LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity
LDP/LDP/guide/docbook/sag/ch11.sgml

383 lines
14 KiB
Plaintext
Raw Permalink Blame History

<chapter id="managing-users">
<title>Managing user accounts</title>
<blockquote><para><quote>The similarities of sysadmins and drug
dealers: both measure stuff in Ks, and both have users.</quote>
(Old, tired computer joke.)</para></blockquote>
<para> This chapter explains how to create new user accounts,
how to modify the properties of those accounts, and how to remove
the accounts. Different Linux systems have different tools for
doing this.</para>
<sect1 id="account">
<title>What's an account?</title>
<para> When a computer is used by many people it is usually
necessary to differentiate between the users, for example, so that
their private files can be kept private. This is important even
if the computer can only be used by a single person at a time,
as with most microcomputers. Thus, each user is given a unique
username, and that name is used to log in.</para>
<para> There's more to a user than just a name, however. An
<glossterm>account</glossterm> is all the files, resources,
and information belonging to one user. The term hints at banks,
and in a commercial system each account usually has some money
attached to it, and that money vanishes at different speeds
depending on how much the user stresses the system. For example,
disk space might have a price per megabyte and day, and processing
time might have a price per second. </para>
</sect1>
<sect1 id="adduser">
<title>Creating a user</title>
<para> The Linux kernel itself treats users are mere numbers.
Each user is identified by a unique integer, the <glossterm>user
id</glossterm> or <glossterm>uid</glossterm>, because numbers are
faster and easier for a computer to process than textual names.
A separate database outside the kernel assigns a textual name,
the <glossterm>username</glossterm>, to each user id. The database
contains additional information as well. </para>
<para> To create a user, you need to add information about
the user to the user database, and create a home directory for
him. It may also be necessary to educate the user, and set up
a suitable initial environment for him. </para>
<para> Most Linux distributions come with a program for
creating accounts. There are several such programs available.
Two command line alternatives are <command>adduser</command>
and <command>useradd</command>; there may be a GUI tool as well.
Whatever the program, the result is that there is little if
any manual work to be done. Even if the details are many and
intricate, these programs make everything seem trivial. However,
<xref linkend="manual-adduser"> describes how to do it by hand.
</para>
<sect2 id="etc-passwd">
<title><filename>/etc/passwd</filename> and other informative
files</title>
<para> The basic user database in a Unix system is the text file,
<filename>/etc/passwd</filename> (called the <glossterm>password
file</glossterm>), which lists all valid usernames and their
associated information. The file has one line per username,
and is divided into seven colon-delimited fields:
<itemizedlist>
<listitem><para>Username.</para></listitem>
<listitem><para>Previously this was where the user's password was stored.
</para></listitem>
<listitem><para>Numeric user id.</para></listitem>
<listitem><para>Numeric group id.</para></listitem>
<listitem><para>Full name or other description of
account.</para></listitem>
<listitem><para>Home directory.</para></listitem>
<listitem><para>Login shell (program to run at
login).</para></listitem>
</itemizedlist>
The format is explained in more detail on the
<filename>passwd</filename> manual page. </para>
<para>
Most Linux systems use <glossterm>shadow passwords</glossterm>.
As mentioned, previously passwords were stored in the
<filename>/etc/passwd</filename> file. This newer method
of storing the password: the encrypted
password is stored in a separate file,
<filename>/etc/shadow</filename>,
which only root can read. The <filename>/etc/passwd</filename>
file only contains a special marker in the second field.
Any program that needs to verify a user is setuid, and
can therefore access the shadow password file. Normal
programs, which only use the other fields in the password
file, can't get at the password.
</para>
</sect2>
<sect2 id="uid-gid">
<title>Picking numeric user and group ids</title>
<para> On most systems it doesn't matter what the numeric user
and group ids are, but if you use the Network filesystem (NFS),
you need to have the same uid and gid on all systems. This
is because NFS also identifies users with the numeric uids.
