What does adduser do that useradd doesn't?

Question

In addition to the more widespread useradd, Debian based systems also contain an additional adduser command which provides a higher level interface for adding users and some related tasks. There are various questions/answers on other SE sites which detail the basic differences between these commands, for example:

• ServerFault - What's the difference between 'useradd' and 'adduser'?
• Superuser - What's the difference between “adduser” and “useradd”?
• Ask Ubuntu - What is the difference between adduser and useradd?

Most of the answers essentially say that adduser provides nicer interface for adding users interactively, but don't give much detail on what happens when adduser is run that doesn't compared to useradd. So:

1. What does adduser do that useradd doesn't?
2. What commands do I need to use to produce equivalent results?

Answer 1

First off, the respective man page snippets highlight the differences between the two commands and give some indication of what is going on. For adduser:

adduser and addgroup add users and groups to the system according to command line options and configuration information in /etc/adduser.conf. They are friendlier front ends to the low level tools like useradd, groupadd and usermod programs, by default choosing Debian policy conformant UID and GID values, creating a home directory with skeletal configuration, running a custom script, and other features.

Then for useradd:

useradd is a low level utility for adding users. On Debian, administrators should usually use adduser(8) instead.

Further investigation of adduser reveals that it is a perl script providing a high level interface to, and thus offering some of the functionality of, the following commands:

• useradd
• groupadd
• passwd - used to add/change users passwords.
• gpasswd - used to add/change group passwords.
• usermod - used to change various user associated parameters.
• chfn - used to add/change additional information held on a user.
• chage - used to change password expiry information.
• edquota - used to change disk usage quotas.

A basic run of the adduser command is as follows:

adduser username

This simple command will do a number of things:

1. Create the user named username.
2. Create the user's home directory (default is /home/username and copy the files from /etc/skel into it.
3. Create a group with the same name as the user and place the user in it.
4. Prompt for a password for the user.
5. Prompt for additional information on the user.

The useradd program can most of accomplish most of this, however it does not do so by default and needs additional options. Some of the information requires more commands:

useradd -m -U username
passwd username
chfn username

Note that adduser ensures that created UIDs and GIDs conform with the Debian policy. Creating normal users with useradd seems to be ok, provided UID_MIN/UID_MAX in /etc/login.defs matches the Debian policy. What is a problem though is that Debian specifies a particular range for system user UIDs which only seems to be supported in /etc/adduser.conf, so naively adding a system user with useradd and not specifying a UID/GUID in the correct range leaves the potential for serious problems.

Another common use for adduser is to simplify the process of adding a user to a group. Here, the following command:

adduser username newgroup

is equivalent to the following usermod command:

usermod -a -G newgroup username

The main drawback from usermod in this case is that forgetting to pass the append option (i.e.: -a) would end up removing the user from all groups before adding them to "newgroup" (i.e.: -G alone means "replace with").

One downside to using adduser here though is that you can only specify one group at a time.

Answer 2

One significant difference I ran into (and did not see in an answer here), is the implications of creating a system user.

useradd --system seems to imply --shell /bin/bash, while adduser --system implies --shell /usr/sbin/nologin, which is what I wanted.

So if I want neither a shell nor a home directory, I could either use useradd like this

useradd --system --shell /usr/sbin/nologin foo

Which leads to e.g. the following entry in /etc/passwd

foo:x:994:991::/home/foo:/usr/sbin/nologin

Or use adduser like this

adduser --system --no-create-home foo

Which leads to e.g. the following entry in /etc/passwd

foo:x:110:65534::/home/foo:/usr/sbin/nologin

Also, adduser does not create a group (user 110 is in group 65534, aka no group). The accepted answer also mentions risks regarding (G)UID, so I'll definitely stick with adduser.

Source: Tested on Raspberry Pi OS (Debian Buster based).

Answer 3

The adduser command by default also creates a /home/user directory for system users, which you cannot do with the useradd command. useradd only adds home directories for normal users not system users.

Answer 4

The system administrator can do anything with useradd that can be done with adduser. It was stated here that you can't create a /home/user directory for system users with useradd, and you absolutely can, by modifying the files contained in /etc/skel. /etc/skel contains the set of files initially used to populate a new user's home directory.