useradd on Debian/Ubuntu

The useradd utility is there, but Debian and Ubuntu don't come with the handy preconfigured defaults as Red Hat and CentOS do. If you were to just do sudo useradd frank on a default Debian/Ubuntu machine, Frank would have no home directory and would be assigned the wrong default shell. So, to create a user account with useradd on a Debian or Ubuntu system, the command would look something like:

sudo useradd -m -d /home/frank -s /bin/bash frank

In this command:

• -m creates the home directory.
• -d specifies the home directory.
• -s specifies Frank's default shell. (Without the -s, Debian/Ubuntu would assign to Frank the /bin/sh shell.)

When you look at the home directories, you'll see that they're wide open, with execute and read privileges for everybody:

donnie@packt:/home$ ls -l
total 8
drwxr-xr-x 3 donnie donnie 4096 Oct 2 00:23 donnie
drwxr-xr-x 2 frank frank 4096 Oct 1 23:58 frank
donnie@packt:/home$

As you can see, Frank and I can get into each other's stuff. (And no, I don't want Frank getting into my stuff.) Each user could change the permissions on his or her own directory, but how many of your users would know how to do that? So, let's fix that ourselves:

cd /home
sudo chmod 700 *

Let's see what we have now:

donnie@packt:/home$ ls -l
total 8
drwx------ 3 donnie donnie 4096 Oct 2 00:23 donnie
drwx------ 2 frank frank 4096 Oct 1 23:58 frank
donnie@packt:/home$

That looks much better.

To change the default permissions setting for home directories, open /etc/login.defs for editing. Look for the line:

UMASK     022

Change it to:

UMASK     077

Now, new users' home directories will get locked down on creation, just as they do with Red Hat.