Creating new user accounts is just one small administrative task among many. No single chapter can adequately discuss all the tasks that are involved in the ongoing support of users. But I share with you a few hints and procedures to ease that burden.
E-mail is a wonderful communication tool, especially for the overworked system administrator. People usually put more thought and effort into their e-mail messages than into the voice messages that they leave. A text message can be edited for clarity before being sent, and important details can be cut and pasted from other sources. This makes e-mail an excellent method for Linux users to communicate with their system administrators.
In an office with only a few users, you can probably get away with using your personal mailbox to send and receive support e-mails. In a larger office, however, you should create a separate mailbox reserved only for technical support issues. This has several advantages over the use of your personal mailbox:
Support messages will not be confused with personal, nonsupport-related messages.
Multiple people can check the mailbox and share administrative responsibility without needing to read each other’s personal e-mail.
Support e-mail is easily redirected to another person’s mailbox when you go on vacation. Your personal e-mail continues to go to your personal mailbox.
One easy solution is to simply create a support e-mail alias that redirects messages to an actual mailbox or list of mailboxes. For example, suppose you want to create a support alias that redistributes e-mail to the user accounts for support staff members Joe, Mary, and Bob. You would log in as root, edit the /etc/aliases file, and add lines similar to the following:
# Technical support mailing list support: joe, mary, bob
After saving the file, you need to run the newaliases command to recompile the /etc/aliases file into a database format. Now your users can send e-mail to the support e- mail address, and the message is automatically routed to everyone on the list. When a member of the list responds to that message, he or she should use the Reply To All option so that the other support staff members also see the message. Otherwise, multiple people may attempt to solve the same problem, resulting in wasteful duplication of effort.
You may also choose to create a support user account. The technical support staff would log in to this account to check messages and send replies. In this manner, all replies are stamped with the support login name and not the personal e-mail address of a staff member.
One common (if not the most common) problem that your users will encounter is the inability to log in because:
They have the Caps Lock key on.
They have forgotten the password.
The password has expired.
If the Caps Lock key is not on, then you probably need to reset the user’s password. You can't look up the password because Linux stores passwords in an encrypted format. Instead, use the passwd command to assign a new password to the user’s account. Give the user the new password (preferably in person), but then set the password to expire soon so that he or she must choose one (hopefully, one that is more easily remembered).
If you must reset a user’s password, do so with the passwd command. While logged in as root, type passwd followed by the login name you are resetting. You are prompted to enter the password twice. For example, to change the password for mary, type:
# passwd mary
After resetting the password, set it to expire so that the user is forced to change it the next time she logs in. You can use the chage command to set an expiration period for the password and to trick the system into thinking that the password is long overdue to be changed.
# chage -M 30 -d 0 mary
The -M 30 option tells the system to expire Mary’s password every 30 days. The -d 0 option tricks the system into thinking that her password has not been changed since January 1, 1970.
Administrators who support multiple users might want to consider some newer technologies which make life easier, like centralized e-mail address books using LDAP. See Chapter 22 for more information.