adduser — quick reference
User management
Create and configure login accounts — home directory, shell, UID/GID, GECOS, and password policy.
| When to use | Command |
|---|---|
| Create a normal login user with home directory and setup prompts | sudo adduser username |
| Create a user with no password (SSH keys or automation) | sudo adduser --disabled-password username |
Create a user who cannot log in until you run passwd |
sudo adduser --disabled-login username |
Set GECOS / full name without prompts (--gecos is deprecated; use this) |
sudo adduser --comment "Full Name" username |
| Set a custom home directory path at creation time | sudo adduser --home /opt/app username |
| Create the account without creating a home directory | sudo adduser --no-create-home username |
| Set the user's login shell | sudo adduser --shell /bin/zsh username |
| Create a user with a pre-defined primary group by name (group must exist) | sudo adduser --ingroup GROUP username |
| Create a user whose primary group is set by GID (group must exist) | sudo adduser --gid 1002 username |
| Assign a specific UID (NFS or matching IDs across hosts) | sudo adduser --uid 2001 username |
Add the new user to EXTRA_GROUPS from /etc/adduser.conf |
sudo adduser --add-extra-groups username |
Create the user with an encrypted home (needs ecryptfs-setup-private) |
sudo adduser --encrypt-home username |
Override the lowest UID offered from /etc/adduser.conf for this run |
sudo adduser --firstuid 1500 username |
Override the highest UID offered from /etc/adduser.conf for this run |
sudo adduser --lastuid 59999 username |
| Allow usernames the default regex would reject (weaker name check) | sudo adduser --allow-bad-names username |
| Allow non-ASCII characters in usernames | sudo adduser --allow-all-names username |
System users
Low-UID service accounts for daemons and apps. System users usually skip a home directory and use /usr/sbin/nologin or a dedicated shell.
| When to use | Command |
|---|---|
| Create a system account for daemons (UID from system range) | sudo adduser --system username |
| Create a system user and an identically named primary group | sudo adduser --system --group username |
| System user with a custom shell and no home directory | sudo adduser --system --no-create-home --shell /usr/sbin/nologin username |
| System user with primary group set by existing group name | sudo adduser --system --ingroup GROUP username |
| System user with fixed UID | sudo adduser --system --uid 122 username |
Group management
Create standalone groups before assigning users, or pair a system group with a matching system user.
| When to use | Command |
|---|---|
Create a normal group without adding users (addgroup does the same) |
sudo adduser --group groupname |
Same as above — addgroup is the default mode when invoked as addgroup |
sudo addgroup groupname |
| Create a system group (low GID range) | sudo addgroup --system groupname |
Create a system group via adduser mode |
sudo adduser --system --group groupname |
| Assign a specific GID when creating a group | sudo addgroup --gid 1005 groupname |
| Override lowest GID pool from config for this run | sudo addgroup --firstgid 1000 groupname |
| Override highest GID pool from config for this run | sudo addgroup --lastgid 59999 groupname |
| Allow group names the default regex would reject | sudo addgroup --allow-bad-names groupname |
| Allow non-ASCII characters in group names | sudo addgroup --allow-all-names groupname |
Group membership
Add an existing user to an existing supplementary group — no new account is created.
| When to use | Command |
|---|---|
| Add an existing user to an existing supplementary group | sudo adduser username groupname |
Configuration
Point adduser at an alternate policy file or the extra-users database when you are not using the default local account store.
| When to use | Command |
|---|---|
Use an alternate config file instead of /etc/adduser.conf |
sudo adduser --conf /path/to/adduser.conf username |
Messaging and debugging
Control how much adduser prints to the terminal, syslog, or stderr — useful in scripts and when tracing failures.
| When to use | Command |
|---|---|
| Reduce console output in scripts | sudo adduser --quiet username |
| Print more status lines while running | sudo adduser --verbose username |
Trace delegated system calls (groupadd, useradd, …) |
sudo adduser --debug username |
Help and version
Quick reference for built-in usage text and the installed package version.
