Adding New Users
Notes:
-
Adding new users can only be done by a user with superuser privileges.
-
Normally adding new users is handled by means of a script or utility (called
useradd, or adduser ...) Users can be added manually but on a production
system, you should use the utility programs since they will handle tasks
such as locking the passwd file while it is modified.
It is a valuable exercise to go through the process of adding users manually
on a practice system; this provides a solid understanding of the files that
control each aspect of a user account giving you the knowledge required to
prevent or troubleshoot any problems.
On Floppix (of course), users must be added manually.
-
When new users are added, you must modify the file /etc/passwd and possibly
/etc/group. Be careful when you modify these files; a mistake could mean
either that no-one can access your system or that everyone has root access
to your system.
-
In Debian, each new user is added with their own group; for example, if samiam
is added as a user and a group called samiam would be setup with samiam as
the only member.
-
User id's are allocated as follows:
-
uid 0 - reserved for the superuser
-
uid 1-99 - reserved for administrative accounts
-
Debian starts assigning new userids at 1000
Exercises:
Add a new user called samiam following these steps
-
Edit /etc/passwd and add an entry for the samiam user. Put this line at the
end of the file.
samiam:*:1003:1003:DrSuess:/home/samiam:/bin/bash
Interpretation:
-
samiam : the username
-
* : the password (you cannot login using this password; the * prevents anyone
from logging as samiam until the account is completely setup)
-
1003 : the userid
-
1003 : the groupid (this does not have to be the same as the uid)
-
Dr. Suess : the real name
-
/home/samiam : the home directory
-
/bin/bash : the login shell
-
Edit /etc/group and add an entry for the samiam group at the end of the file.
The line should be:
samiam:*:1003:
Interpretation:
-
samiam : the groupname
-
* : the group password (for security reasons, group passwords should not
be assigned)
-
1003 : the groupid
-
the fourth field is left empty. For multiuser groups, this field would be
a list of the users in the group separated by commas.
-
Create a home directory for samiam; this directory should be /home/samiam.
-
Copy the system configuration files from /etc/skel to the home directory.
Note: there are files in /etc/skel .
-
Change the ownership so that the home directory and all of its contents are
owned by samiam. The commands are:
chown -R samiam /home/samiam
chgrp -R samiam /home/samiam
The -R parameter changes the owner (or group) of the directory and everything
stored in that directory.
-
Check the permissions on the /home/samiam and its contents. Samiam must have
rwx permissions on his home directory; the world should not have any
permissions.
-
Change the password. ( passwd samiam )
-
If you want to fill in the rest of the gecos data ( chfn samiam
)
-
Now that you have created the account, switch to console 2 and make sure
that you can login as samiam.
-
If you cannot login as samiam, check the entries in /etc/passwd and /etc/group.
Once you can login, you should also check that:
-
you are in the directory /home/samiam
-
the .bash_profile executed properly (the screen should be blue)
-
you can create a newfile in this directory (there is not much point in giving
a user a home directory if they cannot store files in it)
Experiment with the samiam account
-
Edit /etc/passwd and put a * at the beginning of the password field for samiam.
Switch to another console and try to login as samiam. What happens?
answer: samiam should not be able to login; the account is temporarily
disabled
-
Edit /etc/passwd and delete the * you inserted. Switch to another console
and try to login as samiam. What happens?
answer: You should be able to login again.
-
Edit /etc/passwd, delete the password field for samiam and then login as
samiam. What happens?
answer: You should be able to login without getting a password
prompt.
-
Edit /etc/passwd, change the home directory for samiam to /tmp and then login
as samiam. What happens?
answer: Samiam's home directory is now /tmp.
-
Edit /etc/passwd, change the login shell for samiam to /usr/bin/flin and
then login as samiam. What happens?
answer: Samiam's login shell is now flin.
-
Edit /etc/passwd, change the login shell for samiam to /usr/bin/passwd and
then login as samiam. What happens?
answer: samiam can only change his password, he does not get a login
shell.
-
Edit /etc/passwd, change the login shell for samiam to /bin/true and then
login as samiam. What happens?
answer: samiam gets only get the motd (message of the day) and his
mail status. He does not get a login shell.
-
What will happen if you change samiam's login shell to /bin/ls? Test your
answer to see if you are correct.
-
Edit /etc/passwd, change the login shell for samiam to /bin/bash, change
the gid for samiam to 100 and then login as samiam. Use touch to create a
new file. What group does the file belong in?
answer: users
-
Edit /etc/passwd, change the uid for samiam to 0 and then login as samiam.
How can you test to see if samiam has superuser privileges? Is samiam now
a superuser account?
answer: yes.
Setup an account for iamsam that is ftp only (iamsam can ftp but cannot
login)
-
To get ftp access, the iamsam account must satisfy 3 conditions:
-
iamsam must have an entry in /etc/passwd with a non-null password
-
iamsam cannot be listed in the file /etc/ftpaccess (this file lists all of
the users who do NOT have ftp access)
-
iamsam must have a valid login shell as listed in /etc/shells
-
Starting with the shell, make iamsam's login shell /bin/true . Edit /etc/shells
to include /bin/true as a valid login shell.
-
Make sure that iamsam is not listed in /etc/ftpaccess.
-
Create an account for iamsam following the steps used to create the samiam
account. Make sure that you use a unique username, uid, groupname, gid, and
home directory. Make sure that the login shell is /bin/true so that iamsam
will not have shell access.
Copyright ©
L.M.MacEwan