0387-0389.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Developer.com - Online Reference Library - 0672311739:RED HAT LINUX 2ND EDITION:User Accounts and Logins</TITLE>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311739 //-->
<!-- TITLE=RED HAT LINUX 2ND EDITION //-->
<!-- AUTHOR=DAVID PITTS ET AL //-->
<!-- PUBLISHER=MACMILLAN //-->
<!-- IMPRINT=SAMS PUBLISHING //-->
<!-- PUBLICATION DATE=1998 //-->
<!-- CHAPTER=19 //-->
<!-- PAGES=0383-0394 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->




<P><CENTER>
<a href="0383-0386.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0390-0392.html">Next</A>
</CENTER></P>

<A NAME="PAGENUM-387"><P>Page 387</P></A>






<H4><A NAME="ch19_ 10">


The Login Command
</A></H4>




<P>The login command is the command that is executed when the user
first logs in. In most cases this is a shell command. In other cases it might be a front-end interface or a single
application. If this field is left blank, the system will default to
/bin/bash shell.
</P>




<P>Red Hat allows two different ways for the users to change the login command: the
chps command and the passwd -s command. Both of these commands look exactly alike in
their implementation. Both ask for a password and then ask what to change the login command
to. Before your security hairs on the back of your neck start to stand straight up, there is a
file called /etc/shells that has the same ownership and permissions as
the /etc/passwd file. In this file, the system administrator defines which login commands are acceptable. Because
of the permissions, every user has access to read the file, but not to change it. The following is
an example of an /etc/shells file:
</P>


<!-- CODE //-->
<PRE>
shell:/home/dpitts$ cat /etc/shells
/bin/sh
/bin/bash
/bin/tcsh
/bin/csh
/bin/ash
/bin/zsh
</PRE>
<!-- END CODE //-->





<P>As you can see, the only login command the user can change to are shells. Following is an
example of both the chsh command and the passwd -s command. As always, the password is
not displayed.
</P>


<!-- CODE //-->
<PRE>
shell:/home/dpitts$ chsh
Password:
Changing the login shell for dpitts
Enter the new value, or press return for the default

        Login Shell [/bin/bash]:
shell:/home/dpitts$ passwd -s
Password:
Changing the login shell for dpitts
Enter the new value, or press return for the default

        Login Shell [/bin/bash]: /bin/bash
shell:/home/dpitts$
</PRE>
<!-- END CODE //-->





<H4><A NAME="ch19_ 11">


Editing /etc/group
</A></H4>




<P>After the /etc/passwd file has been set up, the next step is to define the groups that that user
is associated with. Every user is associated with at least one group. A group is a collection of
users thrown together for a particular purpose. This purpose could be job
function&#151;programmer, system administrator, accountant, or engineer&#151;or the users could all have access to a
special device&#151;scanner, color printer, or modem.
</P>




<P>There is no limit to the number of groups on a system. In fact, the default
/etc/group file contains eighteen groups:
</P>

<A NAME="PAGENUM-388"><P>Page 388</P></A>


<!-- CODE //-->
<PRE>
root::0:root
bin::1:root, bin, daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
tty::5:
disk::6:root,adm
lp::7:lp
mem::8:
kmem::9:
wheel::10:root
floppy::11:root
mail::12:mail
news::13:news
uucp::14:uucp
man::15:man
users::100:games
nogroup::-1:
</PRE>
<!-- END CODE //-->





<P>Each line contains four segments and, like the
passwd file, is delimited by colons:
</P>


<!-- CODE SNIP //-->
<PRE>
group name : password : group ID : users
</PRE>
<!-- END CODE SNIP //-->





<P>If there is nothing to be entered into a field, that field is left blank (notice the
password field). There will still be a colon delimiting the field from the other fields. Following
is a short description of each of the fields:
</P>



