39b11db849
so we shouldn't override it with versions in the manpages. Many more to come.
296 lines
9.2 KiB
Groff
296 lines
9.2 KiB
Groff
.\" $NetBSD: adduser.8,v 1.7 1999/03/17 20:31:19 garbled Exp $
|
|
.\"
|
|
.\" Copyright (c) 1999 The NetBSD Foundation, Inc.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
|
.\" by Eric Haszlakiewicz
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the NetBSD
|
|
.\" Foundation, Inc. and its contributors.
|
|
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
.\" contributors may be used to endorse or promote products derived
|
|
.\" from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd January 23, 1999
|
|
.Dt ADDUSER 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm adduser
|
|
.Nd procedure for adding new users
|
|
.Sh OVERVIEW
|
|
Although there exists an
|
|
.Nm addnerd
|
|
package for adding users (see the
|
|
.Nm SEE ALSO
|
|
section below), the standard
|
|
.Nx
|
|
distribution does not include an
|
|
adduser command. This is a brief description of the actions that
|
|
should be taken to add a user:
|
|
|
|
.Bl -bullet -compact
|
|
.It
|
|
Edit the password file and add an appropriate entry.
|
|
.Pq Xr vipw 8 , Xr passwd 5
|
|
.It
|
|
Edit the group file and add the new user to the appropriate groups.
|
|
.Pq Xr group 5
|
|
.It
|
|
Set a password for the new user with passwd.
|
|
.Pq Xr passwd 1
|
|
.It
|
|
Create a home directory for this user.
|
|
.Pq "see below" , Pa /usr/share/skel
|
|
.El
|
|
|
|
In general, new users should be created with unique user ids and login names.
|
|
Home directories should be owned by that user. Avoid empty passwords and
|
|
blank lines in the password file.
|
|
|
|
.Sh DESCRIPTION
|
|
Procedure for adding a new user:
|
|
|
|
.Ss "Adding a new user to the password file:"
|
|
The command to safely modify the password file is
|
|
.Ic vipw .
|
|
\ When run as root this edits the password file after setting the
|
|
appropriate locks. Be careful while changing the password file since
|
|
arbitrary changes can easily compromise the security of your system.
|
|
A more detailed description can be obtained from the
|
|
.Xr vipw 8
|
|
manual page.
|
|
.Pp
|
|
When creating a new user it is probably easiest to copy one of the existing
|
|
entries and modify the fields as needed. For a description of the fields in
|
|
the password file see the
|
|
.Xr passwd 5
|
|
manual page.
|
|
Here are some guidelines on how to modify the password entry:
|
|
.Bl -tag -compat -width 8n
|
|
.It Em name
|
|
This must be a unique login name: it must not appear in
|
|
.Pa /etc/passwd
|
|
or
|
|
.Pa /etc/aliases .
|
|
It must not begin with the hyphen
|
|
.Ql Em -
|
|
character.
|
|
It is strongly recommended that is be all lower-case, and not contain the dot
|
|
.Ql Em \&.
|
|
character, as that tends to confuse mailers.
|
|
.It Em password
|
|
The easiest way to set the password is with the
|
|
.Xr passwd 1
|
|
program, which is mentioned below. For now, set this field to the asterisk
|
|
.Ql Em *
|
|
character to prevent any password from working.
|
|
.It Em uid
|
|
A new user should be given a user id that is unique across the system, and
|
|
often across a group of systems, since user ids are used to control file
|
|
access. One of the simplest way of choosing a user id is to find the
|
|
maximum id used and add one. For example, if you started adding users at
|
|
id 1000, and the highest id so far is 1020, the next user will have 1021
|
|
as his id.
|
|
.It Em gid
|
|
This is where you should set a user's primary group. Additional group
|
|
membership can be granted by editing the
|
|
.Pa /etc/group
|
|
file
|
|
.Pq see below .
|
|
Typically, users working on similar projects will be put in the same groups.
|
|
For instance, at the University of California, Berkeley, there are groups
|
|
for system staff, faculty, graduate students and special groups for large
|
|
projects.
|
|
.Pp
|
|
Group
|
|
.Em 0 ,
|
|
named
|
|
.Em wheel ,
|
|
is used to control what users may use su to gain root
|
|
privileges. Often, instead of setting a user's primary group to wheel, the
|
|
.Pa /etc/group
|
|
file is used to control access to this privilege. In these cases the primary
|
|
group is set to some other group, such as the generic staff or users group.
|
|
.It Em class , change , expire
|
|
Ignore these field for now. Make the class field empty, the change set to "0",
|
|
and the expire field set to "0".
|
|
.It Em gecos
|
|
This is where you should place, among other information, the user's name.
|
|
For instance, if the user's name is
|
|
.Qq John Doe ,
|
|
this field would look like this:
|
|
.Qq John Doe,,,
|
|
.It Em home_dir
|
|
This field should be set to the location of the user's home directory.
|
|
For instance, assuming home directories are located in
|
|
.Pa /home
|
|
on your system, this would be set to
|
|
.Pa /home/<username> .
|
|
You will probably need to create this directory.
