The useradd command and User Manager window both determine the default values for new accounts by reading the /etc/login.defs file. You can modify those defaults by either editing that file manually with a standard text editor or by running the useradd command with the -D option. If you choose to edit the file manually, here is what you face:
# *REQUIRED* # Directory where mailboxes reside, _or_ name of file, relative to the # home directory. If you _do_ define both, MAIL_DIR takes precedence. # QMAIL_DIR is for Qmail # #QMAIL_DIR Maildir MAIL_DIR /var/spool/mail #MAIL_FILE .mail # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password # expires. # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd # UID_MIN 500 UID_MAX 60000 # # Min/max values for automatic gid selection in groupadd # GID_MIN 500 GID_MAX 60000 # # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # #USERDEL_CMD /usr/sbin/userdel_local # # If useradd should create home directories for users by default. # On RH systems, we do. This option is ORed with the -m flag on # useradd command line. # CREATE_HOME yes
Blank lines and comments beginning with a pound sign (#) are ignored. All other lines contain keyword/value pairs. For example, the keyword MAIL_DIR is followed by some white space and the value /var/spool/mail. This tells useradd that the initial user e-mail mailbox is created in that directory. Following that are lines that enable you to customize the valid range of automatically assigned user ID numbers or group ID numbers. A comment section that explains that keyword’s purpose precedes each keyword. Altering a default value is as simple as editing the value associated with that keyword and then saving the login.defs file.
If you want to view the defaults, type the useradd command with the -D option as follows:
# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel
You can also use the -D option to change defaults. When run with this flag, useradd refrains from actually creating a new user account; instead, it saves any additionally supplied options as the new default values in /etc/login.defs. Not all useradd options can be used in conjunction with the -D option. You can use only the five options listed in Table 11-2.
Set the default directory in which user home directories will be created. Replace default_home with the directory name to use. Usually this is /home.
Set the default expiration date on which the user account is disabled. The default_expire_date value should be replaced with a date in the form MM/DD/YYYY — for example, 10/15/2001.
Set the number of days after a password has expired before the account is disabled. Replace default_inactive with a number representing the number of days.
Set the default group that new users will be placed in. Normally useradd creates a new group with the same name and ID number as the user. Replace default_group with the group name to use.
Set the default shell for new users. Normally this is /bin/bash. Replace default_shell with the full path to the shell that you want as the default for new users.
To set any of the defaults, give the -D option first; then add any of the defaults you want to set. For example, to set the default home directory location to /home/everyone and the default shell to /bin/tcsh, type the following:
# useradd -D -b /home/everyone -s /bin/tcsh
Besides setting up user defaults, an administrator can create default files that are copied to each user's home directory for use. These files can include login scripts and shell configuration files (such as .bashrc). The following sections describe some of these files.
Many Linux applications, including the command shell itself, read a configuration file at startup. It is traditional practice that these configuration files are stored in the users’ home directories. In this way, each user can customize the behavior of the command shell and other applications without affecting that behavior for other users. In this way, global defaults can be assigned from /etc/profile, then those settings can be enhanced or overridden by a user's personal files.
The bash command shell, for example, looks for a file called .bashrc in the current user’s home directory whenever it starts up. Similarly, the tcsh command shell looks for a file called .tcshrc in the user’s home directory. You may see a repeating theme here. Startup scripts and configuration files for various applications usually begin with a dot (.) character and end in the letters rc (which stands for run commands). You can supply initial default versions of these and other configuration files by placing them in the /etc/skel directory. When you run the useradd command, these scripts and configuration files are copied to the new user’s home directory.
By supplying your users with initial .bashrc and ..bash_profile files, you give them a starting point from which they can further customize their shell environment. Moreover, you can be sure that files are created with the appropriate access permissions so as not to compromise system security.
The .bash_profile script is run each time the user starts a new bash shell and, in turn, runs the .bashrc script. So, security is a concern. The .bash_profile file sets the original PATH used by the user, so it is a good place to add directories containing binaries you want the user to be able to run at your location. You can also add other start-up programs you want to run automatically for every user. Here's an example of the .bash_profile file.
