diff --git a/server/create-user.sh b/server/create-user.sh
new file mode 100644
index 0000000..d79b82a
--- /dev/null
+++ b/server/create-user.sh
@@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+DEFAULT_USER="user"
+PASS_LEN=15
+
+usage() {
+  cat <<'EOF'
+Usage:
+  create-user.sh [--user <username>] [--password <password>]
+
+If --password is omitted, a random 15-char password is generated.
+User is added to sudo (Debian/Ubuntu) or wheel (RHEL-like) group if present.
+EOF
+}
+
+USERNAME=""
+PASSWORD=""
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --user)
+      [[ $# -ge 2 ]] || { echo "Missing value for --user" >&2; usage; exit 2; }
+      USERNAME="$2"
+      shift 2
+      ;;
+    --password)
+      [[ $# -ge 2 ]] || { echo "Missing value for --password" >&2; usage; exit 2; }
+      PASSWORD="$2"
+      shift 2
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "Unknown argument: $1" >&2
+      usage
+      exit 2
+      ;;
+  esac
+done
+
+# defaults
+if [[ -z "${USERNAME}" ]]; then
+  USERNAME="${DEFAULT_USER}"
+fi
+
+# root only
+if [[ "${EUID}" -ne 0 ]]; then
+  echo "Run as root (sudo)." >&2
+  exit 1
+fi
+
+# basic validation
+if [[ "${USERNAME}" =~ [^a-zA-Z0-9._-] ]]; then
+  echo "Invalid username '${USERNAME}'. Allowed: letters, digits, dot, underscore, dash." >&2
+  exit 2
+fi
+
+# generate password if not provided
+if [[ -z "${PASSWORD}" ]]; then
+  PASSWORD="$(tr -dc 'A-Za-z0-9!@#$%^&*()_+=-[]{}.,?/<>~' </dev/urandom | head -c "${PASS_LEN}")"
+fi
+
+# create user if not exists
+if id "${USERNAME}" &>/dev/null; then
+  echo "User '${USERNAME}' already exists."
+else
+  useradd -m -s /bin/bash "${USERNAME}"
+  echo "User '${USERNAME}' created."
+fi
+
+# set password
+echo "${USERNAME}:${PASSWORD}" | chpasswd
+
+# Optional: force password change at first login (comment out if не нужно)
+chage -d 0 "${USERNAME}" 2>/dev/null || true
+
+# add to admin group (sudo/wheel)
+if getent group sudo >/dev/null; then
+  usermod -aG sudo "${USERNAME}"
+  ADMIN_GROUP="sudo"
+elif getent group wheel >/dev/null; then
+  usermod -aG wheel "${USERNAME}"
+  ADMIN_GROUP="wheel"
+else
+  ADMIN_GROUP=""
+  echo "No sudo/wheel group found; user not added to admin group." >&2
+fi
+
+echo
+echo "=== Result ==="
+echo "username: ${USERNAME}"
+echo "password: ${PASSWORD}"
+if [[ -n "${ADMIN_GROUP}" ]]; then
+  echo "added to group: ${ADMIN_GROUP}"
+fi
\ No newline at end of file