| When to use | Command |
|---|---|
| Show brief usage | sudo adduser --help |
| Show package version | adduser -vadduser --version |
adduser — command syntax
adduser runs in several modes. Synopsis from adduser --help on Ubuntu 25.04 (adduser 3.137ubuntu2):
adduser [--uid id] [--firstuid id] [--lastuid id]
[--gid id] [--firstgid id] [--lastgid id] [--ingroup group]
[--add-extra-groups] [--encrypt-home] [--shell shell]
[--comment comment] [--home dir] [--no-create-home]
[--allow-all-names] [--allow-bad-names]
[--disabled-password] [--disabled-login]
[--conf file] [--extrausers] [--quiet] [--verbose] [--debug]
user
adduser --system
[--uid id] [--group] [--ingroup group] [--gid id]
[--shell shell] [--comment comment] [--home dir] [--no-create-home]
[--conf file] [--extrausers] [--quiet] [--verbose] [--debug]
user
adduser --group … group
addgroup … group
addgroup --system … group
adduser [--extrausers] user groupadduser updates /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow. Most examples need sudo.
adduser — command examples
Essential Interactive user — prompts, then verify /etc/passwd
Create a normal login user the way most admins do on Ubuntu or Debian: run adduser with a username and answer the prompts for password and full name.
Run the command:
sudo adduser aliceSample output (interactive — password and GECOS values will differ on your host):
info: Adding user `alice' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `alice' (1001) ...
info: Adding new user `alice' (1001) with group `alice (1001)' ...
info: Creating home directory `/home/alice' ...
info: Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for alice
Enter the new value, or press ENTER for the default
Full Name []: Alice Example
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
info: Adding new user `alice' ...Check that the account was written to the user database — getent passwd prints the line from /etc/passwd:
getent passwd aliceSample output:
alice:x:1001:1001:Alice Example,,,:/home/alice:/bin/bashThe seven fields are username:password_placeholder:UID:GID:GECOS:home:shell. The x means the password hash is stored in /etc/shadow, not in this file.
Essential Non-interactive user for SSH keys or automation
Create an account that skips password prompts — useful when the user will log in with SSH keys, or when a script needs a local username and home directory.
Run the command:
sudo adduser --disabled-password --comment "Deploy Bot" deploySample output:
info: Adding user `deploy' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `deploy' (1003) ...
info: Adding new user `deploy' (1003) with group `deploy (1003)' ...
info: Creating home directory `/home/deploy' ...
info: Copying files from `/etc/skel' ...Confirm the account exists and see how the password field is locked — id shows UID and groups; grep on /etc/shadow shows the password state:
id deploy
sudo grep deploy /etc/shadowSample output:
uid=1003(deploy) gid=1003(deploy) groups=1003(deploy)
deploy:!:20362:0:99999:7:::The ! in /etc/shadow means password login is disabled until you run passwd deploy or set up SSH keys in /home/deploy.
Essential Add existing user to supplementary group
Add an existing user to an existing group without creating a new account. Both names must already be on the system.
Run the command (adduser with two arguments — user, then group):
sudo adduser alice devteamSample output:
info: Adding user `alice' to group `devteam' ...Check that devteam appears in Alice's group list but is not her primary group:
id alice
getent group devteamid shows all groups; the primary GID stays alice. getent group shows alice in the member list for devteam.
Sample output:
uid=1001(alice) gid=1001(alice) groups=1001(alice),1006(devteam)
devteam:x:1006:aliceTo change someone's primary group instead, use usermod.
Common Custom home directory and login shell
Create a user whose home directory is not under /home and whose login shell is not the system default — both paths are set at creation time.
Run the command:
sudo adduser --home /opt/myapp --shell /bin/bash --comment "App Owner" appownerSample output:
info: Adding user `appowner' ...
info: Adding new user `appowner' (1004) with group `appowner (1004)' ...
info: Creating home directory `/opt/myapp' ...
info: Copying files from `/etc/skel' ...Verify the home path and shell were saved correctly, and that the home directory exists on disk:
getent passwd appowner
ls -ld /opt/myappgetent passwd confirms the home and shell in /etc/passwd. ls -ld confirms the directory was created and owned by the new user.
