd -r -f 30 -e 2025-06-30 serviceuser
This command creates a system account serviceuser with an expiration warning 30 days before the password expires (-f 30), expiring on June 30, 2025.
Example 9: Creating a system account with a specific default group:
$ sudo useradd -r -g mygroup serviceaccount
The -g mygroup option assigns mygroup as the primary group for the system account serviceaccount.
Example 10: Creating a system account with additional supplementary groups:
$ sudo useradd -r -G group1,group2,group3 adminuser
The -G option adds group1, group2, and group3 as supplementary groups for the system account adminuser.
To verify whether a system account has been successfully created, check the /etc/passwd file for the username entry. Additionally, inspect /etc/shadow for account-specific settings like expiration dates or password statuses if applicable.
Discussion about this post