adduser(8) - NetBSD Manual Pages

ADDUSER(8)              NetBSD System Manager's Manual              ADDUSER(8)


NAME
adduser - procedure for adding new users
OVERVIEW
Although there exists an addnerd package for adding users (see the SEE ALSO section below), the standard NetBSD distribution does not include an adduser command. This is a brief description of the actions that should be taken to add a user: + Edit the password file and add an appropriate entry. (vipw(8), passwd(5)) + Edit the group file and add the new user to the appropriate groups. (group(5)) + Set a password for the new user with passwd. (passwd(1)) + Create a home directory for this user. (see below, /usr/share/skel) In general, new users should be created with unique user ids and login names. Home directories should be owned by that user. Avoid empty pass- words and blank lines in the password file.
DESCRIPTION
Procedure for adding a new user: Adding a new user to the password file: The command to safely modify the password file is vipw. When run as root this edits the password file after setting the appropriate locks. Be careful while changing the password file since arbitrary changes can easily compromise the security of your system. A more detailed descrip- tion can be obtained from the vipw(8) manual page. When creating a new user it is probably easiest to copy one of the exist- ing entries and modify the fields as needed. For a description of the fields in the password file see the passwd(5) manual page. Here are some guidelines on how to modify the password entry: name This must be a unique login name: it must not appear in /etc/passwd or /etc/aliases. It must not begin with the hyphen `-' character. It is strongly recommended that is be all low- er-case, and not contain the dot `.' character, as that tends to confuse mailers. password The easiest way to set the password is with the passwd(1) pro- gram, which is mentioned below. For now, set this field to the asterisk `*' character to prevent any password from working. uid A new user should be given a user id that is unique across the system, and often across a group of systems, since user ids are used to control file access. One of the simplest way of choos- ing a user id is to find the maximum id used and add one. For example, if you started adding users at id 1000, and the high- est id so far is 1020, the next user will have 1021 as his id. gid This is where you should set a user's primary group. Addition- al group membership can be granted by editing the /etc/group file (see below). Typically, users working on similar projects will be put in the same groups. For instance, at the Universi- ty of California, Berkeley, there are groups for system staff, faculty, graduate students and special groups for large pro- jects. Group 0, named wheel, is used to control what users may use su to gain root privileges. Often, instead of setting a user's primary group to wheel, the /etc/group file is used to control access to this privilege. In these cases the primary group is set to some other group, such as the generic staff or users group. class, change, expire Ignore these field for now. Make the class field empty, the change set to "0", and the expire field set to "0". gecos This is where you should place, among other information, the user's name. For instance, if the user's name is "John Doe", this field would look like this: "John Doe,,," home_dir This field should be set to the location of the user's home di- rectory. For instance, assuming home directories are located in /home on your system, this would be set to /home/<username>. You will probably need to create this directory. See below for a more detailed explanation on how to create a home directory and what to put in it. shell Set this field to the desired shell. See shells(5) for more information. Setting the password: Once the user exists in the password file you can use the passwd utility to change his password. Executing passwd <username> will prompt you for the password. If you do not wish to use password authentication for this user then skip this step. For instance, if you wanted to only allow lo- gins though ssh RSA authentication then a password would be undesirable. If you do skip this step make sure that you have set the password to the asterisk `*' character in the password file. Placing nothing (`') in the password field would allow this user to login with NO password. This is probably not what you want. The chpass, chfn and chsh utilities: These utilities allow you to change a single user's infomation in a more user-friendly fasion than vipw. After creating the user with vipw, you may find it easier to use these instead. Editing /etc/group: The simplest thing to do here is to add a user onto an already existing group. This is done by appending the user's login name to the desired group line, separated from any other user names with a comma. For example, to add a user named "Joe" to the "staff" group you would change the line that looks like this: staff:*:20:root to look like this: staff:*:20:root,Joe Be careful of who you add to group 0, since the su utility uses this list to determine who is allowed to gain root privileges. For more information see group(5) and su(1). Create the home directory: After you have created the user in the password file you will probably need to create a home directory for him. You will probably want to copy skeletal configuration files from /usr/share/skel to give new users some help getting started. Finally you want to set the ownership and permis- sions on the directory and files. Assuming that you have set the home directory in the password file, here are the steps you will want to take: mkdir ~$username cp /usr/share/skel/dot.profile ~$username/.profile cp /usr/share/skel/dot.login ~$username/.login cp /usr/share/skel/dot.mailrc ~$username/.mailrc cp /usr/share/skel/dot.cshrc ~$username/.cshrc cp /usr/share/skel/dot.rhosts ~$username/.rhosts chown -R $username:$usergroup ~$username chmod -R 700 ~$username chmod 755 ~$username (If you set the username and usergroup environment variables you can cut and paste this list of steps.) See cp(1), chown(8), chmod(1) and mkdir(1) for more information about these commands.
SEE ALSO
vipw(8), passwd(1), group(5), passwd(5), chpass(1), chfn(1), chsh(1), pwd_mkdb(8), finger(1), aliases(5), chown(8), chmod(1), mkdir(1), cp(1), man(1) For many useful programs, including ssh and addnerd (a utility for adding users), see the NetBSD packages collection. Information about packages can be found at http://www.netbsd.org/Documentation/software/packages.html
FILES
/etc/passwd the system password file /etc/group the system group file /usr/share/skel/* skeletal login directory
BUGS
User information should (and eventually will) be stored elsewhere. NetBSD 1.4 January 23, 1999 3

Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.