Sample output:
appowner:x:1004:1004:App Owner,,,:/opt/myapp:/bin/bash
drwxr-xr-x 3 appowner appowner 4096 Jul 1 12:00 /opt/myappThe shell path must be listed in /etc/shells or adduser rejects it.
Common Create a group only (no user)
Sometimes you only need a group record — for example before adduser --ingroup, or before adding members later.
Run the command:
sudo addgroup devteamSample output:
Adding group `devteam' (1006) ...
Done.Confirm the group exists in /etc/group:
getent group devteamSample output:
devteam:x:1006:The empty field after the last colon means no members yet — that is normal for a new group.
Common --ingroup fails when the group does not exist
A frequent mistake is passing --ingroup with a group name that has not been created yet. This shows the error and how to fix it.
Try to create a user in a group that does not exist:
sudo adduser --ingroup missinggrp --disabled-password bobSample output:
adduser: The group `missinggrp' does not exist.Create the group, then run the same user command again:
sudo addgroup missinggrp
sudo adduser --ingroup missinggrp --disabled-password bobThe failed first run does not leave a half-created user — safe to fix the group and retry.
Common System service account (typical daemon pattern)
Service accounts for daemons use a low system UID, no home directory, and a shell that blocks interactive login.
Run the command:
sudo adduser --system --no-create-home --shell /usr/sbin/nologin --comment "Service Account" svcappSample output:
info: Selecting UID from range 100 to 999 ...
info: Adding system user `svcapp' (122) ...
info: Adding new user `svcapp' (UID 122) with group `nogroup' ...
info: Not creating `/nonexistent'.Check the passwd line — note the low UID, nologin shell, and placeholder home:
getent passwd svcappSample output:
svcapp:x:122:65534:Service Account,,,:/nonexistent:/usr/sbin/nologinUID 122 is in the system range. GID 65534 is often nogroup on Debian/Ubuntu. Use --system --group when the service needs a dedicated primary group with the same name.
Advanced Bulk create users with a script (shared group or default group)
For labs, load tests, or onboarding many accounts, wrap adduser in a loop. Two common patterns:
With a shared group — one group, many users, fixed UID range (good when every account must share the same primary group):
#!/bin/bash
# bulk-users-with-group.sh — create COUNT users in shared group batchgrp
set -euo pipefail
COUNT=5 # raise to 100 (or more) for larger batches
BASE_UID=3000
GROUP=batchgrp
sudo addgroup --quiet "$GROUP" 2>/dev/null || true
for i in $(seq -w 1 "$COUNT"); do
user="batchuser${i}"
uid=$((BASE_UID + 10#${i}))
sudo adduser \
--disabled-password \
--quiet \
--ingroup "$GROUP" \
--uid "$uid" \
--comment "Batch user ${i}" \
"$user"
doneWithout a shared group — each user gets the default private group adduser creates automatically (simpler, no addgroup step):
#!/bin/bash
# bulk-users-default-group.sh
set -euo pipefail
COUNT=5
for i in $(seq -w 1 "$COUNT"); do
user="solouser${i}"
sudo adduser \
--disabled-password \
--quiet \
--comment "Solo user ${i}" \
"$user"
doneRun the shared-group version and watch the first user being created (--quiet hides most lines; drop it while testing):
chmod +x bulk-users-with-group.sh
sudo ./bulk-users-with-group.shSample output (first user only — later iterations look the same):
info: Adding user `batchuser01' ...
info: Adding new user `batchuser01' (3001) with group `batchgrp (1005)' ...
info: Creating home directory `/home/batchuser01' ...
info: Copying files from `/etc/skel' ...Confirm a user in the middle of the range and count how many accounts were created:
id batchuser03
getent passwd batchuser03
getent passwd | grep -c '^batchuser'Sample output:
uid=3003(batchuser03) gid=1005(batchgrp) groups=1005(batchgrp)
batchuser03:x:3003:1005:Batch user 03,,,:/home/batchuser03:/bin/bash
5Use --uid and --ingroup when IDs must match across hosts. Omit them when the system can pick UID/GID automatically. Use --quiet in loops to hide repetitive info: lines.