If you aren't using NFS, you can let your account creation tool
pick them automatically. </para>
<para> If you are using NFS, you'll have to be invent a mechanism
for synchronizing account information. One alternative is to
the NIS system (see XXX network-admin-guide). </para>
<para> However, you should try to avoid re-using numeric uids
(and textual usernames), because the new owner of the uid (or
username) may get access to the old owner's files (or mail,
or whatever). </para>
</sect2>
<!--
%\subsection{Managing groups}
%
% \meta Debian creates a new group for each user; give reason for
this;
% give reasons against.
-->
<sect2 id="etc-skel">
<title>Initial environment: <filename>/etc/skel</filename></title>
<para> When the home directory for a new user is created, it is
initialized with files from the <filename>/etc/skel</filename>
directory. The system administrator can create files in
<filename>/etc/skel</filename> that will provide a nice
default environment for users. For example, he might create a
<filename>/etc/skel/.profile</filename> that sets the EDITOR
environment variable to some editor that is friendly towards
new users. </para>
<para> However, it is usually best to try to keep
<filename>/etc/skel</filename> as small as possible, since it
will be next to impossible to update existing users' files. For
example, if the name of the friendly editor changes, all existing
users would have to edit their <filename>.profile</filename>. The
system administrator could try to do it automatically, with a
script, but that is almost certain going to break someone's file.
</para>
<para> Whenever possible, it is better to put global configuration
into global files, such as <filename>/etc/profile</filename>. This
way it is possible to update it without breaking users'
own setups. </para>
</sect2>
<sect2 id="manual-adduser">
<title>Creating a user by hand</title>
<para> To create a new account manually, follow these steps:
<itemizedlist>
<listitem><para> Edit <filename>/etc/passwd</filename> with
<command>vipw</command> and add a new line for the new account. Be
careful with the syntax. <emphasis>Do not edit directly with an
editor!</emphasis> <command>vipw</command> locks the file, so
that other commands won't try to update it at the same time. You
should make the password field be `<literal>*</literal>', so
that it is impossible to log in. </para></listitem>
<listitem><para> Similarly, edit <filename>/etc/group</filename>
with <command>vigr</command>, if you need to create a new group
as well. </para></listitem>
<listitem><para> Create the home directory of the user with
<command>mkdir</command>. </para></listitem>
<listitem><para> Copy the files from
<filename>/etc/skel</filename> to the new home directory.
</para></listitem>
<listitem><para> Fix ownerships and permissions with
<command>chown</command> and <command>chmod</command>. The
<option>-R</option> option is most useful. The correct
permissions vary a little from one site to another, but usually
the following commands do the right thing:
<screen>
<userinput>cd /home/newusername
chown -R username.group .
chmod -R go=u,go-w .
chmod go= .</userinput>
</screen>
</para></listitem>
<listitem><para> Set the password with <command>passwd</command>.
</para></listitem>
</itemizedlist>
</para>
<para> After you set the password in the last step, the account
will work. You shouldn't set it until everything else has been
done, otherwise the user may inadvertently log in while you're
still copying the files. </para>
<para>
It is sometimes necessary to create dummy
accounts
that are not used by people. For example, to set up an anonymous
FTP server (so that anyone can download files from it, without
having to get an account first), you need to create an account
called ftp. In such cases, it is usually not necessary to set
the password (last step above). Indeed, it is better not to, so
that no-one can use the account, unless they first become root,
since root can become any user. </para>
</sect2>
</sect1>
<!--
%\section{Educating a new user}
%
% \meta
% make sure they know how to get help
% large sites might want to write a small booklet (or even just
% a couple of pages) with important stuff: how to log in
% and out, how to change password, which systems there are,
% how to use mail, list of people that answer questions
-->
<sect1 id="user-properties">
<title>Changing user properties</title>
<para>
There are a few commands for changing various
properties of an account (i.e., the relevant field
in <filename>/etc/passwd</filename>):
<glosslist>
<glossentry><glossterm><command>chfn</command></glossterm>
<glossdef><para> Change the full name field.
