adduser Command in Linux: Syntax, Options & Practical Examples (Ubuntu/Debian)

On Ubuntu and Debian, adduser is a high-level wrapper that creates and manages local users and groups. It applies /etc/adduser.conf policy, then calls useradd and related tools to set home directories, shells, UID/GID, and GECOS.

Published

Updated

Read time 17 min read

Reviewed byDeepak Prasad

adduser Command in Linux: Syntax, Options & Practical Examples (Ubuntu/Debian)
About On Ubuntu and Debian, adduser is a high-level wrapper that creates and manages local users and groups. It applies /etc/adduser.conf policy, then calls useradd and related tools to set home directories, shells, UID/GID, and GECOS.
Tested on Ubuntu 25.04 (Plucky Puffin); adduser 3.137ubuntu2; kernel 7.0.0-27-generic
Package adduser (apt/deb) · shadow-utils (dnf/rpm)
Man page adduser(8)
Privilege root / sudo
Distros

Ubuntu, Debian (Debian adduser package).

RHEL, Fedora, and SUSE: useradd.

Related guide

adduser — quick reference

User management

Create and configure login accounts — home directory, shell, UID/GID, GECOS, and password policy.

When to use Command
Create a normal login user with home directory and setup prompts sudo adduser username
Create a user with no password (SSH keys or automation) sudo adduser --disabled-password username
Create a user who cannot log in until you run passwd sudo adduser --disabled-login username
Set GECOS / full name without prompts (--gecos is deprecated; use this) sudo adduser --comment "Full Name" username
Set a custom home directory path at creation time sudo adduser --home /opt/app username
Create the account without creating a home directory sudo adduser --no-create-home username
Set the user's login shell sudo adduser --shell /bin/zsh username
Create a user with a pre-defined primary group by name (group must exist) sudo adduser --ingroup GROUP username
Create a user whose primary group is set by GID (group must exist) sudo adduser --gid 1002 username
Assign a specific UID (NFS or matching IDs across hosts) sudo adduser --uid 2001 username
Add the new user to EXTRA_GROUPS from /etc/adduser.conf sudo adduser --add-extra-groups username
Create the user with an encrypted home (needs ecryptfs-setup-private) sudo adduser --encrypt-home username
Override the lowest UID offered from /etc/adduser.conf for this run sudo adduser --firstuid 1500 username
Override the highest UID offered from /etc/adduser.conf for this run sudo adduser --lastuid 59999 username
Allow usernames the default regex would reject (weaker name check) sudo adduser --allow-bad-names username
Allow non-ASCII characters in usernames sudo adduser --allow-all-names username

System users

Low-UID service accounts for daemons and apps. System users usually skip a home directory and use /usr/sbin/nologin or a dedicated shell.

When to use Command
Create a system account for daemons (UID from system range) sudo adduser --system username
Create a system user and an identically named primary group sudo adduser --system --group username
System user with a custom shell and no home directory sudo adduser --system --no-create-home --shell /usr/sbin/nologin username
System user with primary group set by existing group name sudo adduser --system --ingroup GROUP username
System user with fixed UID sudo adduser --system --uid 122 username

Group management

Create standalone groups before assigning users, or pair a system group with a matching system user.

When to use Command
Create a normal group without adding users (addgroup does the same) sudo adduser --group groupname
Same as above — addgroup is the default mode when invoked as addgroup sudo addgroup groupname
Create a system group (low GID range) sudo addgroup --system groupname
Create a system group via adduser mode sudo adduser --system --group groupname
Assign a specific GID when creating a group sudo addgroup --gid 1005 groupname
Override lowest GID pool from config for this run sudo addgroup --firstgid 1000 groupname
Override highest GID pool from config for this run sudo addgroup --lastgid 59999 groupname
Allow group names the default regex would reject sudo addgroup --allow-bad-names groupname
Allow non-ASCII characters in group names sudo addgroup --allow-all-names groupname

Group membership

Add an existing user to an existing supplementary group — no new account is created.

When to use Command
Add an existing user to an existing supplementary group sudo adduser username groupname

Configuration

Point adduser at an alternate policy file or the extra-users database when you are not using the default local account store.

When to use Command
Use an alternate config file instead of /etc/adduser.conf sudo adduser --conf /path/to/adduser.conf username

Messaging and debugging

Control how much adduser prints to the terminal, syslog, or stderr — useful in scripts and when tracing failures.

