lsg16.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<BR>



</UL></UL>



<UL>



<UL>



<P>The uucp login is used for UUCP communication access and files.



<BR>



</UL></UL>



<P>The other system logins are used for specific purposes (postmaster for mail, and so on) that are usually self-evident. You should not change any of the system logins. In most cases, they have an asterisk in the password field to prevent their use for entry purposes.



<BR>



<BR>



<A NAME="E68E90"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Adding Users</B></FONT></CENTER></H3>



<BR>



<P>You can add users to your system by manually editing the /etc/passwd file or by using an automated script that prompts you for the new user's details and writes a new line to the /etc/passwd file for you. The automated approach is handy for new system administrators who are uneasy about editing as important a file as /etc/passwd or for those occasions when you have to add several users and the risk of error increases. You can modify the /etc/passwd file only when you are logged in as root.



<BR>



<BLOCKQUOTE>



<BLOCKQUOTE>



<HR ALIGN=CENTER>



<BR>



<NOTE>Before making changes to your /etc/passwd file, make a copy of it! If you corrupt the /etc/passwd file and don't have a copy of it, you can't log in, even as root, and your system is effectively useless except in system administration mode. Keep a copy of the /etc/passwd file on your emergency floppy disk or boot floppy disk in case of problems.</NOTE>



<BR>



<HR ALIGN=CENTER>



</BLOCKQUOTE></BLOCKQUOTE>



<P>To add an entry to the /etc/passwd file, use any editor that saves information in ASCII. Add the new users to the end of the file, using a new line for each user. Make sure you use a unique user name and user ID (UID) for each user. For example, to add a new user called bill to the system with a UID of 103 (remember to keep UIDs sequential for convenience) and a GID of 50 (the default group), a home directory of /home/bill, and a startup shell of the Bourne shell, add the following line to the /etc/passwd file:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">bill::103:50:Bill Smallwood:/home/bill:/bin/sh</FONT></PRE>



<P>Note that the the password is blank because you can't type in an encrypted password yourself. As soon as you have saved the changes to /etc/passwd, set a password for this account by running the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">passwd bill</FONT></PRE>



<P>This command prompts you for an initial password. Set the password to something that Bill can use, and ask him to change the password the first time he is on the system. Many system administrators set the initial password to a generic string (such as password or the login name), and then force the new user to change the password the first time he or she logs in. Using generic strings is usually acceptable if the user logs in quickly, but don't leave accounts with generic login strings sitting around too long; someone else may use the account.



<BR>



<P>After you have added the necessary line to the /etc/passwd file, create the user's home directory. Once created, you must set the ownership to have that user own the directory. For the above example, you would issue the following commands:



<BR>



<PRE>



<FONT COLOR="#000080">mkdir /home/bill



chown bill /home/bill</FONT></PRE>



<P>All users must belong to a group. If your system has only one group defined, add the user's user name to the line in the /etc/group file that represents that group. If the new user is to belong to several groups, add the user name to each group in the /etc/group file. The /etc/group file and groups in general are discussed in te following section.



<BR>



<P>Finally, copy the configuration files for the user's shells into the user's home directory and set the system to allow the user access for customization. For example, if you were to copy the Bourne shell's .profile file from another user called yvonne, you would issue the following commands:



<BR>



<PRE>



<FONT COLOR="#000080">cp /home/yvonne/.profile /home/bill/.profile



chown bill /home/.profile</FONT></PRE>



<P>Also, manually check the configuration file to ensure that no environment variables are incorrectly set when the user logs in. For example, there may be a line defining the HOME environment variable or the spool directories for printer and mail. Use any ASCII editor to check the configuration file. If you are using the Korn or C shell, there are other configuration files that need to be copied over and edited. Bourne shell compatibles need only a .profile, but the C shell and compatibles need .login and .cshrc. The Korn shell and compatibles need a .profile and usually another file with environment variables embedded in it.



<BR>



<P>In general, the process for manually adding a new user to your system is as follows:



<BR>



<OL>



<LI>Add an entry for the user in the /etc/passwd file.



<BR>



<BR>



<LI>Create the user's home directory and set its ownership.



<BR>



<BR>



<LI>Copy the shell startup files and edit their settings and ownerships.



<BR>



<BR>



</OL>



<P>The Linux system has a hold-over command from the Berkeley BSD UNIX version. The command vipw invokes the vi editor (or whatever the default system editor has been set to) and edits a temporary copy of the /etc/passwd file. The use of a temporary file and file lock acts as a lock mechanism to prevent two different users from editing the file at the same time. When the file is saved, vipw does a simple consistency check on the changed file, and if all appears proper, the /etc/passwd file is updated.



<BR>



<P>The automated scripts for Linux tend to have the names useradd or adduser. When run, they prompt you for all the information that is necessary in the /etc/passwd file. Both versions let you exit at any time to avoid changing the /etc/passwd file. The automated scripts also usually ask for an initial password, which you can set to anything you want or leave blank. One advantage of the automated scripts is that they copy all the configuration files for the supported shells automatically and, in some cases, make environment variable changes for you. These scripts can simplify the process of adding users enormously.



