Tutorial

How To Add and Remove Users on FreeBSD

Published on January 14, 2015
How To Add and Remove Users on FreeBSD

Introduction

On FreeBSD, like other Unix-like OSes, user accounts can be created to provide interactive access to the system. User accounts, when managed properly, can add a layer of system security by providing a way to limit individual user’s access to only the files and directories that it needs to accomplish its tasks.

In this tutorial, we will show you how to perform the following user management tasks on a FreeBSD server:

  • Add a user
  • Grant superuser privileges
  • Remove a user
  • Lock a user account
  • Unlock a user account

Note: As of July 1, 2022, DigitalOcean no longer supports the creation of new FreeBSD Droplets through the Control Panel or API. However, you can still spin up FreeBSD Droplets using a custom image. Learn how to import a custom image to DigitalOcean by following our product documentation.

Prerequisites

To follow this tutorial, you must have root access to a FreeBSD server. That is, you must be able to log in to the server as root or another user that has superuser privileges via the sudo command. If you are planning on using root, you may omit the sudo portion of the example commands.

How To Add a User

The simplest way to add a new user is to use the provided adduser utility, which is based on the pw command. The adduser command adds a user to the system by making the necessary additions to passwd, master.passwd, and group files, and creating the new users home directory. It can be run interactively, with prompts to gather information about the new user, or non-interactively, which is better for adding batches of users. We will cover using it in interactive mode.

To add a user with adduser in interactive mode, which allows you to create one user at a time, simply run the command without arguments like this:

sudo adduser

At this point, you must provide information about the new user by responding to the series of prompts. Let’s take a look at an example of the prompts now, with example responses shown in red:

Username: sammy
Full name: Sammy Shark
Uid (Leave empty for default):
Login group [sammy]:
Login group is sammy. Invite sammy into other groups? []: wheel
Login class [default]:
Shell (sh csh tcsh nologin) [sh]:
Home directory [/home/sammy]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password: password
Enter password again: password
Lock out the account after creation? [no]:

Many of the prompts can be left empty to select the default responses—the square brackets, [yes] for example, denote the default values—but there are a couple important prompts that we will explain here:

  • Username: This one is pretty self-explanatory. Provide the desired name of the new user
  • Login group is <user>. Invite <user> into other groups?: This field will allow you to add the user to additional groups, by providing the desired groups in a space-delimited list. The most common use of this is to grant superuser (sudo) privileges to the new user by adding it to the wheel group—on FreeBSD, members of the wheel group can execute commands with superuser privileges. If you want to create a normal (unprivileged) user, you may leave this blank

All the other prompts up to this point are pretty self-explanatory and, aside from the password prompts, can be left as their defaults. Of course, if you need to change any other details, such as the user’s Uid or Home directory, feel free to provide a non-default response. If you are looking for an in-depth description of any of the prompts, run man adduser for more information.

After answering the prompts, a summary of the new user will be displayed:

Username   : sammy
Password   : *****
Full Name  : Sammy Shark
Uid        : 1002
Class      :
Groups     : sammy wheel
Home       : /home/sammy
Home Mode  :
Shell      : /bin/sh
Locked     : no
OK? (yes/no): yes

After reviewing the user information, respond to the OK? prompt with yes or no. Your response determines whether the user is created.

If you respond yes, the user will be created and a confirmation will be provided:

adduser: INFO: Successfully added (sammy) to the user database.

Whether you create the user or not, you will see the following prompt:

Add another user? (yes/no): no
Goodbye!

If you are finished, respond with no. Otherwise, respond with yes and repeat the process to create an additional new user.

At this point, the user(s) that you created can be used. You may want to set up SSH key authentication for increased security—check out this tutorial to learn how.

How To Grant Sudo Privileges

On FreeBSD, like other Unix-like OSes, you may grant users with the ability to run commands with superuser privileges via the sudo command. The sudo command allows a user to run a command as another user. We will show you how to grant a normal user with superuser privileges, effectively allowing them to execute commands as root.

On FreeBSD, users that are members of the wheel group are allowed to use sudo. This is due to the following line in the default sudoers file, /usr/local/etc/sudoers:

%wheel ALL=(ALL) NOPASSWD: ALL

Therefore, one way to grant a normal user with superuser privileges is to add the user to the wheel group. To add a user to the wheel group, use this pw groupmod command (replace the highlighted username):

sudo pw groupmod wheel -m sammy

This command adds the specified user to the wheel group in the /etc/group file, and thus grants the user with the ability to run commands as superuser.

How To Remove a User

An easy way to remove a user from your FreeBSD system is to use the rmuser command. You may run it with no arguments, or pass the users you want to remove as arguments, and follow the prompts to complete the user removal process:

sudo rmuser

If you do not provide a user name as an argument, you will be prompted for one or more. Then you will be asked to confirm if you’re sure and if the user’s home directory should be removed:

Please enter one or more usernames: sammy
Matching password entry:

sammy:*:1002:1002::0:0:Sammy Shark:/home/sammy:/bin/sh

Is this the entry you wish to remove? y
Remove user's home directory (/home/sammy)? y
Removing user (sammy): mailspool home passwd.

How To Lock a User Account

If you want to disable a user’s access to the system but not delete their account records and home directory, you may lock the account. The easiest way to disable a user is to use the pw lock command, with the user that you want to disable as an argument, like so:

sudo pw lock username

This command works by prepending “*LOCKED*” to the user’s entry in the /etc/master.passwd file.

The user will be unable to log in until the account is unlocked.

How To Unlock a User

If you want to enable a user that was disabled with pw lock, you can use the pw unlock command to do so:

sudo pw unlock username

This command works by deleting “*LOCKED*”, if present, from the user’s entry in the /etc/master.passwd file.

Conclusion

You should now have a good understanding of basic user management on a FreeBSD server.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
Leave a comment


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more