Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rewrite. This manual page now has enough detail to guide a new NetBSD user through the basic steps of adding a new user. This also has more cross references to help point a new user towards more detailed explanations of the commands and files used.

This commit is contained in:
erh 1999-01-24 05:47:47 +00:00
parent 0bd80459cb
commit de65154a1c
1 changed files with 251 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

329
share/man/man8/adduser.8
View File

@ -1,7 +1,10 @@
.\" $NetBSD: adduser.8,v 1.4 1994/11/30 19:36:21 jtc Exp $
.\" $NetBSD: adduser.8,v 1.5 1999/01/24 05:47:47 erh Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\" Copyright (c) 1999 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Eric Haszlakiewicz
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
@ -13,100 +16,270 @@
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\" This product includes software developed by the NetBSD
.\" Foundation, Inc. and its contributors.
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
.\" contributors may be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" @(#)adduser.8 8.1 (Berkeley) 6/5/93
.\"
.Dd June 5, 1993
.Dd January 23, 1999
.Dt ADDUSER 8
.Os BSD 4
.Os NetBSD
.Sh NAME
.Nm adduser
.Nd procedure for adding new users
.Sh OVERVIEW
There is no single adduser command. This is a brief description of the
actions that should be taken to add a user:
.Bl -bullet -compact
.It
Edit the password file and add an appropriate entry.
.Pq Xr vipw 8 , Xr passwd 5
.It
Edit the group file and add the new user to the appropriate groups.
.Pq Xr group 5
.It
Set a password for the new user with passwd.
.Pq Xr passwd 1
.It
Create a home directory for this user.
.Pq "see below" , Pa /usr/share/skel
.El
In general, new users should be created with unique user ids and login names.
Home directories should be owned by that user. Avoid empty passwords and
blank lines in the password file.
.Sh DESCRIPTION
A new user must choose a login name, which must not already appear in
Procedure for adding a new user:
.Ss "Adding a new user to the password file:"
The command to safely modify the password file is
.Ic vipw .
\ When run as root this edits the password file after setting the
appropriate locks. Be careful while changing the password file since
arbitrary changes can easily compromise the security of your system.
A more detailed description can be obtained from the
.Xr vipw 8
manual page.
.Pp
When creating a new user it is probably easiest to copy one of the existing
entries and modify the fields as needed. For a description of the fields in
the password file see the
.Xr passwd 5
manual page.
Here are some guidelines on how to modify the password entry:
.Bl -tag -compat -width 8n
.It Em name
This must be a unique login name: it must not appear in
.Pa /etc/passwd
or
.Pa /etc/aliases .
It must also not begin with the hyphen
.Ql Fl
It must not begin with the hyphen
.Ql Em -
character.
It is strongly recommended that it be all lower-case, and not contain
the dot
.Ql \&.
It is strongly recommended that is be all lower-case, and not contain the dot
.Ql Em \&.
character, as that tends to confuse mailers.
An account can be added by editing a line into the passwd file; this
must be done with the password file locked e.g. by using
.Xr chpass 1
or
.Xr vipw 8 .
.Pp
A new user is given a group and user id.
Login and user id's should be unique across the system, and often across
a group of systems, since they are used to control file access.
.It Em password
The easiest way to set the password is with the
.Xr passwd 1
program, which is mentioned below. For now, set this field to the asterisk
.Ql Em *
character to prevent any password from working.
.It Em uid
A new user should be given a user id that is unique across the system, and
often across a group of systems, since user ids are used to control file
access. One of the simplest way of choosing a user id is to find the
maximum id used and add one. For example, if you started adding users at
id 1000, and the highest id so far is 1020, the next user will have 1021
as his id.
.It Em gid
This is where you should set a user's primary group. Additional group
membership can be granted by editing the
.Pa /etc/group
file
.Pq see below .
Typically, users working on similar projects will be put in the same groups.
At the University of California, Berkeley, we have groups for system staff,
faculty, graduate students, and special groups for large projects.
For instance, at the University of California, Berkeley, there are groups
for system staff, faculty, graduate students and special groups for large
projects.
.Pp
A skeletal account for a new user
\*(lqernie\*(rq
might look like:
.Bd -literal
ernie::25:30::0:0:Ernie Kovacs,508 Evans Hall,x7925,
642-8202:/a/users/ernie:/bin/csh
.Ed
Group
.Em 0 ,
named
.Em wheel ,
is used to control what users may use su to gain root
