How to add a user on Gentoo

A fresh Gentoo installation should not be used for daily work from the root account. Add a normal local login after the base system boots so shell history, file ownership, and privilege boundaries belong to a named user instead of root.

Gentoo's handbook uses useradd directly for this job. The command writes local account records, creates a home directory with -m, assigns supplementary groups with -G, and sets /bin/bash as the login shell with -s.

The example below creates larry, sets a password, and verifies the local account with getent and id. Keep wheel only for users who should be allowed to elevate with su, sudo, doas, or local policy rules, and add hardware groups such as audio or video only when the account needs that device access.

Steps to add a user on Gentoo:

  1. Open a root shell on the Gentoo system.
    # whoami
    root

    Fresh Gentoo systems may not have sudo installed or configured yet, so the handbook flow starts from a root login or another root shell.

  2. Confirm that the target login name is not already in the local account database.
    # getent passwd larry

    No output means the local name larry is unused. If this command prints a passwd entry, choose a different login name or review the existing account before continuing.

  3. Confirm the supplementary groups that the new account should receive.
    # getent group users wheel audio
    users:x:100:
    wheel:x:10:
    audio:x:18:

    The final member list can differ on an existing host. The important check is that each group name resolves before useradd -G references it.

  4. Create the user account with a home directory, supplementary groups, and Bash as the login shell.
    # useradd -m -G users,wheel,audio -s /bin/bash larry

    -m creates /home/larry from /etc/skel, -G users,wheel,audio adds supplementary groups, and -s /bin/bash sets the login shell. Keep the group list comma-separated with no spaces.

    Membership in wheel is an administrative trust decision. On Gentoo it is commonly used for root elevation through su, sudo, doas, or desktop authorization policy when those tools are configured.

  5. Set the new user's password.
    # passwd larry
    New password:
    Retype new password:
    passwd: password updated successfully

    Password input is hidden while typing, so no characters are normally echoed at the prompts.

  6. Verify the passwd entry, home directory, and login shell.
    # getent passwd larry
    larry:x:1000:1000::/home/larry:/bin/bash

    The numeric UID and primary GID may differ on a host that already has local users. The fields to verify are the login name, home directory, and shell.

  7. Verify the final group membership.
    # id larry
    uid=1000(larry) gid=1000(larry) groups=1000(larry),10(wheel),18(audio),100(users)

    The account is ready for normal login when id shows the expected wheel, audio, and users groups. New group assignments take effect for new login sessions, not for shells that were already open as that user.