Creation of User Accounts
Chapter 7: User Account Management
7.1 Users and Groups
Managing user accounts is an important and unavoidable administrative duty. The overall system administration will often be evaluated by the way the user accounts are managed. Users participate in a UNIX system through their accounts: they navigate through their environment, work from their terminals, use their favorite commands, and do their jobs in their way. They want to control their resources and restrict access to them by others; however, they also want to reach all available resources. This is a profile of an average user on an UNIX system. UNIX systems exist to be used by users; making users happy is one of the primary administrative tasks, because happy users make for a happy administrator. The advice is very simple: manage user accounts properly, be tough when necessary and flexible at other times, and pay special attention to security issues, or you could experience a lot of headache later. From the systems standpoint, a user is not necessarily an individual. A user is any entity capable of executing programs or own files. The UNIX concepts of ownership and access privileges involve a number of system entities. These entities may be other computer systems, they may be particular system functions that run automatically, or they may be a group of people with similar functions. In most cases, however, a user is a particular individual who can log−in, edit files, run programs, and otherwise make use of the system. Each user has a username also known as a loginname that uniquely identifies the user. A system recognizes a user by the users identification number UID, which is assigned by the system administrator at the time the users account is created. The administrator also assigns each new user to at least one group a group is a collection of users who generally share similar functions. Each group has a group identification number GID, which serves the same purpose as the UID on the user level. Together, the users UID and GID determine the users credentials, i.e., the access rights a user has to files and other system resources. Basic user account information is stored in the etcpasswd file — this is the master users database for all users on the system. The etcpasswd file is an ASCII text file, readable by everyone on the system; this general file readability is required for regular system operations. Each user is described by a single entry in the file; each entry is a single line of information. Similarly, information about groups are stored in the file etcgroup. These two files contain comprehensive information about any user in the system, regardless of the users origin. Both files are public information; everyone may read them, but only the superuser is allowed to modify them.7.1.1 Creation of User Accounts
You must create a new user account to add a new user to the system. User account creation is a routine procedure that consists of several mutually related steps; most of these steps are mandatory, but a few are optional. The required procedure consists of: Assigning a username, a user ID number, and a primary group to the user • Entering this data in the system user database the etcpasswd file and, if required, in any secondary password file • Assigning a password to the new account • Setting other user account parameters in use on the system, such as password aging, account expiration date, and other resource limits • 169 Placing initialization files in the home directory • Setting the new user ownership to the home directory and initialization files • Adding the user to any other facilities in use such as the disk quotas system • Defining any secondary group membership for the user in the system group file, etcgroup • Performing any other site−specific initialization tasks • Testing the new account • Basically, adding a new user means adding a new entry into the etcpasswd file. This may be done by simply editing the file using any editor on the UNIX platform the common editor is vi, or on BSD systems using the special editing command vipw vi password file. However, all UNIX systems provide some kind of utility for this purpose, a specific front−end command sometimes a script, but usually a program that performs efficient, accurate creations of new user accounts. On many UNIX systems, user account management is also a standard part of the existing general system administration tools such as SAM on HP−UX platform, or SMIT on AIX platform. All of these toolsutilities create new user accounts by automatically performing the previously listed steps; of course, the administrator must supply the required personal data