This section takes a look at some of the most common tasks in user account management: creating user accounts and groups, and adding a user account to a group . We ll use the graphical User Manager tool to step through some examples. Then, the next section looks at what s happening under the covers ”the impact of our actions on the relevant configuration files and how to perform the same (and other) operations via the command line.
To try the User Manager, you ll need to use the root account (and to be extra careful) at each step. We ll assume that you re logged in with a non-root account, which (as previously mentioned) is the safest way to use your operating system.
When you launch any of Fedora Core s graphical administration tools from a non-root account, Linux will (if necessary) prompt you to enter the password to the root account. Figure 7-1 shows the window you ll see every time the root password is required by a graphical tool.
If the password is accepted, a key-shaped icon appears in the notification area at the bottom-right corner of the screen. As long as that icon remains displayed, you can start other Fedora Core graphical administration tools without being asked again for the root password. The key icon does not mean that all actions are undertaken with root privileges; it simply means that when an administration tool requires the root account to run, it may skip this step because the user has already provided the password.
Let s step through the process of creating user accounts for some of the authors of this book. Assume that one normal user account (eziodm, the account for Pancrazio ˜Ezio de Mauro) was created during the installation process; we ll add a couple more accounts, kapils and deepakt, over the course of the following steps.
Launch the User Manager (do this by selecting Main Menu>System Settings>User and Groups, or by typing system-config-users at a command line). Enter the root password if you re prompted to do so. After this, you ll see the User Manager interface, as shown in Figure 7-2.
Each line contains the details of one user account. By default, system accounts are not shown. If you want to see the system accounts, you can do so by selecting the Preferences menu and disabling the Filter system users and groups option.
Click Add User. This opens the Create New User window, as shown in Figure 7-3.
As you can see, this looks similar to the Add a User Account dialog box you saw in Chapter 1, when installing Fedora Core. Fill in the necessary values, so that the dialog box looks something like the one shown in the figure. There are a few points to note as you fill in the fields here:
Remember to choose a unique name for the new account.
The Login Shell list is taken directly from the /etc/ shells file. It is possible to type in the location of a shell that doesn t appear in this list. However, the values commonly used here are /bin/bash or /bin/tcsh . If you don t know the difference between the two, stick to /bin/bash ”it tends to be more popular.
You should create a Home Directory, unless the account is for a program and not a person.
It is a good idea to create a private group for the user at the same time because this will help in setting up good protection schemes. This is the default for Fedora Core and shouldn t be changed without good reason.
It is best not to specify a user ID manually, but to allow the tool to generate one.
After clicking OK, the new user is created and the account is visible on the main window.
Click the new account, and then the Properties button to review the information just entered, and check that it s correct. With the three tabs (Account Info, Password Info , and Groups) it is possible to enable account expiration date, lock the account temporarily, enable password expiration, and assign the account to some of the existing groups. Click OK when you re done reviewing or changing.
The new account has been created. Now repeat the procedure from Step 2 to create as many more accounts as you like. Figure 7-4 shows what the User Manager looks like after creating accounts called kapils and deepakt.
Groups are useful when you need to treat a number of different users the same way. For example, if you want to grant a group of users access to a particular file or directory, you add the users to a group and grant the permission to the group (instead of to the individual user accounts). You ll see more of this later, but first you need to see how to create a group.
We have some user accounts for some of the authors on this book. Let s create a group called authors, and then add these accounts to that group.
You can use the User Manager GUI to manage your groups, too. After you ve launched the GUI, press the Groups tab to see which groups are present (see Figure 7-5).
Again, the GUI s default behavior is to hide the system groups. You can reveal them by selecting the Preferences menu and then disabling the Filter system users and groups option. In Figure 7-5 you can see a group for each of the user accounts created earlier: this is the effect of the Create a private group for the user option you selected when adding the accounts.
Now click the Add Group button to create a new group. In the resulting Create New Group dialog box, type the name of the new group. If you know what you re doing, you can specify a certain group identification number; otherwise , you should let the system decide (see Figure 7-6).
When you re done, press OK.
Now you ll see that the authors group has been created, and is shown in the main User Manager screen. You can create more groups if you like, simply repeating Step 2.
After you ve created your new group, you can start adding the relevant user accounts to it. Then, when you specify the access rights for your group later on in this chapter, the access rights you set will apply to every member of that particular group.
Group membership is not set in stone when the group is created: you can add accounts to the group and remove members from the group at any time. In fact, there are two ways to manage group membership:
You can modify a user s properties, by specifying which groups that user is a member of.
You can modify a group s properties, by specifying which users belong to that group.
In the following example we ll add the users eziodm, kapils, and deepakt to the authors group. In the process, you ll see both of these techniques.
First, modify the membership properties of the eziodm account in the User Manager by selecting the Users tab, and then selecting the eziodm user. Then click the Properties button, and select the Groups tab in the newly created window.
In the Groups tab, you can see which groups this user belongs to just by looking at the checkboxes, as shown in Figure 7-7. You can also add the user to (and remove him from) groups simply by clicking the group names .
In this case, you re managing the eziodm user account s membership of the various system and custom groups that exist on the system. This user is already a member of the private group of the same name, and by selecting the checkbox next to the authors group, you can add the user to that group, too. Click OK to confirm.
Now add the other two users to the authors group. In the User Manager dialog box, select the Groups tab and then the authors group, and then click Properties. In the resulting Group Properties dialog box, select the Group Users tab.
You should find that the eziodm user is already checked because you added this user to the group a moment ago. To add the other two users, just select the checkboxes next to those usernames, as shown in Figure 7-8.
When you submit this, the User Manager confirms the three new members of the authors group, as shown in Figure 7-9.