Every person who uses your Fedora system should have a separate user account. Having a user account provides each person with an area in which to securely store files, as well as a means of tailoring his or her user interface (GUI, path, environment variables, and so on) to suit the way that he or she uses the computer.
If you have multiple users, you’ll also need to be concerned about backup and recovery issues. See Chapter 13 for more information.
You can add user accounts to your Fedora system in several ways. This chapter describes how to use the useradd command to add user accounts to Fedora from the command line, and how to use the User Manager window to add users from the desktop.
The most straightforward method for creating a new user from the shell is with the useradd command. After opening a Terminal window with root permission, you simply invoke the useradd command at the command prompt, with details of the new account as parameters.
The only required parameter to useradd is the login name of the user, but you will probably want to include some additional information. Each item of account information is preceded by a single letter option code with a dash in front of it. Table 11-1 lists the options that are available with the useradd command.
Provide a description of the new user account. Usually just the person’s full name. Replace comment with the name of the user account. If the comment contains multiple words, use quote marks.
Set the home directory to use for the account. The default is to name it the same as the login name and to place it in /home. Replace home_dir with the directory name to use.
Rather than create a new account, save the supplied information as the new default settings for any new accounts that are created.
Assign the expiration date for the account in MM/DD/YYYY format. Replace expire_date with the expiration date to use.
Set the number of days after a password expires until the account is permanently disabled. Setting this to 0 disables the account immediately after the password has expired. Setting it to -1 disables the option, which is the default behavior.
Set the primary group (as listed in the /etc/group file) that the new user will be in. Replace group with the group name to use.
Add the new user to the supplied comma-separated list of groups.
Set the skeleton directory containing initial configuration files and login scripts that should be copied to a new user’s home directory. This parameter can only be used in conjunction with the -m option. Replace skel_dir with the directory name to use.
Automatically create the user’s home directory and copy the files in the skeleton directory (/etc/skel) to it.
Do not create the new user’s home directory, even if the default behavior is set to create it.
Turn off the default behavior of creating a new group that matches the name and user ID of the new user.
Use with -u uid to create a user account that has the same UID as another user name. (This effectively lets you have two different users with authority over the same set of files and directories.)
Enter a password for the account you are adding. This must be an encrypted password. Instead of adding an encrypted password here, you can simply use the passwd user command later to add a password for user.
Allows you to create a new account with a user ID in the range reserved for system accounts.
Specify the command shell to use for this account. Replace shell with the command shell.
Specify the user ID number for the account. The default behavior is to automatically assign the next available number. Replace user_id with the ID number.
As an example, create an account for a new user named Mary Smith with a login name of mary. First, log in as root, then type the following command:
# useradd -c "Mary Smith" mary
When you choose a user name, don't begin with a number (for example, 06jsmith). Also, it is best to use all lowercase letters, no control characters or spaces, and a maximum of eight characters. The useradd command allows up to 32 characters, but some applications can't deal with user names that long. Tools such as ps display UIDs instead of names if names are too long. Having users named Jsmith and jsmith can cause confusion with programs (such as sendmail) that don't distinguish case.
Next, set Mary’s initial password using the passwd command. It prompts you to type the password twice. (Asterisks are shown here to represent the password you type. Nothing is actually displayed when you type the password.)
# passwd mary Changing password for user mary. New password: ******* Retype new password: *******
Refer to Chapter 14 for tips on picking good passwords.
In creating the account for Mary, the useradd command performs several actions:
Reads the /etc/login.defs file to get default values to use when creating accounts.
Checks command-line parameters to find out which default values to override.
Creates a new user entry in the /etc/passwd and /etc/shadow files based on the default values and command-line parameters.
Creates any new group entries in the /etc/group file.
Creates a home directory based on the user’s name and located in the /home directory.
Copies any files located within the /etc/skel directory to the new home directory. This usually includes login and application startup scripts.
The preceding example uses only a few of the available useradd options. Most account settings are assigned using default values. Here’s an example that uses a few more options:
# useradd -m -g users -G wheel,sales -s /bin/tcsh -c "Mary Smith" mary
In this case, the useradd command is told to create a home directory for mary (-m), make users the primary group she belongs to (-g), add her to the groups wheel and sales (-G), and assign tcsh as her primary command shell (-s). This results in a line similar to the following being added to the /etc/passwd file:
In the /etc/passwd file, each line represents a single user account record. Each field is separated from the next by a colon (:) character. The field’s position in the sequence determines what it is. As you can see, the login name is first. The password field contains an x because we are using a shadow password file to store encrypted password data. The user ID selected by the useradd command was 502.The primary group ID is 100, which corresponds to the users group in the /etc/group file. The comment field was correctly set to Mary Smith, the home directory was automatically assigned as /home/mary, and the command shell was assigned as /bin/tcsh, exactly as specified with the useradd options.