When to use Command
Reduce console output in scripts sudo adduser --quiet username
Print more status lines while running sudo adduser --verbose username
Trace delegated system calls (groupadd, useradd, …) sudo adduser --debug username

Help and version

Quick reference for built-in usage text and the installed package version.

When to use Command
Show brief usage sudo adduser --help
Show package version adduser -v
adduser --version

adduser — command syntax

adduser runs in several modes. Synopsis from adduser --help on Ubuntu 25.04 (adduser 3.137ubuntu2):

text
adduser [--uid id] [--firstuid id] [--lastuid id]
        [--gid id] [--firstgid id] [--lastgid id] [--ingroup group]
        [--add-extra-groups] [--encrypt-home] [--shell shell]
        [--comment comment] [--home dir] [--no-create-home]
        [--allow-all-names] [--allow-bad-names]
        [--disabled-password] [--disabled-login]
        [--conf file] [--extrausers] [--quiet] [--verbose] [--debug]
        user

adduser --system
        [--uid id] [--group] [--ingroup group] [--gid id]
        [--shell shell] [--comment comment] [--home dir] [--no-create-home]
        [--conf file] [--extrausers] [--quiet] [--verbose] [--debug]
        user

adduser --group … group
addgroup … group
addgroup --system … group
adduser [--extrausers] user group

adduser updates /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow. Most examples need sudo.


adduser — command examples

Essential Interactive user — prompts, then verify /etc/passwd

Create a normal login user the way most admins do on Ubuntu or Debian: run adduser with a username and answer the prompts for password and full name.

Run the command:

bash
sudo adduser alice

Sample output (interactive — password and GECOS values will differ on your host):

text
info: Adding user `alice' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `alice' (1001) ...
info: Adding new user `alice' (1001) with group `alice (1001)' ...
info: Creating home directory `/home/alice' ...
info: Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for alice
Enter the new value, or press ENTER for the default
	Full Name []: Alice Example
	Room Number []:
	Work Phone []:
	Home Phone []:
	Other []:
Is the information correct? [Y/n] Y
info: Adding new user `alice' ...

Check that the account was written to the user database — getent passwd prints the line from /etc/passwd:

bash
getent passwd alice

Sample output:

text
alice:x:1001:1001:Alice Example,,,:/home/alice:/bin/bash

The seven fields are username:password_placeholder:UID:GID:GECOS:home:shell. The x means the password hash is stored in /etc/shadow, not in this file.

Essential Non-interactive user for SSH keys or automation

Create an account that skips password prompts — useful when the user will log in with SSH keys, or when a script needs a local username and home directory.

Run the command:

bash
sudo adduser --disabled-password --comment "Deploy Bot" deploy

Sample output:

text
info: Adding user `deploy' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `deploy' (1003) ...
info: Adding new user `deploy' (1003) with group `deploy (1003)' ...
info: Creating home directory `/home/deploy' ...
info: Copying files from `/etc/skel' ...

Confirm the account exists and see how the password field is locked — id shows UID and groups; grep on /etc/shadow shows the password state:

bash
id deploy
sudo grep deploy /etc/shadow

Sample output:

text
uid=1003(deploy) gid=1003(deploy) groups=1003(deploy)
deploy:!:20362:0:99999:7:::

The ! in /etc/shadow means password login is disabled until you run passwd deploy or set up SSH keys in /home/deploy.

Essential Add existing user to supplementary group

Add an existing user to an existing group without creating a new account. Both names must already be on the system.

Run the command (adduser with two arguments — user, then group):

bash
sudo adduser alice devteam

Sample output:

text
info: Adding user `alice' to group `devteam' ...

Check that devteam appears in Alice's group list but is not her primary group:

bash
id alice
getent group devteam

id shows all groups; the primary GID stays alice. getent group shows alice in the member list for devteam.

Sample output:

text
uid=1001(alice) gid=1001(alice) groups=1001(alice),1006(devteam)
devteam:x:1006:alice

To change someone's primary group instead, use usermod.

Common Custom home directory and login shell

Create a user whose home directory is not under /home and whose login shell is not the system default — both paths are set at creation time.

Run the command:

bash
sudo adduser --home /opt/myapp --shell /bin/bash --comment "App Owner" appowner

Sample output:

text
info: Adding user `appowner' ...
info: Adding new user `appowner' (1004) with group `appowner (1004)' ...
info: Creating home directory `/opt/myapp' ...
info: Copying files from `/etc/skel' ...

