LiveChat 
Support 
How to Create a User in Linux: adduser vs useradd Explained
Adding a user account is one of the first administrative tasks you perform on any new Linux server. Whether you are setting up a teammate, deploying a service account, or moving away from logging in as root, knowing how to create a user in Linux correctly keeps your system secure and organized. Linux gives you two main tools for the job: the high-level `adduser` and the low-level `useradd`. They sound nearly identical, but they behave very differently, and choosing the wrong one is a classic beginner trip-up.
This guide walks through both commands, how to set passwords, create home directories, assign shells, grant `sudo` privileges, build service accounts, and modify or delete users, all with copy-ready command examples.
Key Takeaways
• `adduser` is a friendly interactive wrapper on Debian/Ubuntu that sets up the home directory and prompts for a password and details automatically.
• `useradd` is the universal low-level command available on every distribution, but it needs explicit flags (`-m`, `-s`) and a separate `passwd` step.
• Grant administrative rights by adding a user to the `sudo` group (Debian/Ubuntu) or the `wheel` group (RHEL/Fedora).
• Use `-r` to create system/service accounts with no login, and prefer SSH keys over passwords for real security.
What are the two commands for adding a user in Linux?
Linux has two distinct utilities, and the difference matters:
- `adduser` is a high-level, interactive script (a Perl wrapper on Debian and Ubuntu). It walks you through the entire process: it creates the home directory, copies skeleton files, prompts you to set a password, and asks for optional details like full name. It is the friendliest option when it is available.
- `useradd` is the low-level, universal binary that exists on virtually every Linux distribution. It does exactly what you tell it and nothing more. By default it does not create a home directory and does not set a password, so you must supply the right flags yourself.
Here is the practical distinction at a glance.
| Feature | `adduser` | `useradd` |
|---|---|---|
| Type | High-level interactive script | Low-level binary |
| Availability | Debian / Ubuntu (and derivatives) | All distributions (universal) |
| Home directory | Created automatically | Only with `-m` flag |
| Password prompt | Interactive, built in | Separate `passwd` command |
| Asks for user details | Yes (name, phone, etc.) | No |
| Best for | Quick manual account setup | Scripts, automation, portability |
The single biggest gotcha: On Debian or Ubuntu, reach for `adduser` because it sets up everything interactively in one step. `useradd` is the universal command, but if you run it bare as `useradd bob`, you create a user with no home directory and no password. They cannot log in normally, and they have nowhere to store files. Beginners run `useradd` expecting `adduser` behavior, then wonder why the account is broken. The fix is always `useradd -m -s /bin/bash bob` followed by `passwd bob`.
How do you create a user with adduser?
On a Debian-based system, this is the simplest approach. Run the command with `sudo` and follow the prompts:
“`bash sudo adduser alice “`
You will be prompted to set and confirm a password, then asked for optional information (full name, room number, phone) which you can skip by pressing Enter. When it finishes, `alice` has a home directory at `/home/alice`, a default shell, and a working password. Nothing else to do.
How do you create a user with useradd?
`useradd` works everywhere, including RHEL, CentOS, Fedora, AlmaLinux, and Arch, where `adduser` may not exist as an interactive tool. The reliable pattern is:
“`bash sudo useradd -m -s /bin/bash alice sudo passwd alice “`
Breaking down the flags:
- `-m` creates the home directory (`/home/alice`) and populates it from `/etc/skel`.
- `-s /bin/bash` sets the login shell. Without this, the user may get the system default (sometimes `/bin/sh` or no interactive shell).
- `passwd alice` sets the password as a separate step, since `useradd` never prompts for one.
Setting the home directory and shell explicitly
You can override defaults when needed:
“`bash sudo useradd -m -d /opt/alice -s /usr/bin/zsh alice “`
Here `-d /opt/alice` sets a custom home directory path, and `-s /usr/bin/zsh` assigns Zsh as the shell.
How do you add a user to groups?
Group membership controls what a user can access. Use the `-G` flag to add a user to one or more supplementary groups at creation time:
“`bash sudo useradd -m -s /bin/bash -G developers,docker alice “`
This adds `alice` to the `developers` and `docker` groups. To add a group to an existing user without removing their current groups, always use `usermod` with both `-a` (append) and `-G`:
“`bash sudo usermod -aG docker alice “`
Forgetting the `-a` (append) flag with `usermod -G` will replace all of a user’s existing supplementary groups instead of adding to them. Always pair `-a` with `-G`.
How do you grant a user sudo (admin) access?
Administrative privileges come from membership in a special group, and the group name depends on your distribution.
