Creating User Accounts

Previous page
Table of content
Next page

Creating User Accounts

Every person who uses your Fedora or RHEL system should have a separate user account. Having a user account provides each person with an area in which to securely store files. A user account also defines which files and directories a user is permitted to create, modify, or delete throughout the computer's file system.

Some user accounts are already there when you install your Linux system. Administrative users (originally UID 0-100, although now UIDs up to 499 are used) are created to maintain separate control of system files and services from a regular user. Of the administrative user accounts, you will probably only use root (when some system administration is required).

Regular user accounts are created using any names you choose, starting (by default) with a user ID (UID) of 500. Regular users you add to your Fedora or RHEL system typically fall into one of two categories:

  • Desktop users - A desktop user is one that you expect to use your computer via a graphical interface (typically GNOME or KDE). Create this kind of user account for yourself and anyone else you want to log in directly to your computer (or from a thin client over the network). Most of this section describes how to add this type of user.

  • Server users - If you are configuring Fedora or RHEL as a server (Web, mail, FTP, and so on), you may want to add accounts for users who have limited access to your system. You may want those users to be able to add content to a Web server or access a mail server, but have only a shell login account (or possibly no login account). See the section "Adding user accounts to servers" later in this chapter for information on adding these types of accounts.

Cross-Reference 

If you have multiple users, you'll also need to be concerned about backup and recovery issues for those users. See Chapter 13 for more information.

You can add user accounts to your Fedora or RHEL system in several ways. This chapter describes how to use the useradd command to add user accounts to Fedora or RHEL from the command line, and how to use the User Manager window to add users from the desktop.

Adding Users with Useradd

The most straightforward method for creating a new user from the shell is with the useradd command. After opening a Terminal window with root permission, you simply invoke the useradd command at the command prompt, with details of the new account as parameters.

The only required parameter to useradd is the login name of the user, but you will probably want to include some additional information. Each item of account information is preceded by a single letter option code with a dash in front of it. Table 11-1 lists the options that are available with the useradd command.

Table 11-1: useradd Command Options
Open table as spreadsheet

Option

Description

-c " comment "

Provide a description of the new user account. Usually just the person's full name. Replace comment with the name of the user account. If the comment contains multiple words, use quote marks.

-d home_dir

Set the home directory to use for the account. The default is to name it the same as the login name and to place it in /home . Replace home_dir with the directory name to use.

-D

Rather than create a new account, save the supplied information as the new default settings for any new accounts that are created.

-e expire_date

Assign the expiration date for the account in MM/DD/YYYY format. Replace expire_date with the expiration date to use.

-f inactivity

Set the number of days after a password expires until the account is permanently disabled. Setting this to disables the account immediately after the password has expired . Setting it to -1 disables the option, which is the default behavior. Replace inactivity with the number to use.

-g group

Set the primary group (as listed in the /etc/group file) that the new user will be in. Replace group with the group name to use.

-G grouplist

Add the new user to the supplied comma-separated list of groups.

-k skel_dir

Set the skeleton directory containing initial configuration files and login scripts that should be copied to a new user's home directory. This parameter can only be used in conjunction with the -m option. Replace skel_dir with the directory name to use.

-m

Automatically create the user's home directory and copy the files in the skeleton directory ( /etc/skel ) to it.

-M

Do not create the new user's home directory, even if the default behavior is set to create it.

-n

Turn off the default behavior of creating a new group that matches the name and user ID of the new user.

-o

Use with -u uid to create a user account that has the same UID as another user name. (This effectively lets you have two different users with authority over the same set of files and directories.)

-p passwd

Enter a password for the account you are adding. This must be an encrypted password. Instead of adding an encrypted password here, you can simply use the passwd user command later to add a password for user .

-r

Allows you to create a new account with a user ID in the range reserved for system accounts.

-s shell

Specify the command shell to use for this account. Replace shell with the command shell.

-u user_id

Specify the user ID number for the account. The default behavior is to automatically assign the next available number. Replace user_id with the ID number.