Advanced --encrypt-home fails without ecryptfs-setup-private
Encrypted home directories need the ecryptfs-utils package and ecryptfs-setup-private on PATH. Without it, adduser stops before creating the user.
Run the command:
sudo adduser --encrypt-home --disabled-password --comment "" encuserSample output when the helper is missing:
fatal: Could not find program named `ecryptfs-setup-private' in $PATH.Install the dependency, then retry:
sudo apt install ecryptfs-utils
sudo adduser --encrypt-home --disabled-password --comment "" encuserVerify with ls -la /home/encuser — an encrypted private directory is created when the stack is available. Remove test users with sudo deluser --remove-home encuser.
Advanced Debug: trace delegated groupadd, useradd, and chfn calls
When adduser fails and the message is unclear, --debug shows each low-level command it runs behind the scenes.
Run the command:
sudo adduser --debug --disabled-password --comment "" dbguserSample output:
debug: new_uid 1007 selected
debug: /sbin/groupadd -g 1007 dbguser
debug: /sbin/useradd -d /home/dbguser -g 1007 -s /bin/bash -u 1007 dbguser
debug: /bin/chfn -f dbguserEach debug: line is a real subprocess. If something fails, the error usually appears right after the line for the command that broke — use the Troubleshooting table to match symptoms to fixes.
adduser — when to use / when not
Choose adduser when you are creating or grouping new local accounts on Debian-family systems. Pick another tool when the job is modification, removal, cross-distro scripting, or centralized identity.
| Use adduser when | Use something else when |
|---|---|
|
|
adduser vs useradd
Focused comparison for readers who land on the wrong tool. This cheat sheet covers adduser only.
| adduser (Debian/Ubuntu) | useradd | |
|---|---|---|
| Interface | High-level wrapper with prompts | Low-level binary |
| Home directory | Created by default | Needs -m to create home |
/etc/skel |
Copied automatically | Copied when home is created |
| Group helpers | adduser --group, adduser user group |
Separate groupadd / usermod |
| Best for | Day-to-day admin on Debian family | Portable scripting on other distros |
See the useradd if you need the low-level tool on RHEL or in scripts.
Related commands
Nearby commands for the same workflow — create, modify, group, and expire local accounts.
Browse the full index in our Linux commands reference.
adduser — interview corner
Practice these before exams or standups. Each card explains the idea in plain language, then ends with a short answer you can say aloud.
What is the adduser command in Linux?
On Debian and Ubuntu, adduser is the high-level tool for creating local users and groups. It is not a separate kernel feature — it is a Perl wrapper that follows rules in /etc/adduser.conf and Debian policy, then calls lower-level tools (useradd, groupadd, and friends) for you.
When you run sudo adduser alice, it typically:
- Picks a UID/GID from configured ranges
- Creates a matching primary group (unless you use
--ingroup) - Creates
/home/aliceand copies files from/etc/skel - Prompts for password and GECOS (full name, etc.) unless you pass flags to skip prompts
That is why admins reach for adduser on Ubuntu desktops and servers: safer defaults than typing raw useradd flags from memory. Most operations need sudo.
A strong answer is:
"On Debian and Ubuntu, adduser is the friendly wrapper for creating local users and groups — it applies adduser.conf policy, creates home and skel by default, and can prompt for password and GECOS. I use it for day-to-day account work on those distros."
What is GECOS in adduser?
GECOS (sometimes written GEcos) is the comment field on a user account. It shows up as the fifth colon-separated field in /etc/passwd — often the person's full name, but it can hold room number, phone, or other contact text.
getent passwd aliceSample line:
alice:x:1001:1001:Alice Example,,,:/home/alice:/bin/bashThe Alice Example,,, portion is GECOS. In scripts on current Debian/Ubuntu, set it with --comment (for example --comment "Jane Doe,Ops,555-0100"). The older --gecos flag is deprecated on those releases — mention that if the interviewer asks about flags.