<BR>



<P>A quick note on passwords: they are vitally important to the security of your system. Unless you are on a stand-alone Linux machine with no dial-in modems, every account should have a secure password. You assign and change passwords with the passwd command. The superuser can change any password on the system, but a user can only change their own password. <A HREF="lsg24.htm">Chapter 24</A>, &quot;Security,&quot; deals with secure passwords.



<BR>



<BR>



<A NAME="E68E91"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Deleting Users</B></FONT></CENTER></H3>



<BR>



<P>Just like adding new users, you can delete users with an automated script or manually. The automated scripts deluser or userdel ask which user you want to delete, and then remove that user's entry from the /etc/passwd file. Some scripts also clean out the spool and home directory files, if you want. You must log in as root in order to make any deletions to the /etc/passwd file.



<BR>



<P>To delete the user manually, remove the user's entry from the /etc/passwd file. Then you can clean up the user's directories to clear disk space. You can completely delete all the user's files and his or her home directory with the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">rm -r /home/userdir</FONT></PRE>



<P>where /home/userdir is the full pathname of the user's home directory. Make sure there are no files you want to keep in that directory before you blow them all away!



<BR>



<P>Next, remove the user's mail spool file, which is usually kept in /usr/spool/mail/username. For example, to remove the user walter's mail file, issue the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">rm /usr/spool/mail/walter</FONT></PRE>



<P>The spool file is a single file, so this command cleans up the entries properly. To finish off the mail cleanup, check that the user has no entries in the mail alias files (usually /usr/lib/aliases), or you can force all mail for that user to another login (such as root) with an entry in the aliases file. Finally, make sure that there are no entries in the user's cron and at files that the system will continue to execute. You can display the user's crontab file (explained in <A HREF="lsg23.htm">Chapter 23</A>) using the crontab command.



<BR>



<P>If you need to retain the user for some reason (such as file ownerships, a general access account, or accounting purposes), you can disable the login completely by placing an asterisk in the password field of the /etc/passwd file. That login cannot be used when an asterisk is in the password field. To reactivate the account, run the passwd command.



<BR>



<P>The process for manually deleting a user (or using an automated script that doesn't clean up directories and files) is as follows:



<BR>



<OL>



<LI>Remove the user's entry from /etc/passwd and /etc/group files.



<BR>



<BR>



<LI>Remove the user's mail file and any mail aliases.



<BR>



<BR>



<LI>Remove any cron or at jobs.



<BR>



<BR>



<LI>Remove the home directory if you don't want any files it holds.



<BR>



<BR>



</OL>



<P>Occasionally, you may want to temporarily disable a user's account, such as when the user goes on extended leave or vacation. If you want to temporarily disable the login but be able to recover it at any time in the future, add an asterisk as the first character of the encrypted password. Don't alter any characters in the existing password, but add the asterisk to the beginning. When you want to reactivate the account, remove the asterisk and the password is back to whatever it was set as before you made the changes.



<BR>



<BR>



<A NAME="E68E92"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Using Groups</B></FONT></CENTER></H3>



<BR>



<P>Every user on a UNIX and Linux system belongs to a group. A group is a collection of individuals lumped together for some reason. The users in a group may all work in the same department, may need access to a particular programming utility, or they may all have access to use a special device such as a scanner or color laser printer. Groups can be set up for any reason, and users can belong to any number of groups. However, a user can only be a member of one group at a time, as groups are used for determining file permissions and Linux only allows one group ID per user at any point in time.



<BR>



<P>Groups can have their permissions set so that members of that group have access to devices, files, filesystems, or entire machines that other users who do not belong to that group may be restricted from. Group permissions can be useful when you have an accounting department, for example, whose members need access to the company's accounts. You don't want non-accounting people to go snooping through financial statements, however, so creating a special group that has access to the accounting system makes sense.



<BR>



<P>Many small Linux systems have only one group, the default group, as that is the simplest way to manage a system. In these cases, each user's access to devices and files is controlled by the devices' or files' permissions, not the group. When you start to get several different users in logical groupings, though, groups start to make more sense. You can even use groups to control your friend's or children's access to areas on your home Linux system.



<BR>



<P>Group information is maintained in the file /etc/group, which is similar in layout to the /etc/passwd file. The default /etc/group file from a newly installed Linux system looks like the following:



<BR>



<PRE>



<FONT COLOR="#000080">root::0:root



bin::1:root,bin,daemon



daemon::2:root,bin,daemon



sys::3:root,bin,adm



adm::4:root,adm,daemon



tty::5:



disk::6:root,adm



lp::7:lp



mem::8:



kmem::9:



wheel::10:root



floppy::11:root



mail::12:mail



news::13:news



uucp::14:uucp



man::15:man



users::100:games



nogroup::-1:</FONT></PRE>