UNIX / Linux Tutorial
2.6 Managing Users | 2.6.1 User Management Concepts | 2.6.2 Adding Users
2.6.3 Deleting Users | 2.6.4 Setting User Attributes
2.6 Managing Users Even if you're the only user on your system, it's important to understand the aspects of user management under Linux. You should at least have an account for yourself (other than root) to do most of your work. Each user should have his or her own account. It is seldom a good idea to have several people share the same account. Security an issue, and accounts uniquely identify users to the system. You must be able to keep track of who is doing what. 2.6.1 User Management Concepts The system keeps track of the following information about each user: user name This identifier is unique for every user. Example user names are patrick, karl,and mdw. Letters and digits may be used, as well as " "and"." (period). User names are usually limited to 8 characters in length. user ID This number, abbreviated UID, is unique for every user. The system generally keeps track of users by UID, not user name. group ID This number, abbreviated GID, is the user's default group. Each user belongs to one or more groups as defined by the system administrator. password This is the user's encrypted password. The passwd command is used to set and change user passwords. full name The user's "real name," or "full name," is stored along with the username. For example, the user schmoj may be "Joe Schmo" in real life. home directory This is the directory the user is initially placed in at login, and where his or her personal files are stored. Every user is given a home directory, which is commonly located under /home. login shell The shell that is started for the user at login. Examples are /bin/bash and /bin/tcsh. This information is stored in the file /etc/passwd. Each line in the file has the format: user name: encrypted password:UID:GID:full name:home directory:login shell An example might be: kiwi:Xv8Q981g71oKK:102:100:Laura Poole:/home/kiwi:/bin/bash In this example, the first field, "kiwi," is the user name. The next field, "Xv8Q981g71oKK", is the encrypted password. Passwords are not stored on the system in human-readable format. The password is encrypted using itself as the secret key. In other words, one must know the password in order to decrypt it. This form of encryption is reasonably secure. Some systems use "shadow passwords," in which password information is stored in the file /etc/shadow. Because /etc/passwd is world-readable, /etc/shadow provides some degree of extra security because its access permissions are much more restricted. Shadow passwords also provide other features, like password expiration. The third field, "102", is the UID. This must be unique for each user. The fourth field,"100", is the GID. This user belongs to the group numbered 100. Group information is stored in the file /etc/group. The fifth field is the user's full name, "Laura Poole". The last two fields are the user's home directory (/home/kiwi), and login shell (/bin/bash), respectively. It is not required that the user's home directory be given the same name as the user name. It simply helps identify the directory. 2.6.2 Adding Users When adding users, several steps must be taken. First, the user is given an entry in /etc/passwd, with a unique user name and UID. The GID, full name, and other infor- mation must be specified. The user's home directory must be created, and the permissions on the directory set so that the user owns the directory. Shell initialization files must be installed in the home directory, and other files must be configured system-wide (for example, a spool for the user's incoming e-mail). It is not difficult to add users by hand, but when you are running a system with many users, it is easy to forget something. The easiest way to add users is to use an interactive program which updates all of the system files automatically. The name of this program is useradd or adduser, depending on what software is installed. The adduser command takes its information from the file /etc/adduser.conf, which defines a standard, default configuration for all new users. A typical /etc/adduser.conf file is shown below: # /etc/adduser.conf: 'adduser' configuration. # See adduser(8) and adduser.conf(5) for full documentation. # The DSHELL variable specifies the default login shell on your # system. DSHELL=/bin/bash # The DHOME variable specifies the directory containing users' home # directories. DHOME=/home # If GROUPHOMES is "yes", then the home directories will be created as # /home/groupname/user. GROUPHOMES=no # If LETTERHOMES is "yes", then the created home directories will have # an extra directory - the first letter of the user name. For example: # /home/u/user. LETTERHOMES=no # The SKEL variable specifies the directory containing "skeletal" user # files; in other words, files such as a sample .profile that will be # copied to the new user's home directory when it is created. SKEL=/etc/skel # FIRST_SYSTEM_UID to LAST_SYSTEM_UID inclusive is the range for UIDs # for dynamically allocated administrative and system accounts. FIRST_SYSTEM_UID=100 LAST_SYSTEM_UID=999 # FIRST_UID to LAST_UID inclusive is the range of UIDs of dynamically # allocated user accounts. FIRST_UID=1000 LAST_UID=29999 # The USERGROUPS variable can be either "yes" or "no". # If "yes" each # created user will be given their own group to use as a default, and # their home directories will be g+s. If "no", each created user will # be placed in the group whose gid is USERS_GID (see below). USERGROUPS=yes # If USERGROUPS is "no", then USERS_GID should be the GID of the group # 'users' (or the equivalent group) on your system. USERS_GID=100 # If QUOTAUSER is set, a default quota will be set from that user with # 'edquota -p QUOTAUSER newuser' QUOTAUSER="" In addition to defining preset variables that the adduser command uses, /etc/adduser.conf also specifies where default system configuration files for each user are located. In this example, they are located in the directory /etc/skel, as defined by the SKEL= line, above. Files which are placed in this directory, like a system-wide, default .profile, .tcshrc,or.bashrc file, will be automatically installed in a new user's home directory by the adduser command. 2.6.3 Deleting Users Deleting users can be accomplished with the commands userdel or deluser,depending on the software installed on the system. If you'd like to temporarily "disable" a user from logging in to the system without deleting his or her account, simply prepend an asterisk ("*") to the password field in /etc/passwd. For example, changing kiwi's : /etc/passwd entry to : kiwi:*Xv8Q981g71oKK:102:100:Laura Poole : / home /kiwi : / bin / bash prevents kiwi from logging in. 2.6.4 Setting User Attributes After you have created a user, you may need to change attributes for that user, like the home directory or password. The easiest way to do this is to change the values directly in /etc/passwd. To set a user's password, use passwd. The command : # passwd patrick will change Patrick's password. Only root may change other users' passwords in this manner. Users can change their own passwords, however. On some systems, the commands chfn and chsh allow users to set their own full name and login shell attributes. If not, the system administrator must change these attributes for them.
1.1 Introduction 1.2.10 Referring To Home Directories 1.3.4 Copying Files
1.6 Exploring The File System 1.8 Wildcards 1.9.3 Pipes 1.10.3 Permissions Dependencies
1.12.4 Stopping And Restarting Jobs 1.13.3 Inserting Text 1.13.9 Including Other Files
1.14.3 Shell Initialization Scripts System Administration 2.3.1 The /etc/imitate file
2.4 Managing File Systems 2.6 Managing Users 2.6.5 Groups 2.7.2 gzip and compress
2.8.3 Making Backups To Tape Devices 2.9.1 Upgrading The Kernel
2.9.3 Installing A Device Driver Module
BOOK: LINUX QUICK COMMAND REFERENCE
http://personal.atl.bellsouth.net/~psadler
© copyright KnowledgeWorks, Inc. (2001)