Some of the details of how the adduser command works are configured in the /etc/adduser.conf file. This file contains a lot of settings that determine how new accounts are configured and will look something like this. Note that the comments and blanks lines are omitted in the output below so that we can focus more easily on just the settings.
$ cat /etc/adduser.conf | grep -v "^#" | grep -v "^$" DSHELL=/bin/bash DHOME=/home GROUPHOMES=no LETTERHOMES=no SKEL=/etc/skel FIRST_SYSTEM_UID=100 LAST_SYSTEM_UID=999 FIRST_SYSTEM_GID=100 LAST_SYSTEM_GID=999 FIRST_UID=1000 LAST_UID=29999 FIRST_GID=1000 LAST_GID=29999 USERGROUPS=yes USERS_GID=100 DIR_MODE=0755 SETGID_HOME=no QUOTAUSER="" SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)"
As you can see, we’ve got a default shell (DSHELL), the starting value for UIDs (FIRST_UID), the location for home directories (DHOME) and the source location for startup files (SKEL) that will be added to each account as it is set up – along with a number of additional settings. This file also specifies the permissions to be assigned to home directories (DIR_MODE).
One of the more important settings is DIR_MODE, which determines the permissions that are used for each user’s home directory. Given this setting, the permissions assigned to a directory that the user creates will be 755. Given this setting, home directories will be set up with rwxr-xr-x permissions. Users will be able to read other users’ files, but not modify or remove them. If you want to be more restrictive, you can change this setting to 750 (no access by anyone outside the user’s group) or even 700 (no access but the user himself).
Any user account settings can be manually changed after the accounts are set up. For example, you can edit the /etc/passwd file or chmod home directory, but configuring the /etc/adduser.conf file before you start adding accounts on a new server will ensure some consistency and save you some time and trouble over the long run.
Changes to the /etc/adduser.conf file will affect all accounts that are set up subsequent to those changes. If you want to set up some specific account differently, you’ve also got the option of providing account configuration options as arguments with the adduser command in addition to the username. Maybe you want to assign a different shell for some user, request a specific UID, or disable logins altogether. The man page for the adduser command will display some of your choices for configuring an individual account.
adduser [options] [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID] [--firstuid ID] [--lastuid ID] [--ingroup GROUP | --gid ID] [--disabled-password] [--disabled-login] [--gecos GECOS] [--add_extra_groups] [--encrypt-home] user
These days probably every Linux system is, by default, going to put each user into his or her own group. As an admin, you might elect to do things differently. You might find that putting users in shared groups works better for your site, electing to use adduser’s --gid option to select a specific group. Users can, of course, always be members of multiple groups, so you have some options on how to manage groups -- both primary and secondary.
Sign up for Computerworld eNewsletters.