Verify the home path and shell were saved correctly, and that the home directory exists on disk:

bash
getent passwd appowner
ls -ld /opt/myapp

getent passwd confirms the home and shell in /etc/passwd. ls -ld confirms the directory was created and owned by the new user.

Sample output:

text
appowner:x:1004:1004:App Owner,,,:/opt/myapp:/bin/bash
drwxr-xr-x 3 appowner appowner 4096 Jul  1 12:00 /opt/myapp

The shell path must be listed in /etc/shells or adduser rejects it.

Common Create a group only (no user)

Sometimes you only need a group record — for example before adduser --ingroup, or before adding members later.

Run the command:

bash
sudo addgroup devteam

Sample output:

text
Adding group `devteam' (1006) ...
Done.

Confirm the group exists in /etc/group:

bash
getent group devteam

Sample output:

text
devteam:x:1006:

The empty field after the last colon means no members yet — that is normal for a new group.

Common --ingroup fails when the group does not exist

A frequent mistake is passing --ingroup with a group name that has not been created yet. This shows the error and how to fix it.

Try to create a user in a group that does not exist:

bash
sudo adduser --ingroup missinggrp --disabled-password bob

Sample output:

text
adduser: The group `missinggrp' does not exist.

Create the group, then run the same user command again:

bash
sudo addgroup missinggrp
sudo adduser --ingroup missinggrp --disabled-password bob

The failed first run does not leave a half-created user — safe to fix the group and retry.

Common System service account (typical daemon pattern)

Service accounts for daemons use a low system UID, no home directory, and a shell that blocks interactive login.

Run the command:

bash
sudo adduser --system --no-create-home --shell /usr/sbin/nologin --comment "Service Account" svcapp

Sample output:

text
info: Selecting UID from range 100 to 999 ...
info: Adding system user `svcapp' (122) ...
info: Adding new user `svcapp' (UID 122) with group `nogroup' ...
info: Not creating `/nonexistent'.

Check the passwd line — note the low UID, nologin shell, and placeholder home:

bash
getent passwd svcapp

Sample output:

text
svcapp:x:122:65534:Service Account,,,:/nonexistent:/usr/sbin/nologin

UID 122 is in the system range. GID 65534 is often nogroup on Debian/Ubuntu. Use --system --group when the service needs a dedicated primary group with the same name.

Advanced Bulk create users with a script (shared group or default group)

For labs, load tests, or onboarding many accounts, wrap adduser in a loop. Two common patterns:

With a shared group — one group, many users, fixed UID range (good when every account must share the same primary group):

bash
#!/bin/bash
# bulk-users-with-group.sh — create COUNT users in shared group batchgrp
set -euo pipefail

COUNT=5          # raise to 100 (or more) for larger batches
BASE_UID=3000
GROUP=batchgrp

sudo addgroup --quiet "$GROUP" 2>/dev/null || true

for i in $(seq -w 1 "$COUNT"); do
  user="batchuser${i}"
  uid=$((BASE_UID + 10#${i}))
  sudo adduser \
    --disabled-password \
    --quiet \
    --ingroup "$GROUP" \
    --uid "$uid" \
    --comment "Batch user ${i}" \
    "$user"
done

Without a shared group — each user gets the default private group adduser creates automatically (simpler, no addgroup step):

bash
#!/bin/bash
# bulk-users-default-group.sh
set -euo pipefail

COUNT=5

for i in $(seq -w 1 "$COUNT"); do
  user="solouser${i}"
  sudo adduser \
    --disabled-password \
    --quiet \
    --comment "Solo user ${i}" \
    "$user"
done

Run the shared-group version and watch the first user being created (--quiet hides most lines; drop it while testing):

bash
chmod +x bulk-users-with-group.sh
sudo ./bulk-users-with-group.sh

Sample output (first user only — later iterations look the same):

text
info: Adding user `batchuser01' ...
info: Adding new user `batchuser01' (3001) with group `batchgrp (1005)' ...
info: Creating home directory `/home/batchuser01' ...
info: Copying files from `/etc/skel' ...

Confirm a user in the middle of the range and count how many accounts were created:

bash
id batchuser03
getent passwd batchuser03
getent passwd | grep -c '^batchuser'

Sample output:

text
uid=3003(batchuser03) gid=1005(batchgrp) groups=1005(batchgrp)
batchuser03:x:3003:1005:Batch user 03,,,:/home/batchuser03:/bin/bash
5

Use --uid and --ingroup when IDs must match across hosts. Omit them when the system can pick UID/GID automatically. Use --quiet in loops to hide repetitive info: lines.

