Originally Published: Wednesday, 15 September 1999 Author: Joshua Go
Published to: news_learn_firststep/Firststep News Page: 1/1 - [Printable]

Adding users

One of the nifty things about Linux (or any other Unix) is the fact that it allows different users to use the system. Being logged in as root unnecessarily is commonly known to be dangerous and a security risk, you can create a normal user account for yourself so you don't screw up the system.

   Page 1 of 1  

Adding a New User

One of the nifty things about Linux (or any other Unix) is the fact that it allows different users to use the system. The root user is commonly known as the superuser, since he/she/it has control over everything on the system. Being logged in as root unnecessarily is commonly known to be dangerous and a security risk, so you create a normal user account for yourself so you don't screw up the system.

The advantages of having many users and one superuser account (for the administrator) is that the normal user can't screw anything up on the filesystem; normal users don't have the ability to delete files that are essential to running the Linux machine smoothly. But since you're running your own Linux system, you're still in charge.

The Easy Way to Add Users

To easily add a new login profile (commonly known as a user), type:

# adduser <username>

Alternatively, if you're using Slackware, use the useradd command. I'm not sure, but the syntax is probably useradd <username> also. For Debian, that probably has adduser, same as Red Hat. Adduser is a shellscript that "automates the really boring and repetitive task of creating new user accounts". Skip the section "The Hard Way to Add Users" if this was successful.

The Hard Way to Add Users

If you don't have any utilities at all on your system, I guess you'll have to add users the hard way. I really recommend that you get a shellscript or some sort of utility and use that instead;

If you're still reading, we're going to add a user and we'll call him "joe".

Edit /etc/passwd

First, edit /etc/passwd by typing pico /etc/passwd (or in place of pico you can use vim, emacs, joe, jed, or whatever text editor). At the bottom of the file, add this:

joe::500:500:Joe:/home/joe:/bin/bash

The first field is joe's username, "joe". The second field, between the two semicolons ("::"), is where the password should be, but it's not set. When you set it, that field will become garbled with the encrypted password. The two fields with "500" are the user ID and group ID. Since joe is the first user you're adding, he starts out with the 500 ID. The next user you add should have a user and group ID of 501, and it keeps going up to about 65,000. The field with "Joe" in it is what the real name of user "joe" will appear as. "/home/joe" is user joe's home directory, which is where he keeps all his files and stuff. Finally, "/bin/bash" is the shell he uses to type in commands. With "/bin/bash" set as his shell, joe can log in and type in commands. If you don't want to let joe log in and type in commands, use "/dev/null" instead of "/bin/bash".

Edit /etc/group

Now type pico /etc/group and insert the line:

joe::500:joe

The first "joe" is the group name. Make sure you have two semicolons. Then put in the group ID of joe, which, if you can remember, is 500. Since joe is the only member of the group joe, then you type joe again. Simple enough, right?

Create Mail File

Usually the mail for users is stored in /var/spool/mail/. As root, type pico /var/spool/mail/joe and without typing anything at all, exit and save the changes.

Make joe the owner of that file by typing chown joe.mail /var/spool/mail/joe. We don't want anyone to read joe's mail so type chmod 660 /var/spool/mail/joe.

Create Home Directory

Do mkdir /home/joe as root. After that's done, type chown joe.joe /home/joe ; chmod 2775 /home/joe. Now you can set the password.

Setting the Password

Now, you shouldn't forget to set a password or else the user won't be able to log in (or maybe anybody can log in as that user). To set a password, type:

# passwd <username>

It will prompt you to type in a password twice. If it gives any errors, make sure the password isn't a common word, has 6-8 characters, or has too many of one character. This may seem limiting and insecure at first, but it actually enhances the security of each user. If you are using Red Hat 4.0, you might have to remove a userlock by typing rm /etc/.pwd.lock. This is a bug in Red Hat 4.0 that is not in Red Hat 4.1 or 4.2. Do not remove /etc/passwd or else you're really in trouble; no users will be able to log in, not even the root user, so you might end up reinstalling!

Change Finger Information

After you add users and set their passwords, you might want to do a chfn [user] as root to change information like the user's real name (if you choose to supply it and make it available). The chfn program is to change the finger information for a user, so that anybody using "finger" protocol sees what information about a user is available, such as their real name, the time of their last login, and other stuff.

Groups

You can create groups of users that are identifiable through one name. For example, I have a group called "josh" in my system, and members of those groups are the users jgo, joshuago, and jgo.local.net.

So how can these be useful? Well, you can change a file to be owned by a group of users instead of just one user, so that they all can write to the file.

Edit /etc/group

If you've got pico installed as your text editor, use that for now, or use whatever other text editor you prefer (vi, vim, emacs, joe, jed, the list goes on). Anyway, start out by editing /etc/group, a file that contains a list of the groups.

Take the example from the line starting with "users". On my system it looks like this:

users::100:joshuago,jgo,jgo.local.net,juliusgo,todd

That's what I did to start out, taking the existing example. Then I added my group, "josh", so it would include only my accounts and not the other people's accounts.

So, I took that format and added my own user group:

josh::101:joshuago,jgo,jgo.local.net

Exit your text editor and say yes to saving the changes. That puts my joshuago, jgo, and jgo.local.net accounts all into one group. When I'm still logged in as any of those users though, I can't know that I'm a member of that newly created group unless I log out and log in again. Then I can type groups and it will show all the groups that I'm a member of.

Changing File Ownership

To change ownership of a file or directory so that members of my group can read, write, and/or execute that file, I have to log in and type:

chgrp josh [file_or_directory]

That will show up when you do an ls -l, that its owner is whoever created it, and that the group that owns it is "josh".

Changing Permissions (Access to the File)

If you want to let others in your group read from a file that you own, type chmod g+r file. To let other members of your group write to a file that belongs to you, do a chmod g+w file. To let a member of your group execute the file, type chmod g+x file. In case you're confused, "file" simply represents the name of the file you're trying to change permissions for. The parts after the "g+" part of the command line can be combined so that you let your users access a file through reading, writing, and executing. For example, to give members of your group just that (reading, writing, and executing permission), type chmod g+rwx file.

In place of the "+" after the "g" in the chmod command line, you can add a minus sign ("-") to take away those access rights. :)

This will let only the group that owns the file access it. Only the owner (a single user, not an entire group of users) can change the permissions.

Other Stuff on Permissions

In place of "g" in the chmod command line (which changes access rights for the group) you can use "u" (for user, the one who owns the file), and "o" (for o others, who don't belong to the group.

Copyright © 1997-1998 Joshua Go (jtg@computers.iwz.com). All rights reserved. Permission to use, distribute, and copy this document is hereby granted. You may modify this document as long as credit to me is given.





   Page 1 of 1