# .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH: $HOME/bin export PATH unset USERNAME
The .bashrc file is a good place to supply useful command aliases and additions to the command search path. Here’s an example:
# .bashrc # User specific aliases and functions alias rm=’rm -i’ alias cp=’cp -i’ alias mv=’mv -i’ # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi
This sample .bashrc file creates aliases for the rm, cp, and mv commands that result in a -i option always being used (unless overridden with the -f option). This protects against the accidental deletion of files. Next, the file executes the /etc/bashrc (if it exists) to read any further global bash values.
The following example .tcshrc file does basically the same thing as the preceding .bashrc example. However, this file (which is for the root user) has the additional task of setting the appearance of the command prompt:
# .tcshrc # User specific aliases and functions alias rm 'rm -i' alias cp 'cp -i' alias mv 'mv -i' setenv PATH "$PATH:/usr/bin:/usr/local/bin" set prompt='[%n@%m %c]# '
Instead of using the export command to set environment variables, the tcsh shell uses the setenv command. In the example, setenv is used to set the PATH variable. The shell prompt is set to include your user name (%n), your computer name (%m), and the name of the current directory (%c). So, if you were to use the tcsh shell as the root user on a computer named maple with /tmp as your current directory, your prompt would appear as follows:
The .tcshrc file can also be named .cshrc. The tcsh shell is really an extended version of the csh shell (in fact, you can invoke it by the csh name). When a tcsh shell is started, it first looks for a .tcshrc file in the current user’s home directory. If it can’t find a file by that name, it looks for the other name, .cshrc. Thus, either name is appropriate.
Allowing individually customizable shell startup files for each user is a very flexible and useful practice. But sometimes you need more centralized control than that. You may have an environment variable or other shell setting that you want set for every user, without exception. If you add that setting to each individual shell, the user has the ability to edit that file and remove it. Furthermore, if that setting must be changed in the future, you must change it in every single user’s shell startup file.
Fortunately, there is a better way. There are default startup files that apply to all users of the computer that each command shell reads before reading the user-specific files. In the case of the bash command shell, it reads the /etc/bashrc file before doing anything else.
Similarly, the tcsh shell reads the /etc/csh.cshrc file before processing the .cshrc or .tcshrc file found in the user’s home directory. The following /etc/csh.cshrc file ships with Fedora:
# /etc/cshrc # # csh configuration for all shell invocations. # by default, we want this to get set. # Even for non-interactive, non-login shells. [ `id -gn` = `id -un` -a `id -u` -gt 99 ] if $status then umask 022 else umask 002 endif if ($?prompt) then if ($?tcsh) then set prompt='[%n@%m %c]$ ' else set prompt=\[`id -nu`@`hostname -s`\]\$\ endif endif
The /etc/cshrc and /etc/bashrc files set a variety of shell environment options. If you want to modify or add to the shell environment supplied to every single user on the system, the /etc/bashrc or /etc/cshrc files are the place to do it.
Some of the most basic information assigned to each user is added from the /etc/profile file. So, if you want to change any of the following information, you can start from /etc/profile. Here are some values contained in /etc/profile:
PATH — Assigns the default PATH for the root user and for all other users. You might change this value to add paths to local directories containing applications all users need.
ulimit — Sets the maximum allowable file size the user can create from the shell to be unlimited. You can use ulimit to restrict maximum file size if you find that users are creating enormous files. As defined in the /etc/profile file, ulimit sets no limit to the size of files a user can create. However, it does prevent core files (normally created when a process crashes) from being created.
Environment variables — Shell environment variables that are needed for standard operation are assigned in this file. These include USER (set by the id –un command), LOGNAME (same as USER), MAIL (set to /var/spool/mail/$USER), HOSTNAME (set to the output of the command /bin/hostname), and HISTSIZE (which sets shell command history to 1000 items).
INPUTRC — Sets keyboard mappings for particular situations, based on the contents of the /etc/inputrc file. In particular, the inputrc file makes sure that the Linux console and various Terminal windows (xterm and rxvt) all behave sanely.
The last thing that the /etc/profile file does is look at the contents of the /etc/profile.d directory and source in the files that it finds. Each file contains settings that define environment variables or aliases that affect how users can use the shell. For example, the lang.sh and lang.csh files identify the locations of foreign language files. The vim files create aliases that cause vim to be used when vi is typed. The which-2.sh file defines a set of options used by the which command. You can modify the profile.d files or add your own to have environment variables and aliases set for all of your users.