doc058.htm

Reh Hat user manual. really goooood

<html><body>
<a href="doc059.html"><img src=../icons/next.gif alt="Next"></a>
<a href="doc000.html"><img src=../icons/up.gif alt="Up"></a>
<a href="doc057.html"><img src=../icons/previous.gif alt="Previous"></a>
<a href="doc000.html"><img src=../icons/contents.gif alt="Contents"></a>
<a href="doc123.html"><img src=../icons/index.gif alt="Index"></a>
<hr>
<h2><a name="s8.1">8.1 User and Group Configuration</a></h2>
<title>User and Group Configuration</title>



<p>The tool shown in Figure <a href="doc058.html#f22">22</a> manages the users and groups on
your system.  In a sense, it is a graphical editor for
<tt>/etc/passwd</tt> and <tt>/etc/group</tt>, and for <tt>/etc/shadow</tt> if
you have enabled shadow passwords.  With this tool you can add and
remove users and groups, set login shells, full names, home
directories, uid, gids, etc.

<p><p><a name="f22"></a><center><img src="img017.gif"></center><p><center>Figure 22:User and Group Configuration Panel</center><p>

<p><h3><a name="s8.1.1">8.1.1 Adding or Editing a User</a></h3>
<title>Adding or Editing a User</title>

<a name="i207">
<a name="i208">

<p>The same interface is used to add and edit users. To add a user, click
on the <b>Add</b> button in the main window.  A dialog box will pop
up like the one in figure <a href="doc058.html#f23">23</a> will appear, with some
defaults already filled in. To edit an existing user, double-click on
the user in the main window, or click on the user and then on the
<b>View/Edit</b> button.

<p><p><a name="f23"></a><center><img src="img018.gif"></center><p><center>Figure 23:Add User Dialog Box</center><p>

<p>First enter the user name.  This is <em>not</em> the user's first and last
name; it is the id they will use to log on to the system.  Do not
include any spaces or colons, and do not enter more than 8 characters.
Press the enter key when you are finished, and some of the other fields
will be filled in with default values.  You may change them if you
wish, but it is not necessary.  You can, at your option, enter the
user's full name, office, and phone numbers. The login shell can be
changed from the default (normally <tt>/bin/bash</tt>) either by choosing
a selection from the drop-down menu or by simply typing in the shell
like the other fields.

<p>You need to do something about the password.  There are five options on
the <b>Encrypted Password</b> menu: Original, Change, No Password,
Lock, and Unlock.  No Password is a very bad option --- with no
password anyone can login to your system using this id.  Choosing Lock
will prevent anyone from logging in with this id but keep any password
already assigned so that it can be unlocked later; Unlock will unlock a
previously locked password.  Original is blank (No Password) when you
are adding a new user --- the same dialog box is used for editing
existing users, when Original is the user's original password.  Usually
you will choose Change. A small dialog box will appear where you will
need to enter a password, and then confirm it by typing it a second
time.  Click on <b>Done</b> in the password entry window to confirm
that you have type the password correctly.

<p>The numbers that the tool provides for <b>UID</b> and <b>GID</b>
will work.  If you change them, you are on your own; the tool is
designed to assume that if you change them, you know what you are doing
and want to change them.  If you don't know what UID or GID stand for,
leave them alone.

<p>If you have configured shadow passwords on your system you will have a
Shadow Management button that will allow you to configure password and
account expiry.  By default (fields shown as blank have the default
value), no expiry will be done.  If you are unfamiliar with shadow
password account management, you will probably wish to accept the
default. Click on <b>Done</b> when you are done editing the expiry
information.

<p>When you are done editing the user, click on <b>Done</b> in the Edit
User Definition dialog box to add the user.

<p>If this user does not already have a home directory (and they won't
unless you have already created the home directory), one will be
created.

<p><h3><a name="s8.1.2">8.1.2 Removing a User</a></h3>
<title>Removing a User</title>

<a name="i209">
<p><a name="f24"></a><center><img src="img019.gif"></center><p><center>Figure 24:Delete User Dialog Box</center><p>

<p>To remove a user, select a user in the main window by clicking on it,
and then click on <b>Remove</b>.  You will be presented with the
dialog box presented in Figure <a href="doc058.html#f24">24</a>.  There are three
types of action you may take.  You may ignore the user's home
directory, leaving it alone, you can archive and compress it into a
<tt>.tar.gz</tt> file, or you can delete it completely.  You can delete the
user's mail spool if you like.  These first two actions will take place
immediately after you confirm the deletion, before the tool accepts
more input. You can search for files owned by the user on parts of the
filesystem other than the user's home directory and either give
ownership to the user <tt>nobody</tt> or delete them.  If you choose to
search for the user's files, you have the option of mailing a report of
the errors to root. This is important because the searching will be
done in the background as you continue to work; it may take a long
time.  To find files owned by <tt>nobody</tt>, execute the following
command:

<p><blockquote>
<pre>
find / \( -group nobody -o -user nobody \) -print
</pre>
</blockquote>

<p><h4><a name="s8.1.2.1">8.1.2.1 Deactivating a User</a></h4>
<title>Deactivating a User</title>

<a name="i210">

<p>Sometimes you may just want to temporarily <em>remove</em> a user, with the
intention of reinstating the user later.  The <b>Lock</b> and
<b>Unlock</b> functions handle this.  When you deactivate a user, the
user's password is locked by prepending a `<tt>*</tt>' to it, preventing
the user from logging in.  You also have the option of ``collapsing''
the user's home directory with <tt>tar</tt> and <tt>gzip</tt>, which can save
some space. When you reactivate a user, the password locking is
removed, and if the home directory was collapsed, it is expanded back
to normal.  When you lock a user, you are presented with the same
options as when you delete a user, but you are unlikely to want to
delete any files.

<p><h3><a name="s8.1.3">8.1.3 Creating a New Group</a></h3>
<title>Creating a New Group</title>

<a name="i211">

<p>To create a new group, first switch to group editing mode by selecting
the <b>Groups</b> tab at the top of the main window.  Clicking on
<b>Add</b> brings up a dialog box to specify the group details.
First enter a name for the new group.  Just like a user name, the group
name should have no spaces or colons, and should be no longer than 8
characters. You can set a group password; if you do, users who are not
members of the group may assume group membership by using the newgrp
program and providing it with the password. To add members to the
group, enter their names in the User list field.  When you have
selected all the group members, click <b>Done</b>

<p><h3><a name="s8.1.4">8.1.4 Editing an Existing Group</a></h3>
<title>Editing an Existing Group</title>

<a name="i212">

<p>To edit an existing group, double-click on the group in the main
window, or click on the group and then on <b>View/Edit</b>.  The same
interface is used to edit an existing group as to create a new group.

<p><p><hr>
<a href="doc059.html"><img src=../icons/next.gif alt="Next"></a>
<a href="doc000.html"><img src=../icons/up.gif alt="Up"></a>
<a href="doc057.html"><img src=../icons/previous.gif alt="Previous"></a>
<a href="doc000.html"><img src=../icons/contents.gif alt="Contents"></a>
<a href="doc123.html"><img src=../icons/index.gif alt="Index"></a>
<hr>
</body></html>