Chapter 6 Adding New Users
Chapter 6 Adding New Users
Table of Contents
Introduction
Required Steps
Setup a Useful User Environment
Extra Steps
Other Account Management Issues
Summary
Introduction
Adding New Users is Considered Routine
- ideal for automated tools
- tasks performed as root
- adduser is on the CD-ROM
Required Steps
- edit /etc/passwd to define the user's account
- set an initial password
- create the user's home directory
Setup a Useful User Environment
- startup files
- mail home and aliases
Extra Steps
- add user to /etc/group
- verify the account is setup right
Other Account Management Issues
- removing users
- disabling logins
- password aging
- pseudo-logins
- record accounting information
(Chapter 28 Accounting, Chapter 32 Policy and Politics)
- enter user in site-wide user database
- enter contact information in local phone book
- configure Disk Quotas (Chapter 26 Disk Quotas)
- set limits
- edquota -p proto-user user
Next
TOC
Required Steps
Editing the /etc/passwd File
The passwd file contains a list of user's recognized by the system.
It is used at login to determine the user's UID, and on
most systems, to verify the login password. Each line identifies
a user and contains seven fields sperated by colons:
- login name
- encrypted password
- UID (User ID) number
- default GID (Group ID) number
- GECOS information (full name, office, extension)
- home directory
- login shell
Examples:
root:Ig764L2qjvdrT:0:0:The System, x6072:/:/bin/sh
jsmith:Pk0jr3MzbvdsI:100:20:Joe Smith:/home/jsmith:/bin/csh
student:hg7p4Z1qjsarj:101:20:CS691X Student:/home/student:/bin/csh
Login Name
- unique accross all machines (Chapter 18 Sharing File Systems)
- up to 8 characters (1st char alpha then alpha/numeric)
- case sensitive
- use a reasonable naming scheme
Encrypted Password
- set with passwd, yppasswd if using NIS
- can copy the encrypted string from another account
- use '*' instead of leaving the password blank
- shadow password mechanism (see page 543, Chapter 23 Security)
- generally /etc/shadow, only readable by root
- adds security angainst hackers who use encrypted dictionaries to
try to break into systems
(there are machines that can decrypt all passwords < 6 characters
in two days, and all passwords < 7 characters in four months)
- used on Solaris, IRIX, BSD1, Linux
UID (User ID) Number
- 0-32,767 (some systems use 32 bits)
- root 0, pseudo-user 1, daemon 2
- start real users at 100 - AVOID reusing UIDs incase old files
need to be restored
GID (Group ID) Number
- 16 or 32 bit integer
- root 0, daemon 1
- defined in /etc/group (newgrp is obsolete)
GECOS field
- no well-defined syntax
- originally held login information needed for batch jobs
- typically for personal information
- finger interprets comma-separated entries as follows:
- full name (often only field used)
- office number or building
- office telephone extension
- home phone number
- chfn allows a user to change his GECOS information
(most universities disable chfn)
Home Directory
- users are placed in their home directory upon login
(e.g. /home/user1)
- if the home directory is missing upon login
- "no home directory" message
- user is placed in the root directory
- user is not allowed to login
Shell
- is normally a command interpreter such as the Bourne shell or C shell
(/bin/sh or /bin/csh respectively)
- can be any program (useful when disabling logins)
- sh is usually the default
- chsh allows a user to change shells
(/etc/shells contains a list of shells supported)
Next
Previous
TOC
Required Steps Continued
Setting an Initial Password
- root can set any user's password with "passwd user"
- rules for good passwords (see page 542, Chapter 23 Security)
Creating the Home Directory
- any directory you create is owned by root
- chown user dir
- chgrp group dir
- chmod 700 dir
Next
Previous
TOC
Setup a Useful User Environment
Copying in the Startup Files
- used to specify terminal type, environment variables, aliases, etc.
(e.g. .login, .cshrc, .profile, .logout)
- see Table 6.1 on page 91 for a list of files and purposes
- traditionally begin with a dot and end with "rc", short for run command
(e.g. .exrc, .mailrc, .xinitrc)
- hidden files unless "ls -a" is used
- useful to have a good set of startup files
- CAUTION - do NOT use "chown user dir/.*" or the
user will own the parent directory (this is a common mistake)
Setting the Mail Home
- convenient for each user to receive mail on one machine
- can use /etc/aliases (see page 449, Chapter 21 Electronic Mail)
Next
Previous
TOC
Extra Steps
Editing the /etc/group File
Each line identifies a group and contains four fields seperated by colons:
- group name - up to 8 characters
- encrypted password (NEVER used - enter '*')
- GID (Group ID) number
- list of members (login names) separated by commas
Verifying the New Login
- log out and then log in as the new user
- execute these commands:
- %pwd (to verify the home directory)
- %ls -lag (BSD - check owner/group of startup files)
- %ls -la (ATT - check owner/group of startup files)
- notify the user and remind him to change the password
- some places have "user contracts" (see Chapter 32 Policy and Politics)
Next
Previous
TOC
Other Account Management Issues
Removing Users
- remove all references to the login name
- relocate files needed by others before removing the account
- disable login if directory is needed for monthly accounting
Disabaling Logins
- put '*' in the password field
- if networked, change the shell to a program
- print a message explaining why the login has been disabled
- provide instructions to rectify the situation
Password Aging
- force users to change there passwords
- its use is discouraged
- see page 544, Chapter 23 Security
Pseudo-Logins
- does not correspond to a real person
- "bin" and "daemon" come with the system
e.g system tasks like cron (see Chapter 31 Daemons)
- others - "who", "tty", and "hostname"
Next
Previous
TOC
Summary
Three required steps before a user can login
Setup a useful user environment
Optional extra steps
Other account management issues
Other chapters referenced
- Chapter 18 Sharing File Systems
- Chapter 21 Electronic Mail
- Chapter 23 Security
- Chapter 26 Disk Quotas
- Chapter 28 Accounting
- Chapter 31 Daemons
- Chapter 32 Policy and Politics
Previous
TOC