A strong answer is:
"GECOS is the passwd comment field — usually the user's full name, fifth field in getent passwd. On Debian/Ubuntu I set it non-interactively with --comment; --gecos is deprecated."
Can adduser create users non-interactively?
Yes. Interactive prompts are the default, but flags let you build accounts in scripts and CI without typing at a terminal.
Common flags for automation:
| Flag | Purpose |
|---|---|
--disabled-password |
No password prompt — pair with SSH keys or set password later |
--comment "..." |
GECOS without prompts |
--uid, --gid, --ingroup |
Fixed IDs for NFS or matching across hosts |
--home, --shell |
Custom paths at creation time |
--quiet |
Less console noise in loops |
Example:
sudo adduser --disabled-password --comment "Deploy Bot" --quiet deployAlways verify what landed on disk:
id deploy
getent passwd deployA strong answer is:
"Yes — I combine flags like --disabled-password, --comment, --uid, --ingroup, and --quiet for scripts, then confirm with id and getent passwd."
What is the difference between adduser and useradd?
Both end up changing /etc/passwd and related files, but the experience and defaults differ.
| adduser (Debian/Ubuntu) | useradd | |
|---|---|---|
| Style | High-level wrapper, prompts | Low-level binary |
| Home directory | Created by default | Needs -m explicitly |
/etc/skel |
Copied when home is created | Copied only when home is created with -m |
| Group helpers | adduser user group, adduser --group |
Separate groupadd / usermod |
| Best on | Ubuntu, Debian | Portable scripts, RHEL, Fedora |
On RHEL-family systems, adduser may be a thin symlink to useradd — do not assume Debian behaviour everywhere. See the useradd for the low-level tool.
A strong answer is:
"useradd is the core utility everywhere; adduser on Debian/Ubuntu is a policy-aware wrapper with safer defaults — home, skel, and simpler group syntax. On other distros I use useradd for portable automation."
How do I add an existing user to a group with adduser?
Use the two-argument form — user first, then group:
sudo adduser alice devteamBoth names must already exist. This adds alice to devteam as a supplementary group; it does not change her primary GID (still usually alice).
Check membership:
id alice
getent group devteamSample output:
uid=1001(alice) gid=1001(alice) groups=1001(alice),1006(devteam)
devteam:x:1006:aliceTo change someone's primary group, use usermod instead. For fine-grained supplementary groups on any distro, usermod -aG group user is the portable pattern.
A strong answer is:
"I run sudo adduser username groupname when both already exist — that adds a supplementary group without creating a new account. For primary group changes I use usermod."
Troubleshooting
Common adduser failures on Ubuntu and Debian — symptom, likely cause, and the fix to try first.
When you need a free UID, pipe getent passwd through cut and sort -n; the sort command covers numeric ordering on colon-separated fields.
| Symptom | Likely cause | Fix |
|---|---|---|
fatal: Could not find program named ecryptfs-setup-private |
ecryptfs-utils not installed |
sudo apt install ecryptfs-utils, then retry --encrypt-home |
Unknown option: … |
Flag not in your adduser build (see adduser --help) |
Drop the flag or upgrade; quick-reference tables match Ubuntu 25.04 / adduser 3.137ubuntu2 |
The group 'foo' does not exist with --ingroup |
Group not created yet | sudo adduser --group foo first, or use --gid with an existing GID |
UID already in use |
Duplicate --uid |
Pick a free UID (getent passwd | cut -d: -f3 | sort -n) |
| Home not created | --no-create-home or system user |
Omit the flag or create the directory manually |
adduser: Only root may add a user |
Missing privilege | Prefix with sudo or run as root |
| Shell rejected | Not in /etc/shells |
Add the shell path to /etc/shells or pick a listed shell |