Advanced --encrypt-home fails without ecryptfs-setup-private

Encrypted home directories need the ecryptfs-utils package and ecryptfs-setup-private on PATH. Without it, adduser stops before creating the user.

Run the command:

bash
sudo adduser --encrypt-home --disabled-password --comment "" encuser

Sample output when the helper is missing:

text
fatal: Could not find program named `ecryptfs-setup-private' in $PATH.

Install the dependency, then retry:

bash
sudo apt install ecryptfs-utils
sudo adduser --encrypt-home --disabled-password --comment "" encuser

Verify with ls -la /home/encuser — an encrypted private directory is created when the stack is available. Remove test users with sudo deluser --remove-home encuser.

Advanced Debug: trace delegated groupadd, useradd, and chfn calls

When adduser fails and the message is unclear, --debug shows each low-level command it runs behind the scenes.

Run the command:

bash
sudo adduser --debug --disabled-password --comment "" dbguser

Sample output:

text
debug: new_uid 1007 selected
debug: /sbin/groupadd -g 1007 dbguser
debug: /sbin/useradd -d /home/dbguser -g 1007 -s /bin/bash -u 1007 dbguser
debug: /bin/chfn -f  dbguser

Each debug: line is a real subprocess. If something fails, the error usually appears right after the line for the command that broke — use the Troubleshooting table to match symptoms to fixes.


adduser — when to use / when not

Choose adduser when you are creating or grouping new local accounts on Debian-family systems. Pick another tool when the job is modification, removal, cross-distro scripting, or centralized identity.

Use adduser when Use something else when
  • You are creating a new login user on Ubuntu or Debian and want home directory, /etc/skel, and password prompts handled for you
  • You need a new system or service account with Debian-friendly UID defaults
  • You are adding an existing user to a supplementary group (adduser user group)
  • You are creating a group or pairing a system user with a matching group on the same host
  • You are doing hands-on admin work and prefer guided setup over assembling useradd flags
  • The account already exists and you need to change shell, groups, UID, or home → usermod
  • You are on RHEL, AlmaLinux, Fedora, or another distro without the Debian adduser wrapper → portable useradd command cheat sheet
  • You only need a standalone group record, not user creation → groupadd
  • You are writing a portable script that must behave the same on many distros → portable useradd
  • Users are provisioned from LDAP, Active Directory, or SSSD — not local /etc/passwd → directory tools (realm, sssctl), not adduser
  • You want a broader walkthrough of user creation options → How to create user in Linux

adduser vs useradd

Focused comparison for readers who land on the wrong tool. This cheat sheet covers adduser only.

adduser (Debian/Ubuntu) useradd
Interface High-level wrapper with prompts Low-level binary
Home directory Created by default Needs -m to create home
/etc/skel Copied automatically Copied when home is created
Group helpers adduser --group, adduser user group Separate groupadd / usermod
Best for Day-to-day admin on Debian family Portable scripting on other distros

See the useradd if you need the low-level tool on RHEL or in scripts.


Nearby commands for the same workflow — create, modify, group, and expire local accounts.

Command One line
adduser Debian/Ubuntu friendly wrapper (this page)
chage Password aging and expiry

Browse the full index in our Linux commands reference.


adduser — interview corner

Practice these before exams or standups. Each card explains the idea in plain language, then ends with a short answer you can say aloud.

What is the adduser command in Linux?

On Debian and Ubuntu, adduser is the high-level tool for creating local users and groups. It is not a separate kernel feature — it is a Perl wrapper that follows rules in /etc/adduser.conf and Debian policy, then calls lower-level tools (useradd, groupadd, and friends) for you.

When you run sudo adduser alice, it typically:

  • Picks a UID/GID from configured ranges
  • Creates a matching primary group (unless you use --ingroup)
  • Creates /home/alice and copies files from /etc/skel
  • Prompts for password and GECOS (full name, etc.) unless you pass flags to skip prompts

That is why admins reach for adduser on Ubuntu desktops and servers: safer defaults than typing raw useradd flags from memory. Most operations need sudo.

