ADDUSER(8) — MAINTENANCE COMMANDS

NAME

adduser − procedure for adding new users

DESCRIPTION

To add an account for a new user, the system administrator (or super-user):

• Create an entry for the new user in the system password files.

• Create a home directory for the user, and change ownership so the new user owns that directory.

• Optionally set up skeletal dot files for the new user (.cshrc, .login, .profile...).

• If the account is on a system running the YP name service, take additional measures.

USAGE

Making an Entry in the Password File

To add an entry for the new login name on a local host, first edit the /etc/passwd file — inserting a line for the new user. This must be done with the password file locked, for instance, by using vipw(8), and the insertion must be made above the line containing the string:

+::0:0:::

This line is used to indicate that additional accounts can be found in the YP.

To add an entry for the new login name into the YP, add an identical line to the file /etc/passwd on the YP master server, and run make(1) in the directory /var/yp (see ypmake(8) for details) to propagate the change.

The new user is assigned a group and user ID number (GID and UID respectively). UIDs should be unique for each user and consistent across the NFS domain, since they control access to files. GIDs need not be unique. Typically, users working on similar projects will assigned to the same group. The system staff is group 10 for historical reasons, and the super-user is in this group.

An entry for a new user francine would look like this:

francine::235:20:& Featherstonehaugh:/usr/francine:/bin/csh

Fields in each password-file entry are delimited by colons, and have the following meanings:

• Login name (francine). The login name is limited to eight characters in length.

• Encrypted password or the string ##name if encrypted passwords are stored in the password adjunct file. Typically, if passwords are to be stored in the main password file, this field is left empty, so no password is needed when the user first logs in. If security demands a password, it should be assigned by running passwd(1) immediately after exiting the editor. The number of significant characters in a password is eight. (See passwd(1).)

• User ID. The UID is a number which identifies that user uniquely in the system. Files owned by the user have this number stored in their data blocks, and commands such as ls(1V) use it to look up the owner’s login name. For this reason, you cannot randomly change this number. See passwd(5) for more information.

• Group ID. The UID number identifies the group to which the user belongs by default (although the user may belong to additional groups as well). All files that the user creates have this number stored in their data blocks, and commands such as ls(1V) use it to look up the group name. Group names and assignments are listed in the file /etc/group (which is described in group(5)) or in the YP group map.

• This field is called the GCOS field (from earlier implementation of the operating system) and is traditionally used to hold the user’s full name. Some installations have other information encoded in this field. From this information we can tell that Francine’s real name is ‘Francine Featherstonehaugh’. The & in the entry is shorthand for the user’s login name.

• User’s home directory. This is the directory in which that user is “positioned” when they log in.

• Initial shell which this user will see on login. If this field is empty, sh(1) is used as the initial shell.

An entry for a new user francine would look like this:

francine:::::lo:ad,+dw

Fields in each password adjunct file entry are delimited by colons, and have the following meanings:

• Login name (francine). This name must match the login name in the password file.

• Encrypted password. Typically, this field is left empty when adding the line using the editor. passwd(1) should be run immediately after exiting the editor.

• The next three fields are the minimum label, the maximum label, and the default label. These fields should be left empty, since they are reserved for future use.

• The next two fields are for the always-audit flags and the never-audit flags. Always-audit flags specify which events guaranteed to be audited for that user. Never-audit flags specify which events are guaranteed not to be audited for that user. For a description of audit flags, see audit_data(5).

Making a Home Directory

As shown in the password file entry above, the name of Francine’s home directory is to be /usr/francine. This directory must be created using mkdir(1), and Francine must be given ownership of it using chown(8), in order for her profile files to be read and executed, and to have control over access to it by other users:

example# mkdir /usr/francine
example# /usr/etc/chown francine /usr/francine

If running under NFS, the mkdir(1) and chown(8) commands must be performed on the NFS server.

Setting Up Skeletal Profile Files

New users often need assistance in setting up their profile files to initialize the terminal properly, configure their search path, and perform other desired functions at startup. Providing them with skeletal profile files saves time and interruptions for both the new user and the system administrator.

Such files as .profile (if they use /usr/bin/sh as the shell), or .cshrc and .login (if they use /usr/bin/csh as the shell), can include commands that are performed automatically at each login, or whenever a shell is invoked, such as tset(1). The ownership of these files must be changed to belong to the new user, either by running su(1) before making copies, or by using chown(8).

FILES

/etc/passwd password file

/etc/group group file

/etc/yp/src/passwd

~/.cshrc

~/.login

~/.profile

Museum

Related Articles