privileges. Often, instead of setting a user's primary group to wheel, the
.Pa /etc/group
file is used to control access to this privilege. In these cases the primary
group is set to some other group, such as the generic staff or users group.
.It Em class , change , expire
Ignore these field for now. Make the class field empty, the change set to "0",
and the expire field set to "0".
.It Em gecos
This is where you should place, among other information, the user's name.
For instance, if the user's name is
.Qq John Doe ,
this field would look like this:
.Qq John Doe,,,
.It Em home_dir
This field should be set to the location of the user's home directory.
For instance, assuming home directories are located in
.Pa /home
on your system, this would be set to
.Pa /home/<username> .
You will probably need to create this directory.
See below for a more detailed explanation on how to create a home
directory and what to put in it.
.It Em shell
Set this field to the desired shell. See
.Xr shells 5
for more information.
.El
.Ss Setting the password:
Once the user exists in the password file you can use the
.Ic passwd
utility to change his password. Executing
.Ic passwd Ar <username>
will prompt you for the password. If you do not wish to use password
authentication for this user then skip this step. For instance, if you
wanted to only allow logins though ssh RSA authentication then a password
would be undesirable. If you do skip this step make sure that you have set
the password to the asterisk
.Ql *
character in the password file. Placing nothing
.Pq Ql
in the password field would allow this user to login with
.Em NO
password. This is probably not what you want.
.Ss The chpass, chfn and chsh utilities:
These utilities allow you to change a single user's infomation in a more
user-friendly fasion than
.Ic vipw .
After creating the user with vipw, you may find it easier to use
these instead.
.Ss Editing /etc/group:
The simplest thing to do here is to add a user onto an already existing
group. This is done by appending the user's login name to the desired
group line, separated from any other user names with a comma.
.Pp
For a description of each of these fields, see
.Xr passwd 5 .
For example, to add a user named
.Qq Joe
to the
.Qq staff
group you would change the line that looks like this:
.Dl staff:*:20:root
to look like this:
.Dl staff:*:20:root,Joe
.Pp
It is useful to give new users some help in getting started, supplying
them with a few skeletal files such as
.Pa \&.profile
if they use
.Pa /bin/sh ,
or
.Pa \&.cshrc
Be careful of who you add to group 0, since the su utility uses this list
to determine who is allowed to gain root privileges.
.Pp
For more information see
.Xr group 5
and
.Pa \&.login
if they use
.Pa /bin/csh .
The directory
.Pa /usr/share/skel
contains skeletal definitions of such files.
New users should be given copies of these files which, for instance,
use
.Xr tset 1
automatically at each login.
.Xr su 1 .
.Ss Create the home directory:
After you have created the user in the password file you will probably need
to create a home directory for him. You will probably want to copy
skeletal configuration files from
.Em /usr/share/skel
to give new users some help getting started.
Finally you want to set the ownership and permissions on the directory
and files.
.Pp
Assuming that you have set the home directory in the password file,
here are the steps you will want to take:
.Bl -item -compact
.It
mkdir ~$username
.It
cp /usr/share/skel/dot.profile ~$username/.profile
.It
cp /usr/share/skel/dot.login ~$username/.login
.It
cp /usr/share/skel/dot.mailrc ~$username/.mailrc
.It
cp /usr/share/skel/dot.cshrc ~$username/.cshrc
.It
cp /usr/share/skel/dot.rhosts ~$username/.rhosts
.It
chown -R $username:$usergroup ~$username
.It
chmod -R 700 ~$username
.It
chmod 755 ~$username
.El
.Pp
(If you set the username and usergroup environment variables you can cut
and paste this list of steps.)
.Pp
See
.Xr cp 1 ,
.Xr chown 8 ,
.Xr chmod 1
and
.Xr mkdir 1
for more information about these commands.
.Sh SEE ALSO
.Bl -item -compact
.It
.Xr vipw 8 ,
.Xr passwd 1 ,
.Xr group 5 ,
.Xr passwd 5 ,
.It
.Xr chpass 1 ,
.Xr chfn 1 ,
.Xr chsh 1 ,
.It
.Xr pwd_mkdb 8 ,
.Xr finger 1 ,
.Xr aliases 5 ,
.It
.Xr chown 8 ,
.Xr chmod 1 ,
.Xr mkdir 1 ,
.Xr cp 1 ,
.Xr man 1
.El
.Pp
For many useful programs, including
.Em ssh
and
.Em addnerd ,
see the NetBSD packages collection. Information about packages can be
found at
.Em http://www.netbsd.org/Documentation/software/packages.html
.Sh FILES
.Bl -tag -width /etc/master.passwdxx -compact
.It Pa /etc/master.passwd
user database
.It Pa /usr/share/skel
.Bl -tag -width 20n -compact
.It Pa /etc/passwd
the system password file
.It Pa /etc/group
the system group file
.It Pa /usr/share/skel/*
skeletal login directory
.El
.Sh SEE ALSO
.Xr chpass 1 ,
.Xr finger 1 ,
.Xr passwd 1 ,
.Xr aliases 5 ,
.Xr passwd 5 ,
.Xr pwd_mkdb 8 ,
.Xr vipw 8
.Sh BUGS
User information should (and eventually will) be stored elsewhere.