|
|
UNIX / Linux Tutorial
2.6 Managing Users | 2.6.1 User Management Concepts | 2.6.2 Adding Users
2.6.3 Deleting Users | 2.6.4 Setting User Attributes
2.6 Managing Users
Even if you're the only user on your system, it's important to understand the aspects
of user management under Linux. You should at least have an account for yourself (other
than root) to do most of your work.
Each user should have his or her own account. It is seldom a good idea to have several
people share the same account. Security an issue, and accounts uniquely identify users to
the system. You must be able to keep track of who is doing what.
2.6.1 User Management Concepts
The system keeps track of the following information about each user:
user name This identifier is unique for every user. Example user names are patrick,
karl,and mdw. Letters and digits may be used, as well as " "and"."
(period). User names are usually limited to 8 characters in length.
user ID
This number, abbreviated UID, is unique for every user. The system
generally keeps track of users by UID, not user name.
group ID
This number, abbreviated GID, is the user's default group. Each user belongs
to one or more groups as defined by the system administrator.
password
This is the user's encrypted password. The passwd command is used to
set and change user passwords.
full name
The user's "real name," or "full name," is stored along
with the username. For example, the user schmoj may be "Joe Schmo" in real life.
home directory
This is the directory the user is initially placed in at login, and where his
or her personal files are stored. Every user is given a home directory,
which is commonly located under /home.
login shell
The shell that is started for the user at login. Examples are /bin/bash
and /bin/tcsh.
This information is stored in the file /etc/passwd. Each line in the file has the
format:
user name: encrypted password:UID:GID:full name:home
directory:login shell
An example might be:
kiwi:Xv8Q981g71oKK:102:100:Laura
Poole:/home/kiwi:/bin/bash
In this example, the first field, "kiwi," is the user name.
The next field, "Xv8Q981g71oKK", is the encrypted password. Passwords are not
stored on the system in human-readable format. The password is encrypted using itself as
the secret key. In other words, one must know the password in order to decrypt it. This
form of encryption is reasonably secure.
Some systems use "shadow passwords," in which password information is stored
in the file /etc/shadow. Because /etc/passwd is world-readable, /etc/shadow
provides some degree of extra security because its access permissions are much more
restricted.
Shadow passwords also provide other features, like password expiration.
The third field, "102", is the UID. This must be unique for each user. The fourth
field,"100", is the GID. This user belongs to the group numbered 100. Group
information is stored in the file /etc/group.
The fifth field is the user's full name, "Laura Poole". The last two fields are the
user's home directory (/home/kiwi), and login shell (/bin/bash), respectively. It is
not required that the user's home directory be given the same name as the user name. It
simply helps identify the directory.
2.6.2 Adding Users
When adding users, several steps must be taken. First, the user is given an entry in
/etc/passwd, with a unique user name and UID. The GID, full name, and other infor-
mation must be specified. The user's home directory must be created, and the permissions
on the directory set so that the user owns the directory. Shell initialization files must be
installed in the home directory, and other files must be configured system-wide (for example,
a spool for the user's incoming e-mail).
It is not difficult to add users by hand, but when you are running a system with many
users, it is easy to forget something. The easiest way to add users is to use an interactive
program which updates all of the system files automatically. The name of this program is
useradd or adduser, depending on what software is installed.
The adduser command takes its information from the file /etc/adduser.conf,
which defines a standard, default configuration for all new users.
A typical /etc/adduser.conf file is shown below:
# /etc/adduser.conf: 'adduser' configuration.
# See adduser(8) and adduser.conf(5) for full documentation.
# The DSHELL variable specifies the default login shell on your
# system.
DSHELL=/bin/bash
# The DHOME variable specifies the directory containing users' home
# directories.
DHOME=/home
# If GROUPHOMES is "yes", then the home directories will be created as
# /home/groupname/user.
GROUPHOMES=no
# If LETTERHOMES is "yes", then the created home directories will have
# an extra directory - the first letter of the user name. For example:
# /home/u/user.
LETTERHOMES=no
# The SKEL variable specifies the directory containing "skeletal" user
# files; in other words, files such as a sample .profile that will be
# copied to the new user's home directory when it is created.
SKEL=/etc/skel
# FIRST_SYSTEM_UID to LAST_SYSTEM_UID inclusive is the range for UIDs
# for dynamically allocated administrative and system accounts.
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999
# FIRST_UID to LAST_UID inclusive is the range of UIDs of dynamically
# allocated user accounts.
FIRST_UID=1000
LAST_UID=29999
# The USERGROUPS variable can be either "yes" or "no".
# If "yes" each
# created user will be given their own group to use as a default, and
# their home directories will be g+s. If "no", each created user will
# be placed in the group whose gid is USERS_GID (see below).
USERGROUPS=yes
# If USERGROUPS is "no", then USERS_GID should be the GID of the group
# 'users' (or the equivalent group) on your system.
USERS_GID=100
# If QUOTAUSER is set, a default quota will be set from that user with
# 'edquota -p QUOTAUSER newuser'
QUOTAUSER=""
In addition to defining preset variables that the adduser command uses,
/etc/adduser.conf also specifies where default system configuration files for each
user are located. In this example, they are located in the directory /etc/skel, as defined
by the SKEL= line, above. Files which are placed in this directory, like a system-wide,
default .profile, .tcshrc,or.bashrc file, will be automatically installed in a new
user's home directory by the adduser command.
2.6.3 Deleting Users
Deleting users can be accomplished with the commands userdel or deluser,depending
on the software installed on the system.
If you'd like to temporarily "disable" a user from logging in to the system without
deleting his or her account, simply prepend an asterisk ("*") to the password field in
/etc/passwd. For example, changing kiwi's : /etc/passwd entry to :
kiwi:*Xv8Q981g71oKK:102:100:Laura
Poole : / home /kiwi : / bin / bash
prevents kiwi from logging in.
2.6.4 Setting User Attributes
After you have created a user, you may need to change attributes for that user, like the
home directory or password. The easiest way to do this is to change the values directly in
/etc/passwd. To set a user's password, use passwd. The command :
# passwd patrick
will change Patrick's password. Only root may change other users' passwords in this
manner. Users can change their own passwords, however.
On some systems, the commands chfn and chsh allow users to set their own full
name and login shell attributes. If not, the system administrator must change these attributes
for them.
1.1 Introduction 1.2.10 Referring To Home Directories 1.3.4 Copying Files
1.6 Exploring The File System 1.8 Wildcards 1.9.3 Pipes 1.10.3 Permissions Dependencies
1.12.4 Stopping And Restarting Jobs 1.13.3 Inserting Text 1.13.9 Including Other Files
1.14.3 Shell Initialization Scripts System Administration 2.3.1 The /etc/imitate file
2.4 Managing File Systems 2.6 Managing Users 2.6.5 Groups 2.7.2 gzip and compress
2.8.3 Making Backups To Tape Devices 2.9.1 Upgrading The Kernel
2.9.3 Installing A Device Driver Module
BOOK: LINUX QUICK COMMAND REFERENCE
http://personal.atl.bellsouth.net/~psadler
© copyright KnowledgeWorks, Inc. (2001)