.\" $NetBSD: adduser.8,v 1.7 1999/03/17 20:31:19 garbled Exp $ .\" .\" Copyright (c) 1999 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Eric Haszlakiewicz .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by the NetBSD .\" Foundation, Inc. and its contributors. .\" 4. Neither the name of The NetBSD Foundation nor the names of its .\" contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd January 23, 1999 .Dt ADDUSER 8 .Os .Sh NAME .Nm adduser .Nd procedure for adding new users .Sh OVERVIEW Although there exists an .Nm addnerd package for adding users (see the .Nm SEE ALSO section below), the standard .Nx distribution does not include an adduser command. This is a brief description of the actions that should be taken to add a user: .Bl -bullet -compact .It Edit the password file and add an appropriate entry. .Pq Xr vipw 8 , Xr passwd 5 .It Edit the group file and add the new user to the appropriate groups. .Pq Xr group 5 .It Set a password for the new user with passwd. .Pq Xr passwd 1 .It Create a home directory for this user. .Pq "see below" , Pa /usr/share/skel .El In general, new users should be created with unique user ids and login names. Home directories should be owned by that user. Avoid empty passwords and blank lines in the password file. .Sh DESCRIPTION Procedure for adding a new user: .Ss "Adding a new user to the password file:" The command to safely modify the password file is .Ic vipw . \ When run as root this edits the password file after setting the appropriate locks. Be careful while changing the password file since arbitrary changes can easily compromise the security of your system. A more detailed description can be obtained from the .Xr vipw 8 manual page. .Pp When creating a new user it is probably easiest to copy one of the existing entries and modify the fields as needed. For a description of the fields in the password file see the .Xr passwd 5 manual page. Here are some guidelines on how to modify the password entry: .Bl -tag -compat -width 8n .It Em name This must be a unique login name: it must not appear in .Pa /etc/passwd or .Pa /etc/aliases . It must not begin with the hyphen .Ql Em - character. It is strongly recommended that is be all lower-case, and not contain the dot .Ql Em \&. character, as that tends to confuse mailers. .It Em password The easiest way to set the password is with the .Xr passwd 1 program, which is mentioned below. For now, set this field to the asterisk .Ql Em * character to prevent any password from working. .It Em uid A new user should be given a user id that is unique across the system, and often across a group of systems, since user ids are used to control file access. One of the simplest way of choosing a user id is to find the maximum id used and add one. For example, if you started adding users at id 1000, and the highest id so far is 1020, the next user will have 1021 as his id. .It Em gid This is where you should set a user's primary group. Additional group membership can be granted by editing the .Pa /etc/group file .Pq see below . Typically, users working on similar projects will be put in the same groups. For instance, at the University of California, Berkeley, there are groups for system staff, faculty, graduate students and special groups for large projects. .Pp Group .Em 0 , named .Em wheel , is used to control what users may use su to gain root privileges. Often, instead of setting a user's primary group to wheel, the .Pa /etc/group file is used to control access to this privilege. In these cases the primary group is set to some other group, such as the generic staff or users group. .It Em class , change , expire Ignore these field for now. Make the class field empty, the change set to "0", and the expire field set to "0". .It Em gecos This is where you should place, among other information, the user's name. For instance, if the user's name is .Qq John Doe , this field would look like this: .Qq John Doe,,, .It Em home_dir This field should be set to the location of the user's home directory. For instance, assuming home directories are located in .Pa /home on your system, this would be set to .Pa /home/ . You will probably need to create this directory. See below for a more detailed explanation on how to create a home directory and what to put in it. .It Em shell Set this field to the desired shell. See .Xr shells 5 for more information. .El .Ss Setting the password: Once the user exists in the password file you can use the .Ic passwd utility to change his password. Executing .Ic passwd Ar will prompt you for the password. If you do not wish to use password authentication for this user then skip this step. For instance, if you wanted to only allow logins though ssh RSA authentication then a password would be undesirable. If you do skip this step make sure that you have set the password to the asterisk .Ql * character in the password file. Placing nothing .Pq Ql in the password field would allow this user to login with .Em NO password. This is probably not what you want. .Ss The chpass, chfn and chsh utilities: These utilities allow you to change a single user's infomation in a more user-friendly fasion than .Ic vipw . After creating the user with vipw, you may find it easier to use these instead. .Ss Editing /etc/group: The simplest thing to do here is to add a user onto an already existing group. This is done by appending the user's login name to the desired group line, separated from any other user names with a comma. .Pp For example, to add a user named .Qq Joe to the .Qq staff group you would change the line that looks like this: .Dl staff:*:20:root to look like this: .Dl staff:*:20:root,Joe .Pp Be careful of who you add to group 0, since the su utility uses this list to determine who is allowed to gain root privileges. .Pp For more information see .Xr group 5 and .Xr su 1 . .Ss Create the home directory: After you have created the user in the password file you will probably need to create a home directory for him. You will probably want to copy skeletal configuration files from .Em /usr/share/skel to give new users some help getting started. Finally you want to set the ownership and permissions on the directory and files. .Pp Assuming that you have set the home directory in the password file, here are the steps you will want to take: .Bl -item -compact .It mkdir ~$username .It cp /usr/share/skel/dot.profile ~$username/.profile .It cp /usr/share/skel/dot.login ~$username/.login .It cp /usr/share/skel/dot.mailrc ~$username/.mailrc .It cp /usr/share/skel/dot.cshrc ~$username/.cshrc .It cp /usr/share/skel/dot.rhosts ~$username/.rhosts .It chown -R $username:$usergroup ~$username .It chmod -R 700 ~$username .It chmod 755 ~$username .El .Pp (If you set the username and usergroup environment variables you can cut and paste this list of steps.) .Pp See .Xr cp 1 , .Xr chown 8 , .Xr chmod 1 and .Xr mkdir 1 for more information about these commands. .Sh SEE ALSO .Bl -item -compact .It .Xr vipw 8 , .Xr passwd 1 , .Xr group 5 , .Xr passwd 5 , .It .Xr chpass 1 , .Xr chfn 1 , .Xr chsh 1 , .It .Xr pwd_mkdb 8 , .Xr finger 1 , .Xr aliases 5 , .It .Xr chown 8 , .Xr chmod 1 , .Xr mkdir 1 , .Xr cp 1 , .Xr man 1 .El .Pp For many useful programs, including .Em ssh and .Em addnerd (a utility for adding users), see the .Nx packages collection. Information about packages can be found at .Em http://www.netbsd.org/Documentation/software/packages.html .Sh FILES .Bl -tag -width 20n -compact .It Pa /etc/passwd the system password file .It Pa /etc/group the system group file .It Pa /usr/share/skel/* skeletal login directory .El .Sh BUGS User information should (and eventually will) be stored elsewhere.