629-631.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Linux Unleashed, Third Edition:Users and Logins</TITLE>
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!--ISBN=0672313723//-->
<!--TITLE=Linux Unleashed, Third Edition//-->
<!--AUTHOR=Tim Parker//-->
<!--PUBLISHER=Macmillan Computer Publishing//-->
<!--IMPRINT=Sams//-->
<!--CHAPTER=35//-->
<!--PAGES=629-631//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="626-629.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="631-634.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P>In general, the process for manually adding a new user to your system is as follows:
</P>
<DL>
<DD><B>1.</B>&nbsp;&nbsp;Add an entry for the user in the <TT>/etc/passwd</TT> file.
<DD><B>2.</B>&nbsp;&nbsp;Create the user&#146;s home directory and set the ownership.
<DD><B>3.</B>&nbsp;&nbsp;Copy the shell startup files and edit their settings and ownerships.
</DL>
<P>Some distributions of the Linux system have a holdover command from the Berkeley BSD UNIX version. The command <TT>vipw</TT> invokes the <TT>vi</TT> editor (or whatever the default system editor has been set to) and edits a temporary copy of the <TT>/etc/passwd</TT> file. The use of a temporary file and file lock acts as a lock mechanism to prevent two different users from editing the file at the same time. When the file is saved, <TT>vipw</TT> does a simple consistency check on the changed file, and if all appears proper, the <TT>/etc/passwd</TT> file is updated.</P>
<P>The automated scripts for Linux tend to have the names <TT>useradd</TT> or <TT>adduser</TT>. When run, they prompt you for all the information that is necessary in the <TT>/etc/passwd</TT> file. Both versions let you exit at any time to avoid changing the <TT>/etc/passwd</TT> file. The automated scripts also tend to ask for an initial password, which you can set to anything you want or leave blank. One advantage of the automated scripts is that they copy all the configuration files for the supported shells automatically, and in some cases, make environment variable changes for you. This can significantly simplify the process of adding users.</P>
<BLOCKQUOTE>
<P><FONT SIZE="-1"><HR><B>Note:&nbsp;&nbsp;</B><BR>A quick note on passwords&#151;they are vitally important to the security of your system. Unless you are on a standalone Linux machine with no dial-in modems, every account should have a secure password. Passwords are assigned and changed with the <TT>passwd</TT> command. The superuser can change any password on the system, but a user can only change his own password.<HR></FONT>
</BLOCKQUOTE>
<H3><A NAME="Heading13"></A><FONT COLOR="#000077">Deleting Users</FONT></H3>
<P>Just like adding new users, deleting users can be done with an automated script or manually. The automated script <TT>deluser</TT> or <TT>userdel</TT> asks which user you want to delete, and then removes the entry from the <TT>/etc/passwd</TT> file. Some scripts also clean out the spool and home directory files, if you want. You must make any deletions to the <TT>/etc/passwd</TT> file when logged in as <TT>root</TT>.</P>
<P>If you delete users manually, simply remove their entries from the <TT>/etc/passwd</TT> file. Then you can clean up their directories to clear disk space. You can completely delete all their files and their home directory with the following command:</P>
<!-- CODE SNIP //-->
<PRE>
rm -r /home/userdir
</PRE>
<!-- END CODE SNIP //-->
<P><TT>/home/userdir</TT> is the full pathname of the user&#146;s home directory. Make sure there are no files you want to keep in that directory before you blow them all away!</P>
<P>Next, you should remove the user&#146;s mail spool file, which is usually kept in <TT>/usr/spool/mail/username</TT>. For example, to remove the user <TT>walter</TT>&#146;s mail file, issue the following command:</P>
<!-- CODE SNIP //-->
<PRE>
rm /usr/spool/mail/walter
</PRE>
<!-- END CODE SNIP //-->
<P>The spool file is a single file, so this command cleans up the entries properly. To finish off the mail cleanup, check that the user has no entries in the mail alias files (usually <TT>/etc/aliases</TT>) or you can force all mail for that user to another login (such as <TT>root</TT>). To make any changes to the <TT>/etc/aliases</TT> file effective, you must run the <TT>newaliases</TT> command.</P>
<P>Finally, clean up the user&#146;s <TT>cron</TT> and <TT>at jobs</TT>. You can display the user&#146;s <TT>crontab</TT> file using the <TT>crontab</TT> command.</P>
<P>If you need to retain the user for some reason (such as file ownerships, a general access account, or accounting purposes), you can disable the login completely by placing an asterisk in the password field of the <TT>/etc/passwd</TT> file. That login can never be used once an asterisk is in the password field. If you need to reactivate the account, simply run the <TT>passwd</TT> command.</P>
<P>The process for manually deleting a user (or using an automated script that doesn&#146;t clean up directories and files) is as follows:</P>
<DL>
<DD><B>1.</B>&nbsp;&nbsp;Remove the user&#146;s entry from <TT>/etc/passwd</TT> and <TT>/etc/group</TT>.
<DD><B>2.</B>&nbsp;&nbsp;Remove the user&#146;s mail file and any mail aliases.
<DD><B>3.</B>&nbsp;&nbsp;Remove any <TT>cron</TT> or <TT>at</TT> jobs.
<DD><B>4.</B>&nbsp;&nbsp;Remove the home directory if you don&#146;t want any files it contains.
</DL>
<P>Occasionally, you may want to temporarily disable a user&#146;s account, such as when he or she goes on an extended leave or vacation. If you want to temporarily disable the login but be able to recover it at any time in the future, add an asterisk as the first character of the encrypted password. Don&#146;t alter any characters in the existing passwords, but just add the asterisk to the front. When you want to reactivate the account, remove the asterisk, and the password is back to whatever it was set at before you made the changes.
</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="626-629.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="631-634.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>