newusers
update and create new users in batch
see also :
passwd - useradd
Synopsis
newusers [options]
[file]
add an example, a script, a trick and tips
examples
source
etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
etc/pam.d/{chfn,chgpasswd,groupmems,chsh}
useradd.defaults login passwd chgpasswd chpasswd
newusers defaults.pam
login.defs adduser shadow.cron.daily xstrdup.patch
shadow-4.1.4.2-groupmod-pam-check.patch)
description
The
newusers command reads a file (or the standard
input by default) and uses this information to update a set
of existing users or to create new users. Each line is in
the same format as the standard password file (see
passwd(5)) with the exceptions explained below:
pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
pw_name
This is the name of the
user.
It can be the
name of a new user or the name of an existing user (or an
user created before by newusers). In case of an
existing user, the user's information will be changed,
otherwise a new user will be created.
pw_passwd
This field will be encrypted
and used as the new value of the encrypted password.
pw_uid
This field is used to define
the UID of the user.
If the field is
empty, an new (unused) UID will be defined automatically by
newusers.
If this field
contains a number, this number will be used as the UID.
If this field
contains the name of an existing user (or the name of an
user created before by newusers), the UID of the
specified user will be used.
If the UID of
an existing user is changed, the files ownership of the
user's file should be fixed manually.
pw_gid
This field is used to define
the primary group ID for the user.
If this field
contains the name of an existing group (or a group created
before by newusers), the GID of this group will be
used as the primary group ID for the user.
If this field
is a number, this number will be used as the primary group
ID of the user. If no groups exist with this GID, a new
group will be created with this GID, and the name of the
user.
If this field
is empty, a new group will be created with the name of the
user and a GID will be automatically defined by
newusers to be used as the primary group ID for the
user and as the GID for the new group.
If this field
contains the name of a group which does not exist (and was
not created before by newusers), a new group will be
created with the specified name and a GID will be
automatically defined by newusers to be used as the
primary group ID for the user and GID for the new group.
pw_gecos
This field is copied in the
GECOS field of the user.
pw_dir
This field is used to define
the home directory of the user.
If this field
does not specify an existing directory, the specified
directory is created, with ownership set to the user being
created or updated and its primary group.
If the home
directory of an existing user is changed, newusers
does not move or copy the content of the old directory to
the new location. This should be done manually.
pw_shell
This field defines the shell of
the user. No checks are performed on this field.
newusers
first tries to create or change all the specified users, and
then write these changes to the user or group databases. If
an error occurs (except in the final writes to the
databases), no changes are committed to the databases.
During this
first pass, users are created with a locked password (and
passwords are not changed for the users which are not
created). A second pass is used to update the passwords
using PAM. Failures to update a password are reported, but
will not stop the other password updates.
This command is
intended to be used in a large system environment where many
accounts are updated at a single time.
options
The options
which apply to the newusers command are:
-h,
--help
Display help message and
exit.
-r,
--system
Create a system account.
System users
will be created with no aging information in /etc/shadow,
and their numeric identifiers are chosen in the
SYS_UID_MIN-SYS_UID_MAX range, defined
in login.defs, instead of
UID_MIN-UID_MAX (and their GID
counterparts for the creation of groups).
-R,
--root CHROOT_DIR
Apply changes in the
CHROOT_DIR directory and use the configuration files
from the CHROOT_DIR directory.
caveats
The input file must be protected since it contains unencrypted
passwords.
configuration
The following configuration variables in /etc/login.defs change
the behavior of this tool:
GID_MAX (number), GID_MIN (number)
Range of group IDs used for the creation of regular groups by
useradd, groupadd, or newusers.
The default value for GID_MIN (resp. GID_MAX) is
1000 (resp. 60000).
MAX_MEMBERS_PER_GROUP (number)
Maximum members per group entry. When the maximum is reached, a
new group entry (line) is started in /etc/group (with the same
name, same password, and same GID).
The default value is 0, meaning that there are no limits in the
number of members in a group.
This feature (split group) permits to limit the length of lines
in the group file. This is useful to make sure that lines for NIS
groups are not larger than 1024 characters.
If you need to enforce such limit, you can use 25.
Note: split groups may not be supported by all tools (even in the
Shadow toolsuite). You should not use this variable unless you
really need it.
PASS_MAX_DAYS (number)
The maximum number of days a password may be used. If the
password is older than this, a password change will be forced. If
not specified, -1 will be assumed (which disables the
restriction).
PASS_MIN_DAYS (number)
The minimum number of days allowed between password changes. Any
password changes attempted sooner than this will be rejected. If
not specified, -1 will be assumed (which disables the
restriction).
PASS_WARN_AGE (number)
The number of days warning given before a password expires. A
zero means warning is given only upon the day of expiration, a
negative value means no warning is given. If not specified, no
warning will be provided.
SYS_GID_MAX (number), SYS_GID_MIN (number)
Range of group IDs used for the creation of system groups by
useradd, groupadd, or newusers.
The default value for SYS_GID_MIN (resp.
SYS_GID_MAX) is 101 (resp. GID_MIN-1).
SYS_UID_MAX (number), SYS_UID_MIN (number)
Range of user IDs used for the creation of system users by
useradd or newusers.
The default value for SYS_UID_MIN (resp.
SYS_UID_MAX) is 101 (resp. UID_MIN-1).
UID_MAX (number), UID_MIN (number)
Range of user IDs used for the creation of regular users by
useradd or newusers.
The default value for UID_MIN (resp. UID_MAX) is
1000 (resp. 60000).
UMASK (number)
The file mode creation mask is initialized to this value. If not
specified, the mask will be initialized to 022.
useradd and newusers use this mask to set the mode
of the home directory they create
It is also used by pam_umask as the default umask value.
files
/etc/passwd
User account information.
/etc/shadow
Secure user account information.
/etc/group
Group account information.
/etc/gshadow
Secure group account information.
/etc/login.defs
Shadow password suite configuration.
/etc/pam.d/newusers
PAM configuration for newusers.
see also
login.defs,
passwd , useradd .