As an example, create an account for a new user named Mary Smith with a login name of mary . First, log in as root, and then type the following command: 

 #  useradd -c  "  Mary Smith  "  mary
Tip 

When you choose a user name, don't begin with a number (for example, 06jsmith). Also, it is best to use all lowercase letters , no control characters or spaces, and a maximum of eight characters . The useradd command allows up to 32 characters, but some applications can't deal with user names that long. Tools such as ps display UIDs instead of names if names are too long. Having users named Jsmith and jsmith can cause confusion with programs (such as sendmail) that don't distinguish case. Also, some very old applications may not be able to handle usernames with more than eight characters.

Next, set Mary's initial password using the passwd command. It prompts you to type the password twice. (Asterisks are shown here to represent the password you type. Nothing is actually displayed when you type the password.) 

 #  passwd mary  Changing password for user mary. New password:  *******  Retype new password:  *******
Cross-Reference 

Refer to Chapter 14 for tips on picking good passwords.

In creating the account for Mary, the useradd command performs several actions:

  • Reads the /etc/login.defs file to get default values to use when creating accounts.

  • Checks command-line parameters to find out which default values to override.

  • Creates a new user entry in the /etc/passwd and /etc/shadow files based on the default values and command-line parameters.

  • Creates any new group entries in the /etc/group file.

  • Creates a home directory based on the user's name and located in the /home directory.

  • Copies any files located within the /etc/skel directory to the new home directory. This usually includes login and application startup scripts.

The preceding example uses only a few of the available useradd options. Most account settings are assigned using default values. Here's an example that uses a few more options: 

 #  useradd -m -g users -G wheel,sales -s /bin/tcsh -c "Mary Smith" mary

In this case, the useradd command is told to create a home directory for mary ( -m ), make users the primary group she belongs to ( -g ), add her to the groups wheel and sales ( -G ), and assign tcsh as her primary command shell ( -s ). Note that the wheel and sales groups must already exist for this example to work. This results in a line similar to the following being added to the /etc/passwd file: 

 mary:x:502:100:Mary Smith:/home/mary:/bin/tcsh

In the /etc/passwd file, each line represents a single user account record. Each field is separated from the next by a colon ( : ) character. The field's position in the sequence determines what it is. As you can see, the login name is first. The password field contains an x because we are using a shadow password file to store encrypted password data. The user ID selected by the useradd command was 502. The primary group ID is 100, which corresponds to the users group in the /etc/group file. The comment field was correctly set to Mary Smith, the home directory was automatically assigned as /home/mary , and the command shell was assigned as /bin/tcsh , exactly as specified with the useradd options.

By leaving out many of the options (as I did in the first useradd example), defaults are assigned in most cases. For example, by not using -g users or -G wheel,sales, a group named mary would have been created and assigned to the new user. Likewise, excluding -s /bin/tcsh causes /bin/bash to be assigned as the default shell.

The /etc/group file holds information about the different groups on your Fedora or RHEL system and the users who belong to them. Groups are useful for allowing multiple people to share access to the same files while denying access to others. If you peek at the /etc/group file, you should find something similar to this: 

 bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon tty:x:5: disk:x:6:root lp:x:7:daemon,lp mem:x:8: kmem:x:9: wheel:x:10:root,joe,mary . . . nobody:x:99: users:x:100: chris:x:500 sheree:x:501 sales:x:601:bob,jane,joe,mary

Each line in the group file contains the name of a group, the group ID number associated with it, and a list of users in that group. By default, each user is added to his or her own group, beginning with GID 500. Note that mary was added to the wheel and sales groups instead of having her own group.

It is actually rather significant that mary was added to the wheel group. By doing this, you grant her the ability to use the sudo command to run commands as the root user, provided that the wheel line is uncommented from the /etc/ sudoers file (as described in Chapter 10), which it is not by default.

