BLOG POSTS
How to Add and Remove Users on FreeBSD

How to Add and Remove Users on FreeBSD

User management in FreeBSD is a fundamental skill that every system administrator needs to master, whether you’re setting up a multi-user server environment, managing access controls, or maintaining security protocols. FreeBSD offers robust command-line tools and system utilities for adding, modifying, and removing user accounts, each with specific parameters and security considerations. This guide will walk you through the complete process of user management in FreeBSD, covering both the standard utilities and advanced techniques, while addressing common pitfalls and security best practices that can save you from headaches down the road.

How FreeBSD User Management Works

FreeBSD handles user accounts through several core system files and utilities. The primary user database lives in /etc/passwd, with encrypted passwords stored separately in /etc/master.passwd for security. User groups are managed through /etc/group, and the system maintains these files through a centralized database system.

The key utilities you’ll work with include:

  • adduser – Interactive user creation script
  • pw – Comprehensive user and group management utility
  • rmuser – Interactive user removal script
  • chpass – Modify user database information
  • passwd – Change user passwords

Unlike Linux distributions that often use useradd and userdel, FreeBSD’s approach emphasizes the pw command as the primary non-interactive tool, while providing user-friendly interactive scripts for common operations.

Adding Users in FreeBSD

FreeBSD provides multiple methods for adding users, each suited for different scenarios. The adduser command offers an interactive approach perfect for one-off user creation, while pw provides scriptable functionality for automation.

Using the adduser Command

The simplest method for adding users interactively:

sudo adduser

This launches an interactive session that walks you through user creation:

Username: johndoe
Full name: John Doe
Uid (Leave empty for default): 
Login group [johndoe]: 
Login group is johndoe. Invite johndoe into other groups? []: wheel
Login class [default]: 
Shell (sh csh tcsh bash rbash nologin) [sh]: bash
Home directory [/home/johndoe]: 
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: 
Use an empty password? (yes/no) [no]: 
Use a random password? (yes/no) [no]: 
Enter password: 
Enter password again:

Using the pw Command

For scripting and automation, pw provides comprehensive user management:

# Basic user creation
sudo pw useradd johndoe -c "John Doe" -s /bin/bash -m

# Create user with specific UID and groups
sudo pw useradd janedoe -c "Jane Doe" -u 1500 -s /bin/tcsh -G wheel,operator -m

# Create system user (no home directory, nologin shell)
sudo pw useradd serviceuser -c "Service Account" -s /usr/sbin/nologin -d /nonexistent

Key pw useradd options:

  • -c – Full name/comment field
  • -s – Login shell
  • -m – Create home directory
  • -G – Additional groups
  • -u – Specific UID
  • -d – Home directory path
  • -w – Password options (random, none, yes)

Setting Passwords

After creating a user, set their password:

# Set password interactively
sudo passwd johndoe

# Set password from script (security risk - use carefully)
echo "newpassword" | sudo pw usermod johndoe -h 0

Removing Users from FreeBSD

User removal requires careful consideration of what to do with the user’s files, processes, and system references.

Using rmuser Command

The interactive removal method:

sudo rmuser johndoe

This prompts you about removing the user’s home directory and mail spool:

Matching password entry:
johndoe:*:1002:1002::0:0:John Doe:/home/johndoe:/bin/bash

Is this the entry you wish to remove? y
Remove user's home directory (/home/johndoe)? y
Removing user (johndoe): mailspool home passwd.

Using pw Command for User Removal

For scripted user removal:

# Remove user but keep home directory
sudo pw userdel johndoe

# Remove user and home directory
sudo pw userdel johndoe -r

# Remove user, home directory, and all files owned by user
sudo pw userdel johndoe -r
find / -user johndoe -exec rm -rf {} \; 2>/dev/null

Advanced User Management Scenarios

Bulk User Operations

Creating multiple users from a script:

#!/bin/sh
# bulk_add_users.sh

USERS="alice bob charlie diana"
DEFAULT_SHELL="/bin/bash"
DEFAULT_GROUP="users"

for user in $USERS; do
    echo "Creating user: $user"
    pw useradd $user -c "$user" -s $DEFAULT_SHELL -G $DEFAULT_GROUP -m
    echo "temppass123" | pw usermod $user -h 0
    echo "User $user created successfully"
done

Managing User Groups

Group management is equally important:

