We hope you find this tutorial helpful. In addition to guides like this one, we provide simple cloud infrastructure for developers. Learn more →

How To Add and Remove Users on FreeBSD

Posted Jan 14, 2015 13.4k views Getting Started FreeBSD


On FreeBSD, like other Unix-like OSes, user accounts can be created to provide interactive access to the system. User accounts, when managed properly, can add a layer of system security by providing a way to limit individual user's access to only the files and directories that it needs to accomplish its tasks.

In this tutorial, we will show you how to perform the following user management tasks on a FreeBSD server:

  • Add a user
  • Grant superuser privileges
  • Remove a user
  • Lock a user account
  • Unlock a user account


To follow this tutorial, you must have root access to a FreeBSD server. That is, you must be able to log in to the server as root or another user that has superuser privileges via the sudo command. If you are planning on using root, you may omit the sudo portion of the example commands.

How To Add a User

The simplest way to add a new user is to use the provided adduser utility, which is based on the pw command. The adduser command adds a user to the system by making the necessary additions to passwd, master.passwd, and group files, and creating the new users home directory. It can be run interactively, with prompts to gather information about the new user, or non-interactively, which is better for adding batches of users. We will cover using it in interactive mode.

To add a user with adduser in interactive mode, which allows you to create one user at a time, simply run the command without arguments like this:

sudo adduser

At this point, you must provide information about the new user by responding to the series of prompts. Let's take a look at an example of the prompts now, with example responses shown in red:

Username: sammy
Full name: Sammy Shark
Uid (Leave empty for default):
Login group [sammy]:
Login group is sammy. Invite sammy into other groups? []: wheel
Login class [default]:
Shell (sh csh tcsh nologin) [sh]:
Home directory [/home/sammy]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password: password
Enter password again: password
Lock out the account after creation? [no]:

Many of the prompts can be left empty to select the default responses—the square brackets, [yes] for example, denote the default values—but there are a couple important prompts that we will explain here:

  • Username: This one is pretty self-explanatory. Provide the desired name of the new user
  • Login group is <user>. Invite <user> into other groups?: This field will allow you to add the user to additional groups, by providing the desired groups in a space-delimited list. The most common use of this is to grant superuser (sudo) privileges to the new user by adding it to the wheel group—on FreeBSD, members of the wheel group can execute commands with superuser privileges. If you want to create a normal (unprivileged) user, you may leave this blank

All the other prompts up to this point are pretty self-explanatory and, aside from the password prompts, can be left as their defaults. Of course, if you need to change any other details, such as the user's Uid or Home directory, feel free to provide a non-default response. If you are looking for an in-depth description of any of the prompts, run man adduser for more information.

After answering the prompts, a summary of the new user will be displayed:

Username   : sammy
Password   : *****
Full Name  : Sammy Shark
Uid        : 1002
Class      :
Groups     : sammy wheel
Home       : /home/sammy
Home Mode  :
Shell      : /bin/sh
Locked     : no
OK? (yes/no): yes

After reviewing the user information, respond to the OK? prompt with yes or no. Your response determines whether the user is created.

If you respond yes, the user will be created and a confirmation will be provided:

adduser: INFO: Successfully added (sammy) to the user database.

Whether you create the user or not, you will see the following prompt:

Add another user? (yes/no): no

If you are finished, respond with no. Otherwise, respond with yes and repeat the process to create an additional new user.

At this point, the user(s) that you created can be used. You may want to set up SSH key authentication for increased security—check out this tutorial to learn how.

How To Grant Sudo Privileges

On FreeBSD, like other Unix-like OSes, you may grant users with the ability to run commands with superuser privileges via the sudo command. The sudo command allows a user to run a command as another user. We will show you how to grant a normal user with superuser privileges, effectively allowing them to execute commands as root.

On FreeBSD, users that are members of the wheel group are allowed to use sudo. This is due to the following line in the default sudoers file, /usr/local/etc/sudoers:


Therefore, one way to grant a normal user with superuser privileges is to add the user to the wheel group. To add a user to the wheel group, use this pw groupmod command (replace the highlighted username):

sudo pw groupmod wheel -m sammy

This command adds the specified user to the wheel group in the /etc/group file, and thus grants the user with the ability to run commands as superuser.

How To Remove a User

An easy way to remove a user from your FreeBSD system is to use the rmuser command. You may run it with no arguments, or pass the users you want to remove as arguments, and follow the prompts to complete the user removal process:

sudo rmuser

If you do not provide a user name as an argument, you will be prompted for one or more. Then you will be asked to confirm if you're sure and if the user's home directory should be removed:

Please enter one or more usernames: sammy
Matching password entry:

sammy:*:1002:1002::0:0:Sammy Shark:/home/sammy:/bin/sh

Is this the entry you wish to remove? y
Remove user's home directory (/home/sammy)? y
Removing user (sammy): mailspool home passwd.

How To Lock a User Account

If you want to disable a user's access to the system but not delete their account records and home directory, you may lock the account. The easiest way to disable a user is to use the pw lock command, with the user that you want to disable as an argument, like so:

sudo pw lock username

This command works by prepending "*LOCKED*" to the user's entry in the /etc/master.passwd file.

The user will be unable to log in until the account is unlocked.

How To Unlock a User

If you want to enable a user that was disabled with pw lock, you can use the pw unlock command to do so:

sudo pw unlock username

This command works by deleting "*LOCKED*", if present, from the user's entry in the /etc/master.passwd file.


You should now have a good understanding of basic user management on a FreeBSD server.


Creative Commons License