</para></glossdef></glossentry>
<glossentry><glossterm><command>chsh</command></glossterm>
<glossdef><para> Change the login shell.
</para></glossdef></glossentry>
<glossentry><glossterm><command>passwd</command></glossterm>
<glossdef><para>Change the password.
</para></glossdef></glossentry>
</glosslist>
The super-user may use these commands to change the properties
of any account. Normal users can only change the properties
of their own account. It may sometimes be necessary to disable
these commands (with <command>chmod</command>) for normal users,
for example in an environment with many novice users. </para>
<para>
Other tasks need to be done by hand. For example, to
change the username, you need to edit
<filename>/etc/passwd</filename>
directly (with <command>vipw</command>, remember). Likewise, to add
or remove the user to more groups, you need to edit
<filename>/etc/group</filename> (with <command>vigr</command>). Such
tasks tend to
be rare, however, and should be done with caution: for
example, if
you change the username, e-mail will no longer reach the
user, unless you also create a mail alias.
</para>
</sect1>
<sect1 id="deluser">
<title>Removing a user</title>
<para> To remove a user, you first remove all
his files, mailboxes, mail aliases, print jobs,
<command>cron</command> and <command>at</command> jobs,
and all other references to the user. Then you remove the
relevant lines from <filename>/etc/passwd</filename> and
<filename>/etc/group</filename> (remember to remove the username
from all groups it's been added to). It may be a good idea to
first disable the account (see below), before you start removing
stuff, to prevent the user from using the account while it is
being removed. </para>
<para>
Remember that users may have files outside their home
directory. The <command>find</command> command can find them:
<screen>
find / -user username
</screen>
However, note that the above command will take a
<emphasis>long</emphasis> time, if you have large disks. If you
mount network disks, you need to be careful so that you won't
trash the network or the server. </para>
<para> Some Linux distributions come with special
commands to do this; look for <command>deluser</command> or
<command>userdel</command>. However, it is easy to do it by
hand as well, and the commands might not do everything. </para>
</sect1>
<sect1 id="disable-user">
<title>Disabling a user temporarily</title>
<para> It is sometimes necessary to temporarily disable an
account, without removing it. For example, the user might not
have paid his fees, or the system administrator may suspect that
a cracker has got the password of that account. </para>
<para> The best way to disable an account is to change its shell
into a special program that just prints a message. This way,
whoever tries to log into the account, will fail, and will
know why. The message can tell the user to contact the system
administrator so that any problems may be dealt with. </para>
<para>
It would also be possible to change the username
or password to something else, but then the user
won't know what is going on. Confused users mean more
work.
</para>
<para> A simple way to create the special programs is to write
`tail scripts':
<screen>
#!/usr/bin/tail +2
This account has been closed due to a security breach.
Please call 555-1234 and wait for the men in black to arrive.
</screen>
The first two characters (`<literal>#!</literal>') tell the
kernel that the rest of the line is a command that needs to be
run to interpret this file. The <command>tail</command> command
in this case outputs everything except the first line to the
standard output. </para>
<para>
If user billg is suspected of a security breach,
the system administrator would do something like this:
<screen>
<prompt>#</prompt> <userinput>chsh -s
/usr/local/lib/no-login/security billg</userinput>
<prompt>#</prompt> <userinput>su - tester</userinput>
This account has been closed due to a security breach.
Please call 555-1234 and wait for the men in black to arrive.
<prompt>#</prompt>
</screen>
The purpose of the <command>su</command> is to test that the
change worked, of course. </para>
<para> Tail scripts should be kept in a separate directory,
so that their names don't interfere with normal user commands.
</para>
</sect1>
<!--
%\section{Accounting}
%
% \meta
% sac et al
-->
</chapter>
View Git Blame Copy Permalink