for the user. These utilities check the supplied data and update the system user and group databases. Preexisting tools provide a general approach to user account creation; however, any site−specific requirements will call for additional administration. Quite often, system administrators make their own private utilities to perform site−specific functions in managing user accounts. Usually these are homemade scripts shell, expect, perl, etc.. Even though the use of existing utilities is highly recommended, the following text has a more basic approach. For educational purposes, the next section of the text goes through the gradual creation of a user account, step by step from the command line. First, though, let us see what the system user and group databases look like.7.1.2 User Database — File etcpasswd
Parts
» Unix Administration. 7485KB Mar 29 2010 05:04:17 AM
» UNIX Operating System UNIX — Introductory Notes
» Berkeley Standard Distribution — BSD UNIX System V or ATT UNIX
» System Administrators Job UNIX System and Network Administration
» Computing Policies UNIX System and Network Administration
» Legal Acts Administration Guidelines
» Code of Ethics Administration Guidelines
» USENIX System Administrators Guild — SAGE
» In This Book UNIX System and Network Administration
» Introduction The Unix Model — Selected Topics
» Access Classes File ProtectionFile Access
» Default File Mode File ProtectionFile Access
» Plain Regular File Socket Named Pipe
» Special File Names Special File Creation
» Process Types Process Attributes
» Process Life Cycles Processes
» System V ATT Flavored ps Command
» Destroying Processes The UNIX kill command will eliminate a process entirely:
» Becoming a Superuser Communicating with Other Users
» The man Command UNIX Online Documentation
» The uptime Command The uptime command displays:
» Personal Documentation UNIX Administration Starters
» Shell Script Execution UNIX Shell Scripts
» Shell Variables UNIX Shell Scripts
» Double Command−Line Scanning
» Introductory Notes System Startup and Shutdown
» The Bootstrap Program System Startup
» The Kernel Execution System Startup
» System States System Startup
» The Outlook of a Startup Procedure
» Initialization Scripts System Startup
» The BSD rc Scripts BSD Initialization Sequence
» BSD−Like Initialization System V Initialization
» An Example Shutdown Procedures
» Introduction to the UNIX Filesystem
» System V Filesystem Directory Organization
» Mounting a Filesystem home, users
» Dismounting a Filesystem home, users
» Automatic Filesystem Mounting Removable Media Management
» BSD Filesystem Configuration File
» Filesystem Types A Few Other Filesystem Issues
» Swap Space — Paging and Swapping
» Loopback Virtual Filesystem A Few Other Filesystem Issues
» Display Filesystem Statistics: The df Command
» Checking Filesystems: The fsck Command
» Introduction UNIX Filesystem Layout
» Disk Partitions Physical Filesystem Layout
» Filesystem Structures Physical Filesystem Layout
» The mkfs Command Filesystem Creation
» File Identification and Allocation
» File Storage vs. File Transfer
» Reserved Free Space Filesystem Performance Issues
» Logical Volume Manager — AIX Flavor
» Logical Volume Manager — Solaris Flavor
» Redundant Array of Inexpensive Disks RAID
» The Volume Snapshot Snapshot
» The Filesystem Snapshot Snapshot
» Virtual UNIX Filesystem Logical Filesystem Layout
» Disk Space Upgrade UNIX Filesystem Layout
» User Database — File etcpasswd
» Initialization Template Files UNIX Login Initialization
» User Login Initialization Files
» Systemwide Login Initialization Files
» Restricted User Accounts Users and Secondary Groups
» Assigning User Passwords Standard UNIX Users and Groups
» Managing Disk Usage by Users
» System V Accounting Accounting
» AIX−Flavored Accounting Accounting
» Physical Security Passwords UNIX Lines of Defense
» File Permissions UNIX Lines of Defense
» Backups Password Encryption UNIX Lines of Defense
» Setting Password Restrictions UNIX Lines of Defense
» The Wheel Group Secure Terminals — Other Approaches
» History of the Root Account Tracking User Activities
» The syslogd Daemon The Concept of System Logging
» The Configuration File etcsyslog.conf
» Linux Logging Enhancements The logger Command
» Testing System Logging System Logging Configuration
» The last Command Limiting the Growth of Log Files
» BSD Printing Subsystem UNIX Printing Subsystem
» The lp, lpstat, and cancel Commands
» The etcprintcap File BSD Printer Configuration and the Printer Capability Database
» Filters BSD Printer Configuration and the Printer Capability Database
» The Printer Database Directory Hierarchy on System V