On Debian / Ubuntu, add the user to the `sudo` group:
“`bash sudo usermod -aG sudo alice “`
On RHEL / CentOS / Fedora / AlmaLinux, add the user to the `wheel` group:
“`bash sudo usermod -aG wheel alice “`
The user must log out and back in (or start a new session) for the new group membership to take effect. After that, `alice` can run administrative commands by prefixing them with `sudo`.
Here is a quick reference for the most common `useradd` options:
| Option | Purpose | Example |
|---|---|---|
| `-m` | Create home directory | `useradd -m alice` |
| `-s` | Set login shell | `useradd -s /bin/bash alice` |
| `-d` | Custom home directory path | `useradd -d /opt/alice alice` |
| `-G` | Supplementary groups | `useradd -G sudo,docker alice` |
| `-r` | System/service account | `useradd -r appsvc` |
| `-c` | Comment / full name | `useradd -c “Alice Lee” alice` |
| `-e` | Account expiry date | `useradd -e 2026-12-31 alice` |
How do you create a system or service user?
Applications like web servers, databases, and background daemons should run as dedicated service accounts that cannot log in interactively. This limits the damage if the service is compromised. Use the `-r` flag for a system account and disable login by pointing the shell at `nologin`:
“`bash sudo useradd -r -s /usr/sbin/nologin -M appservice “`
- `-r` creates a system user with a low UID and no aging information.
- `-s /usr/sbin/nologin` prevents interactive login.
- `-M` skips creating a home directory (most services do not need one).
This pattern gives you an account that owns files and runs processes but can never be used to log in via SSH or a console.
How do you modify or delete a user?
To change an existing account, use `usermod`. To remove one, use `userdel`.
“`bash
sudo usermod -l newname oldname
sudo usermod -s /bin/zsh alice
sudo usermod -L alice
sudo userdel alice
sudo userdel -r alice “`
Locking with `-L` is often safer than deleting when an employee leaves: you preserve their files and audit trail while immediately blocking access.
Manage Linux users on a server with full root access
Creating and managing users is only practical when you actually control the machine. Shared hosting rarely gives you root, so you cannot run `useradd`, configure `sudo` groups, or deploy SSH-key-only accounts. A DarazHost VPS or dedicated server gives you full root access to administer Linux users exactly as described in this guide: create admin accounts, set up least-privilege service users, deploy SSH-key authentication, and fine-tune permissions across your team. With reliable infrastructure, complete control of your environment, and 24/7 support, DarazHost is built for developers and sysadmins who need a real Linux server, not a locked-down sandbox.
What are the security best practices for Linux user accounts?
Creating accounts is easy; creating them securely is what protects your server.
- Never share accounts. Give every person their own login so actions are traceable in the audit logs. Shared credentials destroy accountability.
- Apply least privilege. Only add users to `sudo` or `wheel` if they genuinely need administrative rights. Most users do not.
- Prefer SSH keys over passwords. Key-based authentication is far harder to brute-force. Deploy a public key to `~/.ssh/authorized_keys` and disable password login in `sshd_config` once keys are working.
- Use `nologin` for service accounts. A daemon never needs an interactive shell, so do not give it one.
- Lock instead of leaving idle accounts. Disable departing users with `usermod -L` rather than letting dormant accounts linger.
- Set expiry dates with `-e` for temporary contractors so accounts disable themselves automatically.
Frequently asked questions
What is the difference between adduser and useradd? `useradd` is the low-level, universal command found on every Linux distribution; it requires explicit flags like `-m` to create a home directory and a separate `passwd` command to set a password. `adduser` is a friendly interactive wrapper available mainly on Debian and Ubuntu that handles the home directory, password prompt, and account details automatically in one step.
Why does my new user have no home directory? You almost certainly created the account with `useradd` without the `-m` flag. Run `sudo useradd -m -s /bin/bash username` to create the home directory, or use `sudo mkhomedir_helper username` to add one to an existing account.
How do I give a new user sudo access? Add them to the administrative group with `usermod`. On Debian/Ubuntu use `sudo usermod -aG sudo username`; on RHEL/Fedora/CentOS use `sudo usermod -aG wheel username`. The user must start a new session for the change to take effect.
How do I create a user without a password? Create the account, then either lock the password with `sudo passwd -l username` or, for a service account, create it with `sudo useradd -r -s /usr/sbin/nologin username` so it cannot log in at all. For real users, deploy SSH keys instead of a password.
How do I delete a user and all their files? Use `sudo userdel -r username`. The `-r` flag removes the user’s home directory and mail spool along with the account. Omit `-r` if you want to keep their files for archival or audit purposes.