By leaving out many of the options (as I did in the first useradd example), defaults are assigned in most cases. For example, by not using -g users or -G wheel,sales, a group named mary would have been created and assigned to the new user. Likewise, excluding -s/bin/tcsh causes /bin/bash to be assigned as the default shell.
The /etc/group file holds information about the different groups on your Fedora system and the users who belong to them. Groups are useful for allowing multiple people to share access to the same files while denying access to others. If you peek at the /etc/group file, you should find something similar to this:
bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon tty:x:5: disk:x:6:root lp:x:7:daemon,lp mem:x:8: kmem:x:9: wheel:x:10:root,joe,mary . . . nobody:x:99: users:x:100: chris:x:500 sheree:x:501 sales:x:601:bob,jane,joe,mary
Each line in the group file contains the name of a group, the group ID number associated with it, and a list of users in that group. By default, each user is added to his or her own group, beginning with GID 500. Note that mary was added to the wheel and sales groups instead of having her own group.
It is actually rather significant that mary was added to the wheel group. By doing this, you grant her the ability to use the sudo command to run commands as the root user (provided that sudo was configured as described in Chapter 10).
In this example, we used the -g option to assign mary to the users group. If you leave off the -g parameter, the default behavior is for useradd to create a new group with the same name and ID number as the user, which is assigned as the new user’s primary group. For example, look at the following useradd command:
# useradd -m -G wheel,sales -s /bin/tcsh -c "Mary Smith" mary
It would result in a /etc/passwd line like this:
It would also result in a new group line like this:
Note that the user ID and group ID fields now have the same number. If you set up all of your users this way, you will have a unique group for every user on the system, which allows for increased flexibility in the sharing of files among your users.
If you prefer a graphical window for adding, changing, and deleting user accounts, you can use the User Manager window. To open the window from the GNOME desktop, click System Settings ® Users and Groups (or type system-config-users from a Terminal window as root user). Figure 11-1 shows an example of that window.
Figure 11-1: Manage users from the User Manager window.
When you open the User Manager window, you see a list of all regular users who are currently added to your computer. Administrative users (UID 1 through 499) are not displayed. For each user, you can see the user name, UID, primary group, full name, login shell, and home directory. Click on any of those headings to sort the users by that information.
To add a new user from the User Manager window, do the following:
Click the Add User icon to open the Create New User window (see Figure 11-2).
Figure 11-2: The Create New User window
Type the requested information in the following fields:
User Name — A single word to describe the user. Typically, the user name is eight characters, all lowercase, containing the user's real first name, last name, or (more often) a combination of the two (such as jwjones).
Full Name — The user’s full name (usually first name, middle initial, and last name). This name is typically just used for display, so using upper- and lowercase is fine.
Password — The user’s initial password. (Ask the user to change this password the first time he or she logs in to the new account, using the passwd command.)
Confirm Password — Type the password again, to make sure you entered it correctly.
Login Shell — The default shell (for entering typed commands) that the user sees when first logging in to Fedora from a character display.
Create home directory — By default, this box is selected and the user’s home directory (as indicated by the Home Directory field) is created automatically.
Home Directory — By default, the user is given a home directory of the user’s name in the /home directory. (For example, the user sheree would be assigned /home/sheree as her home directory.) Change this field if you want to assign the user to a different home directory.
Create a private group for the user — Check this box if you want a group by the same name as the user, created for this user. The name is added to the /etc/group file. This feature is referred to as user private groups (UPGs).
Using UPGs can be a benefit for sharing a directory of files among several users. Here's an example:
# useradd -m projectx # mkdir /usr/local/x # chown root.projectx /usr/local/x # chmod 2775 /usr/local/x # ls -ld /usr/local/x drwxrwsr-x 2 root projectx 4096 Aug 18 01:54 /usr/local/x # gpasswd -a nextuser projectx
In this example, you create a user named projectx (with a group named projectx). Create a /usr/local/x directory and have it owned by root user and projectx group. Set the setuid bit to be on for the group (2), open full read/write/execute permissions for user and group (77), and open read and execute permissions for everyone else (5). Add each user to the group that you want to be able to write to the projectx directory (replace nextuser with the user you want to add). After that, regardless of a user's primary group, any file created in the /usr/local/x directory by a user can be read or modified by anyone in the projectx group.
Specify user ID manually — Typically, you would not check this box, so that the UID for the new user would be assigned automatically. New UIDs for regular users start at 500. However, if you want to assign a particular UID for a user (for example, if you want to match the UID with the user’s UID from another computer on your network), click this box and type the number you want to use in the UID box.
Click OK when you are done. The new user is added to the /etc/passwd and /etc/group files. The user account is now available for that user to login.