|
|
See below for a more detailed explanation on how to create a home
|
|
directory and what to put in it.
|
|
.It Em shell
|
|
Set this field to the desired shell. See
|
|
.Xr shells 5
|
|
for more information.
|
|
.El
|
|
|
|
.Ss Setting the password:
|
|
Once the user exists in the password file you can use the
|
|
.Ic passwd
|
|
utility to change his password. Executing
|
|
.Ic passwd Ar <username>
|
|
will prompt you for the password. If you do not wish to use password
|
|
authentication for this user then skip this step. For instance, if you
|
|
wanted to only allow logins though ssh RSA authentication then a password
|
|
would be undesirable. If you do skip this step make sure that you have set
|
|
the password to the asterisk
|
|
.Ql *
|
|
character in the password file. Placing nothing
|
|
.Pq Ql
|
|
in the password field would allow this user to login with
|
|
.Em NO
|
|
password. This is probably not what you want.
|
|
|
|
.Ss The chpass, chfn and chsh utilities:
|
|
These utilities allow you to change a single user's infomation in a more
|
|
user-friendly fasion than
|
|
.Ic vipw .
|
|
After creating the user with vipw, you may find it easier to use
|
|
these instead.
|
|
.Ss Editing /etc/group:
|
|
The simplest thing to do here is to add a user onto an already existing
|
|
group. This is done by appending the user's login name to the desired
|
|
group line, separated from any other user names with a comma.
|
|
.Pp
|
|
For example, to add a user named
|
|
.Qq Joe
|
|
to the
|
|
.Qq staff
|
|
group you would change the line that looks like this:
|
|
.Dl staff:*:20:root
|
|
to look like this:
|
|
.Dl staff:*:20:root,Joe
|
|
.Pp
|
|
Be careful of who you add to group 0, since the su utility uses this list
|
|
to determine who is allowed to gain root privileges.
|
|
.Pp
|
|
For more information see
|
|
.Xr group 5
|
|
and
|
|
.Xr su 1 .
|
|
|
|
.Ss Create the home directory:
|
|
After you have created the user in the password file you will probably need
|
|
to create a home directory for him. You will probably want to copy
|
|
skeletal configuration files from
|
|
.Em /usr/share/skel
|
|
to give new users some help getting started.
|
|
Finally you want to set the ownership and permissions on the directory
|
|
and files.
|
|
.Pp
|
|
Assuming that you have set the home directory in the password file,
|
|
here are the steps you will want to take:
|
|
|
|
.Bl -item -compact
|
|
.It
|
|
mkdir ~$username
|
|
.It
|
|
cp /usr/share/skel/dot.profile ~$username/.profile
|
|
.It
|
|
cp /usr/share/skel/dot.login ~$username/.login
|
|
.It
|
|
cp /usr/share/skel/dot.mailrc ~$username/.mailrc
|
|
.It
|
|
cp /usr/share/skel/dot.cshrc ~$username/.cshrc
|
|
.It
|
|
cp /usr/share/skel/dot.rhosts ~$username/.rhosts
|
|
.It
|
|
chown -R $username:$usergroup ~$username
|
|
.It
|
|
chmod -R 700 ~$username
|
|
.It
|
|
chmod 755 ~$username
|
|
.El
|
|
.Pp
|
|
(If you set the username and usergroup environment variables you can cut
|
|
and paste this list of steps.)
|
|
.Pp
|
|
See
|
|
.Xr cp 1 ,
|
|
.Xr chown 8 ,
|
|
.Xr chmod 1
|
|
and
|
|
.Xr mkdir 1
|
|
for more information about these commands.
|
|
|
|
.Sh SEE ALSO
|
|
.Bl -item -compact
|
|
.It
|
|
.Xr vipw 8 ,
|
|
.Xr passwd 1 ,
|
|
.Xr group 5 ,
|
|
.Xr passwd 5 ,
|
|
.It
|
|
.Xr chpass 1 ,
|
|
.Xr chfn 1 ,
|
|
.Xr chsh 1 ,
|
|
.It
|
|
.Xr pwd_mkdb 8 ,
|
|
.Xr finger 1 ,
|
|
.Xr aliases 5 ,
|
|
.It
|
|
.Xr chown 8 ,
|
|
.Xr chmod 1 ,
|
|
.Xr mkdir 1 ,
|
|
.Xr cp 1 ,
|
|
.Xr man 1
|
|
.El
|
|
.Pp
|
|
For many useful programs, including
|
|
.Em ssh
|
|
and
|
|
.Em addnerd
|
|
(a utility for adding users),
|
|
see the
|
|
.Nx
|
|
packages collection. Information about packages can be
|
|
found at
|
|
.Em http://www.netbsd.org/Documentation/software/packages.html
|
|
|
|
.Sh FILES
|
|
.Bl -tag -width 20n -compact
|
|
.It Pa /etc/passwd
|
|
the system password file
|
|
.It Pa /etc/group
|
|
the system group file
|
|
.It Pa /usr/share/skel/*
|
|
skeletal login directory
|
|
.El
|
|
|
|
.Sh BUGS
|
|
User information should (and eventually will) be stored elsewhere.
|