Placing initialization files in the home directory • Setting the new user ownership to the home directory and initialization files • Adding the user to any other facilities in use such as the disk quotas system • Defining any secondary group membership for the user in the system group file, etcgroup • Performing any other site−specific initialization tasks • Testing the new account • Basically, adding a new user means adding a new entry into the etcpasswd file. This may be done by simply editing the file using any editor on the UNIX platform the common editor is vi, or on BSD systems using the special editing command vipw vi password file. However, all UNIX systems provide some kind of utility for this purpose, a specific front−end command sometimes a script, but usually a program that performs efficient, accurate creations of new user accounts. On many UNIX systems, user account management is also a standard part of the existing general system administration tools such as SAM on HP−UX platform, or SMIT on AIX platform. All of these toolsutilities create new user accounts by automatically performing the previously listed steps; of course, the administrator must supply the required personal data for the user. These utilities check the supplied data and update the system user and group databases. Preexisting tools provide a general approach to user account creation; however, any site−specific requirements will call for additional administration. Quite often, system administrators make their own private utilities to perform site−specific functions in managing user accounts. Usually these are homemade scripts shell, expect, perl, etc.. Even though the use of existing utilities is highly recommended, the following text has a more basic approach. For educational purposes, the next section of the text goes through the gradual creation of a user account, step by step from the command line. First, though, let us see what the system user and group databases look like.

7.1.2 User Database — File etcpasswd

The master user configuration file is etcpasswd; every user on the system must be specified in this file. A user is identified by an entry of the following form: name:encrypted−passwd:UID:GID:user information:home−directory:shell The entry is a single line with multiple fields separated by colons; blank spaces are legal only in the user information field. The meanings of the fields are: Field Meaning name The username assigned to the user. Usernames are not private or secure information; they should be easy to remember; older UNIX flavors restricted the name length to a maximum of eight characters, and it is advisable to keep them within that length. encrypted−passwd The users encrypted password readable encrypted text. An empty field means no password is required to log in to the system which is not legal and represents a security hole; an asterisk :: in the field prevents anyone from logging into the system; the field cannot be edited, a password can be assigned only by using the passwd command. UID The user identification number. Each user must have a unique UID; 170 GID Determines the users primary group membership. GID corresponds to a group identification number assigned to a group in the file etcgroup; GIDs less than 10 are conventionally used for system groups. user information Usually contains the users full name; the e−mail subsystem and commands like finger use this information; a space is a legal character in the field; other identification data, such as the address or phone number, are also common. home−directory The users home directory; when a user logs into the system, this will be the initial working directory. shell The program that UNIX will use as a command interpreter for the user; whenever the user logs in, UNIX will automatically execute this program. The common shells are binsh Bourne shell, bincsh C shell or binksh Korn shell − shells can be located in other directories, like usrbin, or sbin; other shells are also legal; if the field is empty the default is the Bourne shell. Other programs can also be specified instead of a shell; often an application is automatically started once the user logs in; for example, for the user uucp the uucp program usrlibuucpuucic is specified; another example is a restricted user account when a restricted shell is started. There are no significant differences between the etcpasswd files on the main UNIX platforms BSD and System V. As examples, two etcpasswd files are presented for the SunOS and HP−UX flavors, respectively. As can be seen, their format and syntax are identical. cat etcpasswd root:RolQOmj217Vrc:0:1:Operator::binsh daemon::1:1::: sys::2:2:::bincsh bin::3:3::bin: ..... ..... nmruser:HfeLluXTpXxnI:1200:20:NMR User:homenmruser:bincsh fstall:1vLPSqJDArJOs:1203:20::usrpeoplefstall:bincsh bjl:KVrJDBQT8fHOY:1212:20:B.J.L.:usrpeoplebjl:bincsh cat etcpasswd root:PykAP9Za4p0NA:0:3:::binsh daemon::1:5:::binsh bin::2:2::bin:binsh ..... ..... bjl:3Zd496cM81jD6:201:20:B. J. L.,Rm. 1225N,212 123−4567,:usersbjl:binksh vasili:wUjuhw6avV2P.:202:20:V. F.,Fordham University,,:usersvasili:binksh dhuang:d5DtupN0TE.ak:204:20:D. Huang,Wayne State University,,:usershuang:binksh gdubey:btRPE2WDCS5.:206:20:G. D.,Rm. 1246N,212 123−7654,:usersgdubey:binksh The first part of the etcpasswd file specifies system entities please note the asterisk in the password field, while the second part contains individual user login accounts. As it can be seen, encrypted passwords are readable but their contents are senseless; however, from the system security standpoint, the fact that the encrypted passwords could be read is a security risk. We will return to this issue later. 171 The master group specification file is the file etcgroup. The file specifies all existing groups on the system. To add a new group, you add a new one−line entry to the file. Each group on the system is specified by a single entry of the form: group−name::GID:additional−users The etcgroup entries are similar to the etcpasswd entries. An entry consists of multiple fields separated by a colon :. The fields have following meaning: Field Meaning group−name A name identifying the group. The second field is an artifact of earlier UNIX versions. It is unused and is usually filled with an asterisk. GID The groups identification number. By convention, standard UNIX groups have consecutive numbers beginning with 0. additional−users A list of users and other groups that will have access to this groups files as a secondary group. Commas must separate users names in the list. An example of the etcgroup file is presented here: cat etcgroup root::0: nogroup::65534: daemon::1: kmem::2: ..... staff::10: other::20: patsyusers::30: mvaxuser::60:root,pam,tbw,eda,shew,sweeny,varley,mindy,levi,he,\ \quigley,modest,sim,ralph,yin,baldwin,george

7.1.4 Creating User Home Directories