<TABLE WIDTH="360">
<TR><TD>
group name
</TD><TD>
A unique identifier for the group
</TD></TR>
<TR><TD>
password
</TD><TD>
Usually left blank or an *, but a password can be assigned
</TD></TR>
<TR><TD>
group ID
</TD><TD>
The unique number that identifies a group to the
operating system
</TD></TR>
<TR><TD>
users
</TD><TD>
A list of all user IDs that belong to that group
</TD></TR>
</TABLE>







<P>Like the /etc/passwd file, there are two ways of editing this file. The first way is with a
script, such as addgroup or groupadd; the second way is to manually edit the file with a text editor.
(By the way, always make sure you make a backup copy of the file before you edit it!) When
adding groups to this file, just follow the format of the other files. Add a unique group, assign it
a password if necessary, give it a unique group ID, and then list the users associated with
that group. The users, by the way, are separated with commas. If the line is not in the correct
format or is incorrect in some other way, the users might not be able to use that group ID.
</P>




<P>If the system were using a shadow password system, the password field would be moved to
/etc/shadow.group, and an x would be assigned to the field.
</P>




<P>When finished editing the /etc/group file, double-check its permissions. It should be
owned by root, and its group should be root or sys (group ID of
0). The permissions should be read and write for owner and read for everyone else
(644 in hex).</P>





<P>The list of groups does not have to be in any particular order. The list of users in each group
is also irrelevant. Red Hat Linux will search the entire file until it comes to the line it is
looking for.
</P>

<A NAME="PAGENUM-389"><P>Page 389</P></A>






<P>Although users can be in several groups, Linux only allows them to be active in a single
group at any given time. The starting group, commonly called the primary group, is the group
identified in the /etc/passwd file. If a user wants to switch to another group (and he or she is in
the group according to /etc/group), the user must issue
the newgrp command to switch.
</P>




<P>Removing a group or a user from a group is as simple as editing the
/etc/group file and removing either the entire line or the particular user you want removed. You should also check the
/etc/passwd file to make sure that there are no users defined to the group you just deleted.
</P>




<H4><A NAME="ch19_ 12">


Creating a Home Directory and Copying Files to the New Home
</A></H4>




<P>After a new user has been added to the
/etc/passwd file and the /etc/group file, the next
step is to create the user's new home directory. For the rest of this chapter, assume that the
home directory is /home/username.
</P>




<P>To create the directory, go to the /home directory
(cd /home), and issue the mkdir command. The parameter passed to the
mkdir command is the directory you wish to correct. In the
following example, I am creating a user directory for
tpowell:
</P>


<!-- CODE SNIP //-->
<PRE>
shell:/home/dpitts$ cd /home
shell:/home/dpitts$ mkdir tpowell
</PRE>
<!-- END CODE SNIP //-->





<P>I now have a directory for my friend Tim. Now that I have the directory, I need to copy
the files from /etc/skel to the new home. This is accomplished with the
cp command, as shown in the following example:
</P>


<!-- CODE SNIP //-->
<PRE>
shell:/home/dpitts$ cp /etc/skel/*  /home/tpowell
</PRE>
<!-- END CODE SNIP //-->





<H4><A NAME="ch19_ 13">


Changing Ownerships and Permissions
</A></H4>




<P>Now that the basic files are placed in the new user's account, it is time to give the files and
the new home directory to the new user, and to give the files the correct file permissions. Of
course, an individual site might differ as to the security placed on the files and directories. The
following is a general guideline of the commands that need to be executed:
</P>




<OL>
<LI>          cd /home/new_users_name ex. cd /home/tpowell

<LI>          chown -R username.group ex. chown -R tpowell.user

<LI>          chmod -R go=u, go-w

<LI>          chmod go= .
</OL>




<H4><A NAME="ch19_ 14">


Setting the Password
</A></H4>




<P>Issue the passwd command as root and set the password of the new user. After you have set
this password, the account will work. If you are creating dummy accounts, you might not want
to set the password.
</P>

<P><CENTER>
<a href="0383-0386.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0390-0392.html">Next</A>
</CENTER></P>




</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>