PAUSE
PAGEFLOP
FORWARD
SELECTOR
SELAGAIN
WRONGSEL
YOUR SELECTION IS NOT IN THE 0 - #SELIMIT RANGE Please try again
P0
Copyright CourseWare Technologies Inc., 1985-88
Lesson - 3
ADDING AND REMOVING USERS
MENU
Adding/Removing Users|Topics to Learn|3-0|11,53
# Topic
--- -------
1 - Creating New Accounts
2 - Adding a New User to the /etc/passwd File
3 - Adding a New User to the /etc/group File
4 - Creating a login Directory for a New User
5 - Setting Up Default File Permissions
6 - Setting Up a New User's Environment
7 - Removing a User's Account
8 - Lesson Review
0 - Return to the Main Menu
P1
Adding/Removing Users|Creating New Accounts|3-1.1|7,56
Regardless of whether you are on a single or a
multi-user system, you may and probably should have
more than one user account.
The process of adding a new account to the system
is almost identical for most UNIX systems.
P2
Adding/Removing Users|Creating New Accounts|3-1.2|6,56
The minimum procedure for creating a new account
consists of two steps:
1. creating an entry in the /etc/passwd file and
2. creating a login (or HOME) directory.
P3
Adding/Removing Users|Creating New Accounts|3-1.3|16,58
The process of adding a new user is automatic if
you have a shell script like mkuser or add-user.
The process must be done manually if you don't.
The complete process of adding a user involves
the following steps:
1. adding an entry to the /etc/passwd file;
2. adding an entry to the /etc/group file;
3. creating a HOME or login directory for the
new user;
4. setting up default file protections for the
new user;
5. setting up the user's environment; and
6. putting the user on any relevant mailing lists.
Adding/Removing Users|Creating New Accounts|3-1.3|15,58
The complete process of adding a user involves
the following steps:
1. adding an entry to the /etc/passwd file;
2. adding an entry to the /etc/group file;
3. creating a HOME or login directory for the
new user;
4. setting up default file protections for the
new user;
5. setting up the user's environment; and
6. putting the user on any relevant mailing lists.
The UNIX interactive utility mkuser, makes the
above procedure painless.
Adding/Removing Users|Creating New Accounts|3-1.3|11,58
The complete process of adding a user involves
the following steps:
1. adding an entry to the /etc/passwd file;
2. adding an entry to the /etc/group file;
3. creating a HOME or login directory for the
new user;
4. setting up default file protections for the
new user;
5. setting up the user's environment; and
6. putting the user on any relevant mailing lists.
P4
Adding/Removing Users|Adding a User to /etc/passwd|3-2.1|4,51
Even if your system has an automatic
add-a-user shell script, an understanding of the
process for creating new user accounts should help
you as a system administrator.
If your system does not have an automatic
add-a-user shell script, an understanding of the
process for creating new user accounts should help
you as a system administrator.
Even though you have the mkuser shell
script, an understanding of the process for
creating new user accounts should help you as
a system administrator.
P5
Adding/Removing Users|Adding a User to /etc/passwd|3-2.2|8,55
The first precaution that you need to take
is to make sure that no one else is modifying the
/etc/passwd file. The best guarantee for this is
to bring the system into single-user mode. On the
other hand, if your UNIX system has a file locking
facility, like the /etc/vipw program on 4.3 BSD
versions of UNIX, then you may edit the /etc/passwd
file at any time.
P6
Adding/Removing Users|Adding a User to /etc/passwd|3-2.3|6,50
You can modify the /etc/passwd file by
using an editor like vi.
The /etc/passwd file has one line for each
legal user on the system.
P7
Adding/Removing Users|Adding a User to /etc/passwd|3-2.4|10,53
Each line is made up of 7 fields separated by : 's.
These fields are:
1. the user's login name,
2. the user's encrypted password,
3. the user's ID number,
4. the user's group ID number,
5. information about the user,
6. the user's home/login directory, and
7. the initial shell to use upon login.
P8
Adding/Removing Users|Adding a User to /etc/passwd|3-2.5|7,58
Select a login name that reasonably characterizes
the user, such as his or her last name.
Initially, the password may be left blank; it
can be modified later by the system administrator or
the user with the passwd program.
P9
Adding/Removing Users|Adding a User to /etc/passwd|3-2.6|5,54
The user ID is a number unique to each user.
This number can range from 0 to 1000, the lower the
user ID, the higher is his/her priority. Most systems
start with 101 or 201 for regular users; root must
have an ID of zero.
P10
Adding/Removing Users|Adding a User to /etc/passwd|3-2.7|8,53
The group ID should be the same for users
working on similar tasks, and it must correspond
to one of the numbers in the /etc/group file!
The information about the user field may be
left blank, or it may contain the user's name,
telephone extension, or any other pertinent data.
P11
Adding/Removing Users|Adding a User to /etc/passwd|3-2.8|11,53
The login directory or home directory is specified
in the 6th field. After logging on, the user will be
placed in this directory.
The name of the login shell is specified in the 7th
field. Normally, the choice here is between:
/bin/csh - The Berkeley/C-Shell
or
/bin/sh - The Bourne/Bell Shell
P12
Adding/Removing Users|Adding a User to /etc/passwd|3-2.9|8,57
Assigning a temporary password is an optional
procedure. An account need not have a password.
If you wish to assign a temporary password to
each new user, the command for assigning a new password
or changing a previous one is passwd. A user may change
only his or her own password. A superuser can change
anybody's password.
P13
Adding/Removing Users|Adding a User to /etc/passwd|3-2.10|5,60
The argument to the passwd command is the user's
login name. For example, to change the password for
the user klm, as superuser you would type:
passwd klm
P14
Adding/Removing Users|Adding a User to /etc/passwd|3-2.11|14,48
The system will answer you with a message like
"Changing password for login name" and will then
prompt you once for the old password and twice for
the new password.
The new password should be at least 6 characters
long (a combination of uppercase and lowercase
characters). If it is too short, you will see
a message like "Please use a longer password".
For security reasons, neither the old nor the
new password will be echoed on the screen!
P15
Adding/Removing Users|Adding a User to /etc/group|3-3.1|9,54
The /etc/group file is another level of security,
and is designed to control group protection. Whenever
someone other than the owner attempts to access a file,
the /etc/group file is checked to determine whether
that user is a member of the same group as the owner.
If so, then he or she gets the group privileges.
A user may belong to more than one group.
P16
Adding/Removing Users|Adding a User to /etc/group|3-3.2|8,54
The /etc/group file contains the following
information for each group:
1. the group name (a character string),
2. the encrypted group password (optional),
3. the group ID number (an integer), and
4. a comma-separated list of all users
belonging to the group.
P17
Adding/Removing Users|Adding a User to /etc/group|3-3.3|8,54
A typical entry in the /etc/group file may
look like:
cti::250:dave,jean,michael
which indicates that the group name is cti, there
is no group password, the group ID is 250, and the
group members include users with the login names
dave, jean, and michael.
P18
Adding/Removing Users|Adding a User to /etc/group|3-3.4|8,51
The command to assign a file to a different
group (change the group ownership of the file) is
chgrp. For example,
chgrp cai c_tutor
says that the new group owning the file c_tutor is
cai.
P19
Adding/Removing Users|Adding a User to /etc/group|3-3.5|13,57
In order to change the group ownership of a file, you
must be the owner of the file and belong to the specified
group or be a superuser.
A UNIX user may also change his or her group by
entering the command newgrp followed by the new group name.
For example,
newgrp cai
UNIX will check whether the user executing the command
belongs to the cai group; if so, the user will have group
privileges to the cai group files.
Adding/Removing Users|Adding a User to /etc/group|3-3.5|3,51
In order to change the group ownership of a file,
you must be the owner of the file and belong to the
specified group or be a superuser.
P20
Adding/Removing Users|Creating a login Directory|3-4.1|6,54
Once the system administrator has decided where
in the directory tree structure to place a new user, a
new default login/HOME directory needs to be created.
The command for making a new directory is mkdir.
P21
Adding/Removing Users|Creating a login Directory|3-4.2|10,50
The system administrator may make the login
directory by specifying either the absolute HOME
or login directory pathname:
mkdir /a/usr/home/chris
or by getting in the appropriate parent directory
and giving a relative HOME/login directory pathname:
mkdir chris
P22
Adding/Removing Users|Default File Permissions|3-5.1|5,52
The access to files on the system must be
restricted. They are controlled by a user mask
or umask. This is a built-in command of the
C-shell which controls the default protection
setting when a file is created.
P23
Adding/Removing Users|Default File Permissions|3-5.2|13,54
The action of the umask command is opposite
to that of the chmod command. That is, it removes
the permission on the specified field. For example,
umask 022
will remove the write permission from the group and
the others. (Remember that r=4, w=2, x=1)
Normally, the account holder is the owner of the
HOME/login directory. NOTE: One must have execute
privileges for a directory in order to cd to it.
P24
Adding/Removing Users|Setting Up the Environment|3-6.1|11,50
To facilitate a better programming environment
a new user is usually supplied with several
environmental variables like HOME, SHELL, MAIL,
PATH, TERM, etc.
These variables may be set at any time during
a user's session; however, they are most often set
during the login process in the dot files, i.e.,
.login and .cshrc for the C-Shell and .profile for
the Bourne Shell.
P25
Adding/Removing Users|Setting Up the Environment|3-6.2|3,54
If a user's working shell is sh, then the
file .profile in the user's login directory will
contain the programming environment information.
P26
Adding/Removing Users|Setting Up the Environment|3-6.3|12,52
If a user's working shell is csh, then one
or more of the following files may be placed in the
user's login directory:
.login - contains settings and options for the
login shell.
.cshrc - contains settings and options for the
login shell and subsequently created shells.
.logout - contains commands to be executed as part
of a logout sequence.
P27
Adding/Removing Users|Setting Up the Environment|3-6.4|10,54
.mailrc - contains settings and options for the
mail command.
.suntools - contains settings and options for the
suntools windowing command.
.rhosts - contains settings and options for logging
onto remote systems.
P28
Adding/Removing Users|Removing an Account|3-7.1|13,57
The process of removing users from the system is
more or less the reverse of adding users to the system.
Removing a user's account consists of the following steps:
1. backing up the user's files,
2. moving any relevant files to someone else's
directory,
3. removing the user's entry in the /etc/passwd
file,
4. removing the user's name from the /etc/group
file, and
5. removing the user's remaining files from the
system.
P29
Adding/Removing Users|Removing an Account|3-7.2|3,52
If your system has an add-a-user utility,
it may have a remove-a-user utility like /etc/rmuser.
If it does, the process of removing users is automated!
Fortunately, as with mkuser command, your UNIX
system has an automatic remove user command - rmuser.
You should, however know the mechanics of the manual
process for user removal.
P30
Adding/Removing Users|Removing an Account|3-7.3|8,52
When removing a user from the system, as a
matter of courtesy, back up the user's files onto
some medium, even if those files have no use in
your company's operation.
If the same files can be used by (an)other
user(s), move them into the appropriate directory.
P31
Adding/Removing Users|Removing an Account|3-7.4|12,50
The next step should be to remove the user
from the /etc/group file. This process, if you do
not have the automatic utility rmuser, involves
editing the /etc/group file and removing the user's
name from any groups to which the user may belong!
After the user has been removed from the
/etc/group file, remove the user's entry from
the /etc/passwd file. This action prevents
the user from logging onto the system in the
future.
P32
Adding/Removing Users|Removing an Account|3-7.5|12,52
As a final step in the user removal process,
remove all the files and directories belonging to
the user, provided that they have been backed up!
If the user's files are all on one subdirectory,
klm for example, then the command:
rm -fr klm
will remove all the files and directories on the
klm subtree. (Recall that -f means to forget asking
any questions and -r indicates to recursively delete
all files in the directory and the directory itself.