0383-0386.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Developer.com - Online Reference Library - 0672311739:RED HAT LINUX 2ND EDITION:User Accounts and Logins</TITLE>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311739 //-->
<!-- TITLE=RED HAT LINUX 2ND EDITION //-->
<!-- AUTHOR=DAVID PITTS ET AL //-->
<!-- PUBLISHER=MACMILLAN //-->
<!-- IMPRINT=SAMS PUBLISHING //-->
<!-- PUBLICATION DATE=1998 //-->
<!-- CHAPTER=19 //-->
<!-- PAGES=0383-0394 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->




<P><CENTER>
<a href="../ch18/0377-0382.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0387-0389.html">Next</A>
</CENTER></P>

<A NAME="PAGENUM-383"><P>Page 383</P></A>




<H3><A NAME="ch19_ 1">
CHAPTER 19
</A></H3>




<H2>

User Accounts and Logins

</H2>




<P>
<B>by David Pitts</B>
</P>





<H3><A NAME="ch19_ 2">
IN THIS CHAPTER
</A></H3>




<UL>
<LI>     Adding Users

<LI>     Changing User Properties

<LI>     Temporarily Disabling a User

<LI>     The Login and How to Become a Specific
         User

<LI>     Searching
</UL>



<A NAME="PAGENUM-384"><P>Page 384</P></A>







<P>In order to run a process, there must be a process owner. That process owner is a user
account. In some instances, the user account is a default system username (such as
daemon, bin, or sys), but in most instances, the user account is an actual person who logs on to a system,
performs tasks, and logs off the system.
</P>




<P>Even in a single user environment, it is important to know how to create accounts. Most
duties do not require the use of the default user, root. Therefore, one of the first tasks that
should be done when setting up a new system is to make a user account under which much of the
tasks will be done. Only when absolutely necessary should someone log on to root to perform a
task (and even then, the person should use the su command to switch to root, not log on as root).
</P>




<P>This chapter shows how to add and remove users. In addition, it gives you a look at the
components that make up a user, discusses passwords, and covers a few tools for identifying
the users on the system.
</P>




<H3><A NAME="ch19_ 3">
Adding Users
</A></H3>




<P>There are two ways to add users to a system. The first is to use a script that prompts for
the requested information. The second is to manually edit the
/etc/passwd file and the /etc/group file. The use of a script is the preferred method. First, it limits the mistakes (always a
good idea!). Second, you don't have to understand the process or be familiar with the editor.
But, because you are reading this book, the second reason&#151;understanding the process and
familiarization with the editor&#151;becomes moot.
</P>




<P>Adding a user is a simple process, involving the following six steps:
</P>




<OL>
<LI>          Edit /etc/passwd.

<LI>          Edit /etc/group.

<LI>          Create a home directory.

<LI>          Copy files from /etc/skel to the new home.

<LI>          Change ownerships and permissions.

<LI>          Set the password.
</OL>




<H4><A NAME="ch19_ 4">


Editing etc/passwd
</A></H4>




<P>The first task is to edit the /etc/passwd file, adding the new user to the list. Technically, it
is the second thing you should do. The real first thing you should do is copy the
/etc/passwd file to a backup file in case you make a mistake. The
/etc/passwd file should be owned by root and the group ID set to zero (root or system). The permissions for the file should be set so that
root has read and write permissions and everyone else (including group) should only have read
access (644 in hex).
</P>




<P>Each user must have a distinct username and password from a security perspective. Each
should also have a unique user ID number. The rest of the information associated with a user
doesn't
</P>

<A NAME="PAGENUM-385"><P>Page 385</P></A>





<P>have to be unique, and in some cases, is exactly the same as that of other users. The format
of the /etc/passwd file is a series of seven segments delimited by colons:
</P>


<!-- CODE SNIP //-->
<PRE>
username : password : user ID : group ID : comment
: home directory : login command
</PRE>
<!-- END CODE SNIP //-->





<P>The default /etc/passwd file looks like this when Red Hat Linux is first installed:
</P>


<!-- CODE //-->
<PRE>
root::0:0:root:/root:/bin/bash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
adm:*:3:4:adm:/var/adm:
lp:*:4:7:lp:/var/spool/lpd:
sync:*:5:0:sync:/sbin:/bin/sync
shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
halt:*:7:0:halt:/sbin:/sbin/halt
mail:*:8:12:mail:/var/spool/mail:
news:*:9:13:news:/usr/lib/news:
uucp:*:10:14:uucp:/var/spool/uucppublic:
operator:*:11:0:operator:/root:/bin/bash
games:*:12:100:games:/usr/games:
man:*:13:15:man:/usr/man:
postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash
nobody:*:-1:100:nobody:/dev/null:
ftp:*:14:50::/home/ftp:/bin/bash
</PRE>
<!-- END CODE //-->