# Add user to additional groups
sudo pw groupmod wheel -m johndoe

# Remove user from group
sudo pw groupmod wheel -d johndoe

# Create new group
sudo pw groupadd developers -g 5000

# Add multiple users to group
sudo pw groupmod developers -M alice,bob,charlie

Comparison with Other Unix Systems

Feature FreeBSD Linux OpenBSD
Primary Tool pw useradd/userdel useradd/userdel
Interactive Script adduser/rmuser adduser (Debian/Ubuntu) None built-in
Password File /etc/master.passwd /etc/shadow /etc/master.passwd
Default Shell /bin/sh /bin/bash /bin/ksh
Home Dir Default /home/username /home/username /home/username

Best Practices and Security Considerations

Effective user management goes beyond just adding and removing accounts. Here are critical practices to follow:

Security Best Practices

  • Always use strong passwords or key-based authentication
  • Regularly audit user accounts with pw usershow -a
  • Remove unused accounts promptly to reduce attack surface
  • Use appropriate shells – /usr/sbin/nologin for service accounts
  • Implement proper group membership following principle of least privilege
  • Monitor user activity through system logs

System Maintenance

Regular maintenance commands for user management:

# List all users
pw usershow -a

# Show user details
pw usershow johndoe

# List users with UID > 1000 (non-system users)
awk -F: '$3 >= 1000 {print $1}' /etc/passwd

# Find users with no password set
awk -F: '($2 == "") {print $1}' /etc/passwd

# Check for duplicate UIDs
awk -F: '{print $3}' /etc/passwd | sort | uniq -d

Common Pitfalls and Troubleshooting

Several issues commonly arise during user management operations:

Permission Issues

Always ensure you have appropriate privileges. User management commands require root access:

# If you get permission denied
sudo pw useradd newuser -m

# Check if you're in the wheel group
groups $USER

Home Directory Problems

Sometimes home directories aren’t created properly:

# Manually create home directory with proper permissions
sudo mkdir /home/johndoe
sudo chown johndoe:johndoe /home/johndoe
sudo chmod 755 /home/johndoe

# Copy skeleton files
sudo cp -R /usr/share/skel/. /home/johndoe/
sudo chown -R johndoe:johndoe /home/johndoe

Shell Issues

Verify shell availability before assignment:

# Check available shells
cat /etc/shells

# If bash isn't available, install it
sudo pkg install bash
echo "/usr/local/bin/bash" >> /etc/shells

Real-World Use Cases

Here are practical scenarios where these user management skills prove essential:

Web Hosting Environment

Creating isolated users for different websites:

# Create web users with restricted shells
for site in site1 site2 site3; do
    pw useradd $site -c "Website $site" -s /usr/sbin/nologin -d /var/www/$site -m
    chown $site:www /var/www/$site
    chmod 750 /var/www/$site
done

Development Team Setup

Setting up a development environment:

# Create development group
pw groupadd devteam -g 3000

# Add developers with common group membership
for dev in alice bob charlie; do
    pw useradd $dev -c "Developer $dev" -s /usr/local/bin/bash -G devteam,wheel -m
    mkdir /home/$dev/projects
    chown $dev:devteam /home/$dev/projects
    chmod 775 /home/$dev/projects
done

User management in FreeBSD becomes straightforward once you understand the relationship between the various tools and system files. The pw command provides the most flexibility for scripting and automation, while adduser and rmuser offer user-friendly interactive experiences. Remember to always consider security implications, maintain proper group memberships, and regularly audit your user accounts to maintain a secure and organized system.

For additional information, consult the FreeBSD Handbook section on user management and the comprehensive manual pages accessible via man pw, man adduser, and man rmuser.

This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.

This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.

More stories

Debian 13 “Trixie” Released: Major Upgrades for Modern Infrastructure
admin, August 13, 2025
Debian 13 “Trixie” Released: Major Upgrades...
Proxmox VE 9.0: The Ultimate Virtualization Beast is Here
admin, August 8, 2025
Proxmox VE 9.0: The Ultimate Virtualization Beast is He...
Install and Uninstall Node.js on Ubuntu – Step-by-Step
admin, August 4, 2025
Install and Uninstall Node.js on Ubuntu – Step-by-Step

Leave a reply

Your email address will not be published. Required fields are marked

Login
Register
Forgot something?