On FreeBSD, like other Unix-like OSes, user accounts can be created to provide interactive access to the system. User accounts, when managed properly, can add a layer of system security by providing a way to limit individual user’s access to only the files and directories that it needs to accomplish its tasks.
In this tutorial, we will show you how to perform the following user management tasks on a FreeBSD server:
Note: As of July 1, 2022, DigitalOcean no longer supports the creation of new FreeBSD Droplets through the Control Panel or API. However, you can still spin up FreeBSD Droplets using a custom image. Learn how to import a custom image to DigitalOcean by following our product documentation.
To follow this tutorial, you must have root access to a FreeBSD server. That is, you must be able to log in to the server as root or another user that has superuser privileges via the sudo
command. If you are planning on using root, you may omit the sudo
portion of the example commands.
The simplest way to add a new user is to use the provided adduser
utility, which is based on the pw
command. The adduser
command adds a user to the system by making the necessary additions to passwd
, master.passwd
, and group
files, and creating the new users home directory. It can be run interactively, with prompts to gather information about the new user, or non-interactively, which is better for adding batches of users. We will cover using it in interactive mode.
To add a user with adduser
in interactive mode, which allows you to create one user at a time, simply run the command without arguments like this:
sudo adduser
At this point, you must provide information about the new user by responding to the series of prompts. Let’s take a look at an example of the prompts now, with example responses shown in red:
Username: sammy
Full name: Sammy Shark
Uid (Leave empty for default):
Login group [sammy]:
Login group is sammy. Invite sammy into other groups? []: wheel
Login class [default]:
Shell (sh csh tcsh nologin) [sh]:
Home directory [/home/sammy]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password: password
Enter password again: password
Lock out the account after creation? [no]:
Many of the prompts can be left empty to select the default responses—the square brackets, [yes]
for example, denote the default values—but there are a couple important prompts that we will explain here:
wheel
group—on FreeBSD, members of the wheel
group can execute commands with superuser privileges. If you want to create a normal (unprivileged) user, you may leave this blankAll the other prompts up to this point are pretty self-explanatory and, aside from the password prompts, can be left as their defaults. Of course, if you need to change any other details, such as the user’s Uid or Home directory, feel free to provide a non-default response. If you are looking for an in-depth description of any of the prompts, run man adduser
for more information.
After answering the prompts, a summary of the new user will be displayed:
Username : sammy
Password : *****
Full Name : Sammy Shark
Uid : 1002
Class :
Groups : sammy wheel
Home : /home/sammy
Home Mode :
Shell : /bin/sh
Locked : no
OK? (yes/no): yes
After reviewing the user information, respond to the OK? prompt with yes
or no
. Your response determines whether the user is created.
If you respond yes
, the user will be created and a confirmation will be provided:
adduser: INFO: Successfully added (sammy) to the user database.
Whether you create the user or not, you will see the following prompt:
Add another user? (yes/no): no
Goodbye!
If you are finished, respond with no
. Otherwise, respond with yes
and repeat the process to create an additional new user.
At this point, the user(s) that you created can be used. You may want to set up SSH key authentication for increased security—check out this tutorial to learn how.
On FreeBSD, like other Unix-like OSes, you may grant users with the ability to run commands with superuser privileges via the sudo
command. The sudo
command allows a user to run a command as another user. We will show you how to grant a normal user with superuser privileges, effectively allowing them to execute commands as root
.
On FreeBSD, users that are members of the wheel
group are allowed to use sudo
. This is due to the following line in the default sudoers file, /usr/local/etc/sudoers
:
%wheel ALL=(ALL) NOPASSWD: ALL
Therefore, one way to grant a normal user with superuser privileges is to add the user to the wheel
group. To add a user to the wheel
group, use this pw groupmod
command (replace the highlighted username):
sudo pw groupmod wheel -m sammy
This command adds the specified user to the wheel
group in the /etc/group
file, and thus grants the user with the ability to run commands as superuser.
An easy way to remove a user from your FreeBSD system is to use the rmuser
command. You may run it with no arguments, or pass the users you want to remove as arguments, and follow the prompts to complete the user removal process:
sudo rmuser
If you do not provide a user name as an argument, you will be prompted for one or more. Then you will be asked to confirm if you’re sure and if the user’s home directory should be removed:
Please enter one or more usernames: sammy
Matching password entry:
sammy:*:1002:1002::0:0:Sammy Shark:/home/sammy:/bin/sh
Is this the entry you wish to remove? y
Remove user's home directory (/home/sammy)? y
Removing user (sammy): mailspool home passwd.
If you want to disable a user’s access to the system but not delete their account records and home directory, you may lock the account. The easiest way to disable a user is to use the pw lock
command, with the user that you want to disable as an argument, like so:
sudo pw lock username
This command works by prepending “*LOCKED*” to the user’s entry in the /etc/master.passwd
file.
The user will be unable to log in until the account is unlocked.
If you want to enable a user that was disabled with pw lock
, you can use the pw unlock
command to do so:
sudo pw unlock username
This command works by deleting “*LOCKED*”, if present, from the user’s entry in the /etc/master.passwd
file.
You should now have a good understanding of basic user management on a FreeBSD server.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.