339

I'd like to use the adduser command to add a user (with disabled password) via a shell script.

By default, adduser prompts you for various values (e.g., Full Name). Is there any way to submit these values via command line? Or will I need to useradd instead?

Eliah Kagan
  • 117,780
Lorin Hochstein
  • 5,405

3 Answers3

411

Use the --gecos option to skip the chfn interactive part.

adduser --disabled-password --gecos "" username

It's all in the man page. Not the most obvious formulation tho.

--gecos GECOS
          Set  the  gecos field for the new entry generated.  adduser will
          not ask for finger information if this option is given.

The GECOS field is a comma separated list as such: Full name,Room number,Work phone,Home phone, despite that man page mentions finger information Details - Wikipedia

Hope this helps you.

Update: for more recent (or upcoming) versions of adduser, the --gecos option is replaced by --comment.

--comment comment
      Set the comment field for the new entry generated.  adduser will
      not ask for the information if this option is given.  This field
      is  also  known under the name GECOS field and contains informa‐
      tion that is used by the finger command.  This used  to  be  the
      --gecos  option,  which  is deprecated and will be removed after
      Debian bookworm.  Valid Modes: adduser, adduser --system.
Zoke
  • 9,476
  • 1
    off-topic Geckos? – Alex2php May 12 '20 at 10:57
  • 2
    Some early Unix systems at Bell Labs used GECOS machines for print spooling and various other services, so this field was added to carry information on a user's GECOS identity (source: https://en.wikipedia.org/wiki/Gecos_field) – Zoke May 12 '20 at 21:44
  • off-topic: can you make adduser idempotent? (if the user already exists, keep silent instead of prompting an error) – Ragtime Feb 21 '23 at 09:36
  • 2
    @Ragtime, that would only work for system accounts. It would be best to test if the user exists with something like getent passwd <username> before invoking adduser/useradd. – Zoke Feb 22 '23 at 03:48
73

useradd can also add users and does not appear to have any form of prompting built in.

useradd -m -p <encryptedPassword> -s /bin/bash <user>
  • -m, --create-home: Create user home directory
  • -p, --password: Specify user password; skip to have it disabled

  • -s, --shell: Default shell for logon user

    Blank will use default login shell specified by the SHELL variable in /etc/default/useradd

  • Substitute <user> with the login name
  • Substitute <encryptedPassword> with the encrypted password

Generating a hashed password:

There are a lot of crypt3 implementations that can generate a hashed password. The whole thing is your hashed password.

Sha-512 Based

The resulting output format: the hash mechanism ($6 for sha-512), the random salt (the eight bytes after the second dollar sign $ASDF1234), remainder is the payload.

  • mkpasswd mkpasswd -m sha-512

    (mkpasswd is provided by the whois package)

DES based:

The resulting output format: first 2 bytes is your salt, remainder is the payload. The whole thing is your hashed password.

  • mkpasswd: mkpasswd (provided by whois package)
  • openssl: openssl passwd -crypt
  • perl: perl -e "print crypt('password');"
  • python: python3 -c 'import crypt; print(crypt.crypt("password"))'
ThorSummoner
  • 3,222
  • 3
  • 22
  • 31
  • 1
    The options you mention don’t exist for adduser on my (recent) version of Ubuntu. – ᴠɪɴᴄᴇɴᴛ Sep 22 '15 at 20:30
  • 3
    @ᴠɪɴᴄᴇɴᴛ adduser is distinct from useradd, confusing I know. – ThorSummoner Sep 22 '15 at 21:01
  • 1
    Oops, indeed missed that you use its almost namesake … isn’t there a BDFL protecting the command line namespace? ;p – ᴠɪɴᴄᴇɴᴛ Sep 23 '15 at 09:52
  • 1
    @mum007 This is only general advice, try adding -v or -vv or -vvv to your ssh commands to see whats wrong and search your error messages here on SO or Google. – ThorSummoner Dec 03 '15 at 17:30
  • Why encrypt the password? I've tried this with a normal password and it works. In my case, it's a temporary password that the user will need to change anyways. – answerSeeker Feb 10 '17 at 01:00
  • I'm curios if @luca-ricci has an answer for you answerSeeker, they referenced the document https://www.cyberciti.biz/tips/howto-write-shell-script-to-add-user.html , I can see the advantage of never sending the cleartext password to the server, but I also don't think pre-encrypting the password is necessarily required. – ThorSummoner Feb 10 '17 at 23:29
  • 1
    @KovacsAkos try this: sudo sed -i"" -e "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config and sudo service ssh restart – JSBach Apr 05 '17 at 09:01
  • I suggest you START the answer by saying you're using a different command altogether. Newcomers will find it confusing otherwise. :) – user426293 Mar 03 '20 at 16:05
  • To get the hashed password, you could also create the user interactively (e.g. in an ephemeral ubuntu docker container) and then extract the hashed value from /etc/shadow. – schnatterer May 21 '21 at 19:01
  • 1
    On some versions of Ubuntu, useradd ignores user defaults, like the default shell. – Kenny Evitt Oct 25 '21 at 22:10
24

You can combine what @ThorSummoner @Zoke are saying like so:

username=jovyan
password=jovyan

adduser --gecos "" --disabled-password $username
chpasswd <<<"$username:$password"

I'm doing this for my Jupyter docker-stack. It allows full headless setup in a Dockerfile.

Bruno Bronosky
  • 909