<P>If there is nothing to be entered into a field, then that field is left blank (see the
ftp entry). There will still be a colon delimiting the field from the other fields. Following is a short
description of each of the fields:
</P>


<TABLE WIDTH="360">
<TR><TD>
username
</TD><TD>
A unique identifier for the user
</TD></TR>
<TR><TD>
password
</TD><TD>
The user's encrypted password
</TD></TR>
<TR><TD>
user ID (UID)
</TD><TD>
The unique number that identifies a user to the
operating system
</TD></TR>
<TR><TD>
group ID (GID)
</TD><TD>
The unique number that identifies the user's group
</TD></TR>
<TR><TD>
comment
</TD><TD>
The information displayed when a person is
fingered; usually the user's name
</TD></TR>
<TR><TD>
home directory
</TD><TD>
The directory in which the user is placed upon login
</TD></TR>
<TR><TD>
login command
</TD><TD>
The command executed when the user logs in; usually
a shell
</TD></TR>
</TABLE>







<P>The following sections give more detailed descriptions of the contents of these fields.
</P>




<H5><A NAME="ch19_ 5">
The Username
</A></H5>




<P>The username is a single string. Usually it is eight characters or less. This username
uniquely identifies the user, and it should be easy for the user to identify and remember. The
system identifies the user by this name. Typically, a combination of the letters of the first and last
name is used (mine is dpitts on many systems).
</P>

<A NAME="PAGENUM-386"><P>Page 386</P></A>






<P>Although there are traditions (corporate folklore) as to how the username is designated,
the computer does not care what the username is, as long as it is unique. In fact, underscores,
periods, numbers, and some special characters can be used in the username. Also, case makes
a difference; dpitts is different from dpittS or
DPitts.
</P>




<H4><A NAME="ch19_ 6">


Passwords
</A></H4>




<P>The system stores the user's encrypted password in this field. If the system is using a
shadow password system, the value placed in this field will be an
x. A value of * blocks login access to the account, as
* is not a valid character for an encrypted field. This field should never be
edited (after it is set up) by hand, but a program such as
passwd should be used so that proper encryption takes place. If this field is changed by hand, the old password is no longer valid
and, more than likely, will have to be changed by root.
</P>




<P>If the system is using a shadow password system, a separate file exists called
/etc/shadow that contains passwords (encrypted, of
course).
</P>




<H4><A NAME="ch19_ 7">


The User ID
</A></H4>




<P>Every username has a number associated with it. This number, also called the UID, is used
by the system to identify everything owned by the user. All processes, files, and so on
associated with the user are identified in this manner. The valid range for the user ID is zero and
up. Therefore, the account nobody from the
/etc/passwd file listing earlier in this chapter, has
an invalid UID, because it is -1.
</P>




<H4><A NAME="ch19_ 8">


Comments
</A></H4>




<P>This field is used by other programs to identify the user. Typically, the user's real name is
placed in this field. Many times the user's telephone number is also placed here. One thing to keep
in mind concerning this field is that anyone can read it. This means that you should not put
anything in this field that you do not want everyone who has access to your system to see.
This field is sometimes called the GECOS field, after the operating system that first used it.
</P>




<P>In addition to users having access to this field, certain utilities use this field as an identifier
as well. sendmail, for example, can access this field to show who is sending the mail.
finger displays this information upon request.
</P>




<H4><A NAME="ch19_ 9">


The Home Directory
</A></H4>




<P>The home directory field tells the system where to dump the user, if the login is
successful. Typically, this directory is the home directory of the user, but it does not have to be. The
system does not care where the directory points, as long as that user can enter it.
</P>




<P>Typically, the home directories are grouped together for convenience. The standard
directory, under which all users are placed, is
/home. So, my directory might be /home/dpitts; and
rbowen's directory would be /home/rbowen. Some systems, and some companies, use a different
location for grouping home directories. Some alternative locations I have seen are
/u, /user, /s, and
/usr.
</P>


<P><CENTER>
<a href="../ch18/0377-0382.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0387-0389.html">Next</A>
</CENTER></P>




</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>