» Setting a Remote Printer on HP−UX
» BSD and AIX Cross−Printing Solaris and BSD Cross−Printing
» Third−Party Printer Spooling Systems
» The tput Command The tset, tput, and stty Commands
» The stty Command The tset, tput, and stty Commands
» The tar Command Tape−Related Commands
» The cpio Command Tape−Related Commands
» The dd Command Tape−Related Commands
» The mt Command Magnetic Tape Devices and Special Device Files
» The SVR3 and SVR4 backup Commands
» The fbackup Command Backup and Dump Commands
» The dumpufsdump Command Backup and Dump Commands
» Interactive Restore The restore Commands
» The frecover Command Restoring Files from a Backup
» Tape Control UNIX Backup and Restore
» The NTP Daemon Network Time Distribution
» The crontab Files Network Time Distribution
» The crontab Command Network Time Distribution
» Linux Approach Network Time Distribution
» Programs Scheduled for a Specific Time
» UNIX and Networking Network Fundamentals
» TCPIP and the Internet ISO OSI Reference Model
» TCPIP Protocol Architecture Computer Networks
» Internet Protocol IP Internet Layer and IP Protocol
» Network Access Layer Transport Layer and TCP and UDP Protocols
» Application Layer TCPIP Layers and Protocols
» IP Address Classes Data Delivery
» Dynamic Routing Internet Routing
» Protocols, Ports, and Sockets
» UNIX Database Files Multiplexing
» The arp Command Address Resolution ARP
» The portmapper Daemon The etcrpc File
» The ifconfig Command Configuring the Network Interface
» The netstat Command Configuring the Network Interface
» The inetd Daemon Super Internet Server
» Further Improvements and Development
» Host Names and Addresses Domain Name Service DNS
» The Local Host Table — etchosts
» Handling the NIC Host Table — A Journey into the Past
» Other Resolver Parameters BIND Configuration
» Name Servers UNIX Name Service — BIND
» The Configuration File etcnamed.boot
» The named.local File The named.cache file
» Subdomains and Parenting BIND Version 8.X.X
» The nslookup Interactive Mode
» A Few Examples of nslookup Usage
» Purpose and Concepts Network Information Service NIS
» To Create an NIS Client NIS Domain Name
» The etcnetgroup File DatabasesNIS Maps
» Security Issues NIS Management
» The showmount Command Mounting Remote Filesystems
» An Example The Automount Maps
» The rlogin Command The rcp Command
» The HOME.rhosts File Using UNIX r−Commands — An Example
» SSH Configuration Secure Shell SSH
» Root Access SSH Installation and User Access Setup
» SSH — Version 2 Secure Shell SSH
» Simple Mail Transport Protocol SMTP
» Rewriting an E−mail Address Pattern Matching
» Address Transformation The Parsing of E−mail Addresses
» Testing Rewrite Rules The sendmail −bt Command
» The Debugging Level Checking the Mail Queue
» Mail Subcommands The Mail Program and .mailrc File
» POP Transactions Post Office Protocol POP
» Internet Message Access Protocol IMAP
» Finger Common UNIX Network Applications
» The ping Command Host Connectivity
» The traceroute Command Host Connectivity
» The X Administration Philosophy
» Window Managers An Introduction to the X Window System
» xdm Configuration Files The X Display Managers
» Vendor−Specific X Flavors — a Configuration Example
» XDMCP Queries The Xaccess File
» Other Access Control Mechanisms
» Components of the xdm−Based User X Environment
» Other Startup Methods The User X Environment
» A Permanent X11 Installation
» Introduction to Kernel Reconfiguration
» Kernel Configuration Database Kernel Reconfiguration
» The config Command BSD−Like Kernel Configuration Approach
» HP−UX 10.x Kernel Configuration
» UNIX and Modems Introduction to Modems
» Terminal Lines and Modem Control
» C−Kermit Third−Party Communication Software
» UUCP Versions UUCP Chat−Transfer Session
» The UUCP Daemons UUCP Commands, Daemons, and Related Issues
» The UUCP Spool Directories and Files
» Additional Security in BNU UUCP
» Additional Security in Version 2 UUCP
» Intranet vs. Internet Introduction to Intranet
» Intranet Design Approach Introduction to Intranet
» Life Cycle of a Virus Virus Types
» The Viruswall Implementation Viruswalls
» Application Proxies SOCKS Proxies
» Web Services Intranet Front−End Services
» Other External Services Intranet Front−End Services
» Network Infrastructure and Desktops
» Dynamic Host Configuration Protocol DHCP
» UNIX and Not−UNIX Platform Integration
» HP−UX Installation UNIX Installation Procedures
» Linux Installation UNIX Installation Procedures
» Solaris Patch Installation HP−UX Patch Installation
» Solaris and Lost Root Password HP−UX and Lost Root Password
» Solaris Procedure to Create an Alternate Boot Partition
» Solaris Recovery of the Failed Mirrored Boot Disk
Show more