Home

Language Translator

Hacking Zone

Hacking Tools
Attacking

Configure Windows

Windows Configuration

Mix Tutorials

Asterisk
Website Building

Novels

Mix Novels

Human Personality

Body Language

Login Form
Lost Password?
No account yet? Register
Creating a new system local user account Print E-mail

Creating a new system local user account

              

The three most common methods of defining a Linux user and authenticating their logins are:

  1. Local user authenticated locally with the password files /etc/passwd and /etc/shadow
  2. Network authentication using an LDAP authentication server
  3. NIS authentication server. To specify an NIS authentication server, use /etc/ypconf which contains the line: ypserver ip.address.of.server. Find with ypwhich

 

 

The following describes creating a local user:

 

  • Command Line Method: (My preference)
    • useradd user_name : Add a user to the system. System uses configuration and security defaults set in /etc/default/useradd and /etc/login.defs
    • useradd -m user_name : Add a user to the system and create a home directory populated with default files from /etc/skel/
    • useradd -m user_name -G floppy : Will grant the user read/write privileges to the floppy (/dev/fd0) upon creation of user by adding user to group floppy in addition to the default group specified in /etc/default/useradd.
    • useradd options:
      Option Description
      -c Adds a comment or description to the password record.
      -d HOME_DIR Specify but don't create the user's home directory.
      -m Create (if it does not already exist by appending username to "/home/") and specify this as the users home directory. Default files from /etc/skel/ will be placed in the users home directory. eg. ~/.bashrc
      -g Initial (default) group
      -G grp1, grp2 Specify additional supplementary groups to which the user belongs.
      -s Specify default shell. Default is /bin/bash in most Linux distributions.
      See the useradd man page for a full list of options.
    • userdel user_name : Delete user from system. Purges user from /etc/passwd, group and shadow files
    • userdel -r user_name : Delete user and remove his home directory from the system. Other files will remain.
      [Potential Pitfall]: Use the command "df" to see if there are any mount points to the user's directory. If there are any, they will get wiped out with the recursive delete. Thus as a policy it is best to NEVER generate a mount point within a user's directory. It is best to mount to /mnt/mount-dir and use a sym-link (ln -s /mnt/mount-dir /home/user-name/mount-dir-local) to the user's directory. The default is to not follow symlinks during the delete.
    • passwd user_name : Assign a password to the user. (Also see pwgen, a password generator)

    Also see man page for: usermod.
    Configuration file for useradd command: /etc/default/useradd

    Default directory configuration and files for a new user are copied from the directory /etc/skel/. The default shell is called bash (bsh) and is a cross of the UNIX ksh and csh command shells. The users personal bash shell customizations are held in $HOME/.bashrc.

     

  • GUI Method:
    • system-config-users: GUI admin tool for managing users and groups. (Fedora Core 2+, RHEL4)
    • redhat-config-users: GUI admin tool for managing users and groups. (Fedora Core 1)
    • linuxconf: (Note: Linuxconf is no longer included with Red Hat Linux 7.3+)
      • Start linuxconf:
        • RH 5.2: Select Start + Programs + Administration + linuxconf .
        • RH 6+: Select Gnome Start icon (located lower left corner) + System + Linuxconf .
      • Add the user: Select options Config + User accounts +Normal + User accounts + select button Add . There is also the option of adding the user to additional groups. (I.e enter floppy under the heading Supplementary groups and then Accept ) For a list of groups, the group names should be separated by a simple space. This tool will allow you to set default directories, shells, add rules about passwords, set e-mail aliases, group membership and disk quotas. One can modify or delete users from linuxconf as well.
      • Set user password: After creating the user, use options Config + User accounts + Normal + User accounts .Select the user from the list. Then select the Passwd button. This will allow you to enter an initial password for the account.

     

  • File Editing Method: - (as root) Edit files to add/remove a user
    • Create user entry in /etc/passwd
      user:x:505:505:Mr. Dude User:/home/user:/bin/bash
    • Create group: /etc/group
      user:x:505:
    • Create home directory:
      cd /home
      mkdir user
    • Copy default files:
      cp -pR /etc/skel/. /home/user
      chown -R user.user /home/user
    • The creation of /etc/shadow and /etc/gshadow require the execution of a program to encrypt passwords. Use the commands pwconv and grpconv to synchronize the shadow files.
    • Assign a password: passwd user
    • Also see:
      • Shadow integrity verification: grpck [-r] [group shadow]
      • File editor: vipw.

Note:

  • For every user ID text string there is an associated UID integer. See the third ":" delimited field in the file /etc/passwd.
  • Red Hat/Fedora Linux distributions begin incrementing user UIDs from 500. By default the useradd command will increment by one for each new ID.
  • Large organizations need to think ahead when creating a new user. Autonomous systems are often eventually linked together to share files using NFS at a later date and have synchronization problems. The same user ID (text string) on two different systems may have different UIDs. The problem this creates is when a file with one system can not be edited when accessed from the second system as the second system regard him as a different user because the system has a different UID. It is best to use the useradd "-u" option to assign users a UID integer associated with the text string ID. Many systems administrators use the employee ID as they know it will be unique across the corporation. Group GIDs can be assigned to department or division numbers. This will allow smooth operation of connected systems.
  • NFS: For systems which will use NFS to share files, one can administer user accounts to make creation, editing and ownership of files seamless and consistent. Look at the file /etc/passwd on the file server which you will mount to determine the user ID number and group ID number.

  • user1:x:505:505:Joe Hacker:/home/user1:/bin/bash
    User-ID:User-ID-Number:Group-ID-Number:comment:/home/User-ID-Home-Directory:default-shell

  • Add a user to the system which matches. This will allow files generated on the file server to match ownership of those generated on the client system.
    [root]# useradd -u User-ID-Number -g Group-ID-Number User-ID
    Ideally you would configure an NIS or LDAP authentication server so that login id's and group id's would reside on one server. This tip is for separate autonomous systems or for systems using different authentication servers which are sharing files using NFS. This tip also can also apply to smbmounted MS/Windows shares.
  • Default settings for new users are stored in /etc/skel/. To modify default .bash_logout .bash_profile .bashrc .gtkrc .kde/ configuration files for new users, make the changes here.



Digg!Reddit!Del.icio.us!Live!Facebook!Slashdot!Technorati!StumbleUpon!Newsvine!Fark!Blogmarks!Yahoo!BlogMemes!FeedMeLinks!
Comments
Add NewSearch
Only registered users can write comments!

Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved.
 
< Prev   Next >
[ Back ]
Your Ad Here

RSS socialnet

Add to MyYahoo!
Subscribe in NewsGator Online
Add to Newsburst
Add to Google
Add to My AOL
Add to Pluck
Subscribe in FeedLounge
Add to Windows Live
Add to NetVibes
Subscribe in Rojo
Subscribe in Bloglines
Add to MyMSN
Add to Plusmo for your cellphone
Add to PageFlakes
Add to Technorati
Add to BlinkBits

Copyright @ Tutorialsforu.info | 2008
Report abuse regarding articles at abuse{at}tutorialsforu{dot}info