A strong answer is:

"On Debian and Ubuntu, adduser is the friendly wrapper for creating local users and groups — it applies adduser.conf policy, creates home and skel by default, and can prompt for password and GECOS. I use it for day-to-day account work on those distros."

What is GECOS in adduser?

GECOS (sometimes written GEcos) is the comment field on a user account. It shows up as the fifth colon-separated field in /etc/passwd — often the person's full name, but it can hold room number, phone, or other contact text.

bash
getent passwd alice

Sample line:

text
alice:x:1001:1001:Alice Example,,,:/home/alice:/bin/bash

The Alice Example,,, portion is GECOS. In scripts on current Debian/Ubuntu, set it with --comment (for example --comment "Jane Doe,Ops,555-0100"). The older --gecos flag is deprecated on those releases — mention that if the interviewer asks about flags.

A strong answer is:

"GECOS is the passwd comment field — usually the user's full name, fifth field in getent passwd. On Debian/Ubuntu I set it non-interactively with --comment; --gecos is deprecated."

Can adduser create users non-interactively?

Yes. Interactive prompts are the default, but flags let you build accounts in scripts and CI without typing at a terminal.

Common flags for automation:

Flag Purpose
--disabled-password No password prompt — pair with SSH keys or set password later
--comment "..." GECOS without prompts
--uid, --gid, --ingroup Fixed IDs for NFS or matching across hosts
--home, --shell Custom paths at creation time
--quiet Less console noise in loops

Example:

bash
sudo adduser --disabled-password --comment "Deploy Bot" --quiet deploy

Always verify what landed on disk:

bash
id deploy
getent passwd deploy

A strong answer is:

"Yes — I combine flags like --disabled-password, --comment, --uid, --ingroup, and --quiet for scripts, then confirm with id and getent passwd."

What is the difference between adduser and useradd?

Both end up changing /etc/passwd and related files, but the experience and defaults differ.

adduser (Debian/Ubuntu) useradd
Style High-level wrapper, prompts Low-level binary
Home directory Created by default Needs -m explicitly
/etc/skel Copied when home is created Copied only when home is created with -m
Group helpers adduser user group, adduser --group Separate groupadd / usermod
Best on Ubuntu, Debian Portable scripts, RHEL, Fedora

On RHEL-family systems, adduser may be a thin symlink to useradd — do not assume Debian behaviour everywhere. See the useradd for the low-level tool.

A strong answer is:

"useradd is the core utility everywhere; adduser on Debian/Ubuntu is a policy-aware wrapper with safer defaults — home, skel, and simpler group syntax. On other distros I use useradd for portable automation."

How do I add an existing user to a group with adduser?

Use the two-argument form — user first, then group:

bash
sudo adduser alice devteam

Both names must already exist. This adds alice to devteam as a supplementary group; it does not change her primary GID (still usually alice).

Check membership:

bash
id alice
getent group devteam

Sample output:

text
uid=1001(alice) gid=1001(alice) groups=1001(alice),1006(devteam)
devteam:x:1006:alice

To change someone's primary group, use usermod instead. For fine-grained supplementary groups on any distro, usermod -aG group user is the portable pattern.

A strong answer is:

"I run sudo adduser username groupname when both already exist — that adds a supplementary group without creating a new account. For primary group changes I use usermod."


Troubleshooting

Common adduser failures on Ubuntu and Debian — symptom, likely cause, and the fix to try first.

When you need a free UID, pipe getent passwd through cut and sort -n; the sort command covers numeric ordering on colon-separated fields.

Symptom Likely cause Fix
fatal: Could not find program named ecryptfs-setup-private ecryptfs-utils not installed sudo apt install ecryptfs-utils, then retry --encrypt-home
Unknown option: … Flag not in your adduser build (see adduser --help) Drop the flag or upgrade; quick-reference tables match Ubuntu 25.04 / adduser 3.137ubuntu2
The group 'foo' does not exist with --ingroup Group not created yet sudo adduser --group foo first, or use --gid with an existing GID
UID already in use Duplicate --uid Pick a free UID (getent passwd | cut -d: -f3 | sort -n)
Home not created --no-create-home or system user Omit the flag or create the directory manually
adduser: Only root may add a user Missing privilege Prefix with sudo or run as root
Shell rejected Not in /etc/shells Add the shell path to /etc/shells or pick a listed shell

Rohan Timalsina

is a technical writer and Linux enthusiast who writes practical guides on Linux commands and system administration. He focuses on simplifying complex topics through clear explanations.