You issue the command useradd with the following options : -c “User Person” This should be a real name here. With first name and last name just like how you expect normal people to have. Not Prince with some silly symbol. -d /export/home/loginname The defacto standard way to do things is to take the first letter of the persons first name and then seven letters of their last name and make a “login” name. Arguments break out all the time over this and people just seem to want user login names that are 32 characters long as well as mixed with spaces and special characters. If I may quote the Bard here “O, that way madness lies; let me shun that; No more of that.” Keep it simple! -e "" The user account expiry date after which thou shalt not login at all. This is where I do things my way and you may choose to be different if you wish. I give the useradd command a parameter here that is commonly called the “null string”. That means the account will never expire. If you look on your system ( with the ls command ) then you should see a file called /etc/datemsk. That file has a whole stack of fairly unreadable date format specifications which dictate how your system may interpret a date provided in some parameter to some command somewhere. Take note of the fact that the filename could have just been /etc/datetypes or /etc/datemask but no, this is UNIX, and things are often obfuscated or spelled wrong just 'cause. I don't know why and I often wax on for hours about this but don't get me started now. Suffice it to say that you can look in that file of date and time string formats and see gobblydy gook like “%m/%d/%y %H:%M:%S”. So feel free to come back and create accounts that expire in 30 secs from now if you choose just to play with this feature. Playing is learning and I think that you should give it a whirl. Try a date like "04/08/2007 15:55:54" which is right now for me but the past for you. Experiment. Have fun. -f 0 This is another parameter that controls access to the account. This is the number of days that this account may be idle, unused, not accessed before the system declares the account invalid. Stick with positive integers and keep it simple. There is nothing wrong with a zero here because that just means the account will never be written off simply because no one ever logs in anymore. For those of you that are pedantic I want to point out that this does not mean the same thing as idle time in which the user may actually be logged in and doing nothing. That is not what this means. -g user Remember when we created a thing called a “group”? Well this is one of those places where we use it. This user is a member of the group “user”. Not very fascinating but it does allow you to assign users to various groups and then you can grant access to resources based on groups and not just individual users. This account may be a member of multiple groups also. You may also use the group id number here in place of the character name. So that means we could have typed -g 16000 here to get the same result. Without getting really verbose here I want to point out that this group is considered to be the primary group for this account. You may have many other groups down the road but this is the primary one. Remember that. -m This seems to be a really silly thing to specify. It means that you want to actually make the home directory if it does not already exist. There may be some reason why you want to dump a pile of users that are all members of the same primary group into one place. If that directory for a given group already exists and the security is setup correctly for that primary group then hey, why specify the silly -m here? I don't need to make anything in that case. This makes little sense often times and I am probably missing something after using UNIX since the mid-80's. I do know that if you do not specify the -m here then you can not be assured that the users directory will be created. Go figure. Just specify the -m and then move along. -u 32000 This is critical. This is what is called the users id number and you need to be sure that you do not create an account for a user all over the place on various servers with varying user id numbers. Stay consistent and if you know that the user has an account elsewhere then please try to use the same user id number. In the case of a new server and a new user then just go incrementally upwards from the highest numbered user. You can achieve this result by simply dropping this parameter entirely and then the system will automagically create the next user id number for you. Word of warning here : Never use user id numbers lower than 100. Unless you are a guru and master of the realm then do not mess with low uid numbers. -s /bin/bash This is called the users “shell” and it determines how the user will deal with entering commands, issue jobs and control jobs, deal with prompts and generally it's about as personal and critical as breathing air. There are a number of different shells and some have been around since what seems like the dawn of time for UNIX. Like the C Shell which is selected as /bin/csh or /usr/bin/csh. I prefer the simple Bourne Shell which is /sbin/sh or possibly /bin/sh or even /usr/bin/sh. Seem confused? Good. That seems to be the point often times. Suffice it to say that the shell is important to the user and they can do nothing without it. Every user has their own preference and often times a pile of software written with that shell. These are called “shell scripts” and users like them to actually work as expected. Think of the users shell preference as their chosen country and language of origin. This is how they work and what they are accustomed to. Never draw the wrath of the users on yourself by swithing their shells around on them. Give them what they want. Please take a look in the file /etc/shells to see a list of all the supported options. There are a pile of them most likely. I chose the Bash shell for this user only because its popular these days and for no other reason. It is a good place to start if you are wandering in from the Linux world. uperson This last parameter is not really a parameter at all. Good luck doing anything without it however. This is the actual login name that the user will use. It is a nice simple string and you should stick with the defacto standard that I mentioned above : eight characters with a first initial and then seven letters from the last name. Whatever makes the most sense. Keep it simple.