In this example, we used the -g option to assign mary to the users group. If you leave off the -g parameter, the default behavior is for useradd to create a new group with the same name and ID number as the user, which is assigned as the new user's primary group. For example, look at the following useradd command: 

 #  useradd -m -G wheel,sales -s /bin/tcsh -c  "  Mary Smith  "  mary

It would result in a /etc/passwd line like this: 

 mary:x:502:502:Mary Smith:/home/mary:/bin/tcsh

It would also result in a new group line like this: 

 mary:x:502:

Note that the user ID and group ID fields now have the same number. If you set up all of your users this way, you will have a unique group for every user on the system, which allows for increased flexibility in the sharing of files among your users.

Adding Users with User Manager

If you prefer a graphical window for adding, changing, and deleting user accounts, you can use the User Manager window. To open the window from the GNOME desktop, click System Administration Users and Groups (or type system-config-users from a Terminal window as root user). Figure 11-1 shows an example of that window.

image from book
Figure 11-1: Manage users from the User Manager window.

When you open the User Manager window, you see a list of all regular users who are currently added to your computer. Administrative users (UID 1 through 499) are not displayed. For each user, you can see the user name, UID, primary group, full name, login shell, and home directory. Click any of those headings to sort the users by that information.

To add a new user from the User Manager window, do the following:

  1. Click the Add User icon to open the Create New User window (see Figure 11-2).

  2. Type the requested information in the following fields:

    • User Name - A single word to describe the user. Typically, the user name is eight characters, all lowercase, containing the user's real first name, last name, or (more often) a combination of the two (such as jwjones).

    • Full Name - The user's full name (usually first name, middle initial, and last name). This name is typically just used for display, so using upper- and lowercase is fine.

    • Password - The user's initial password. (Ask the user to change this password the first time he or she logs in to the new account, using the passwd command.)

    • Confirm Password - Type the password again, to make sure you entered it correctly.

    • Login Shell - The default shell (for entering typed commands) that the user sees when first logging in to Fedora or RHEL from a character display.

    • Create home directory - By default, this box is selected and the user's home directory (as indicated by the Home Directory field) is created automatically.

    • Home Directory - By default, the user is given a home directory of the user's name in the /home directory. (For example, the user sheree would be assigned /home/sheree as her home directory.) Change this field if you want to assign the user to a different home directory.

    • Create a private group for the user - Check this box if you want a group by the same name as the user, created for this user. The name is added to the /etc/group file. This feature is referred to as user private groups (UPGs).

    • Specify user ID manually - Typically, you would not check this box, so that the UID for the new user would be assigned automatically. New UIDs for regular users start at 500. However, if you want to assign a particular UID for a user (for example, if you want to match the UID with the user's UID from another computer on your network), click this box and type the number you want to use in the UID box.

  3. Click OK when you are done. The new user is added to the /etc/passwd and /etc/group files. The user account is now available for that user to login.

image from book
Figure 11-2: The Create New User window
Tip 

Using user private groups (UPGs) can be a benefit for sharing a directory of files among several users. Here's an example: 

  # useradd -m projectx   # mkdir /usr/local/x   # chown root.projectx /usr/local/x   # chmod 2775 /usr/local/x   # ls -ld /usr/local/x  drwxrwsr-x 2 root projectx 4096 Aug 18 01:54 /usr/local/x  # gpasswd -a  nextuser  projectx

In this example, you create a user named projectx (with a group named projectx ). Create a /usr/local/x directory and have it owned by root user and projectx group. Set the setgid bit to be on for the group (2), open full read/write/execute permissions for user and group (77), and open read and execute permissions for everyone else (5). Add each user to the group that you want to be able to write to the projectx directory (replace nextuser with the user you want to add). After that, regardless of a user's primary group, any file created in the /usr/local/x directory by a user can be read or modified by anyone in the projectx group.



Previous page
Table of content
Next page
Fedora 6 and Red Hat Enterprise Linux Bible
Fedora 6 and Red Hat Enterprise Linux Bible
ISBN: 047008278X
EAN: 2147483647
Year: 2007
Pages: 279
Authors: Christopher Negus
BUY ON AMAZON
Developing Tablet PC Applications (Charles River Media Programming)
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
MySQL Cookbook
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy