13 Managing User Accounts

This chapter covers the following topics:

• Introduction
• Adding users
• Removing users
• Controlling access
• Customizing
• Accounting
• Logging usage
• Fixing user access problems

Introduction

(@@ownership-files -processes, root, passwords, su, daemons as owners, bin, sys, nobody(?))
(@@ Setting up and managing user accounts. How do I set up and control user accounts? How do I set up user and group Ids?)
(@@automating the login process, defaults and configurable settings through environment variables in ? file (originally in /etc/profile ...))

Adding users

As root, type passwd from a terminal, adding the name of the new account, like this:

passwd newbie 

If newbie is already registered as a user, passwd assumes you want to change that user's password: if that's what you want, just type in the new password and then confirm it. In the unlikely event that you want to let two users have the same name, root may remove this restriction by editing the /etc/default/passwd file.

The passwd utility then prompts you for account information such as the user's group list, home directory, and shell. (root may also change these prompts by changing the script in the /etc/default/passwd file.)

Enter the requested information, or accept the defaults, and you are done.

The passwd utility will guide you through this operation and will ask you about anything suspicious; for example, if you enter the number of a group that doesn't exist, you will be warned and reminded to update the group information in /etc/group.

Entries in the /etc/passwd file look like this:

username:has_passwd:userid:groupid:misc:home_directory:initial_command 

The variable fields are separated by colons, here's what they contain:

Field variable:	Contents:
username	User's login name.
has_passwd	The x character if a password has been defined for this user, blank if not.
userid	User's assigned number.
groupid	Group number. Users may log in under the groupid listed in their /etc/passwd file entry without being listed as a member of that group in the /etc/group file.
misc	Supplemental information, with commas separating subfields. Usually, the first subfield contains the user's real name. Some utilities use this information.
home_directory	User's home directory
initial_command	The initial command to run after the user has successfully logged in. This command and any arguments it takes must be separated by tab or space characters. As the command is spawned directly (not run by a shell), no shell expansion is performed. There is no mechanism for specifying command-line arguments that contain space or tab characters themselves (quoting isn't supported). If no initial_command is specified, /bin/sh is used.

For more information on the passwd utility, see passwd in Utilities Reference.

Removing users

As root, remove the user's:

• entry from the /etc/passwd file
• name from all group entries in the /etc/group file
• corresponding encoded login password entry from the /etc/shadow file
• home directory

Controlling access

(@@How do I control user access? How do I keep passwords secret? Are default passwords kept in a file? Where? How are default passwords kept so that a sys admin manager can change them? How does security work? What are the login, passwd, newgrp utilities? What is the password database? How is it used?)

RTP uses passwords and access permissions to control access to files. Password encryption is based on the Data Encryption Standard algorithm.

Changing a files's access permission

The chmod utility lets you change any or all of the file permission mode bits of one or more files. These permission bits govern who can read write and execute the file. There are different sets of permission bits for three different types of user: the owner, the group, and everyone else.

For each file you name, chmod changes the file permission mode bits according to the mode option. To use this utility, you must be either the owner of the file or root, the superuser. For more information on altering a file's access permission, see chmod in the Utilities Reference.

Changing ownership

The chown utility sets each file's owner and group to the user and group IDs specified by the owner and group operands. The user named by the owner operand is the only one (apart from the all-powerful root) who can restrict access to a file. The users named by the group operand is a special group of users who may have special access to the file. Group membership is defined in the /etc/group file.

Changing a password

To change a password, use the passwd utility (see Utilities Reference). This utility allows a login password to be changed or a new username to be created. Only the owner or the superuser may change a password.

Customizing

(@@How do I customize user login? Can I automate logins? How? What are the default settings? Are settings configurable through environment variables?)

Accounting

(@@ accounting file, enabling, record format. How do I handle accounting? How do I enable accounting? What is the record format used? How do I clear the log file?)

Logging usage

(@@Are there any user logs I can use? Are there any other logs?)

See slogger in Utilities Reference.

Fixing user access problems

Here are some tips to help you troubleshoot problems you may run across.

If passwd won't work

You may have corrupted data in your password files, try this:

• delete the /etc/.pwlock file
• copy /etc/oshadow to /etc/shadow
• copy /etc/opasswd to /etc/passwd