adduser(8)
- NetBSD Manual Pages
ADDUSER(8) NetBSD System Manager's Manual ADDUSER(8)
NAME
adduser - procedure for adding new users
OVERVIEW
Although there exists an addnerd package for adding users (see the SEE
ALSO section below), the standard NetBSD distribution does not include an
adduser command. This is a brief description of the actions that should
be taken to add a user:
+ Edit the password file and add an appropriate entry. (vipw(8),
passwd(5))
+ Edit the group file and add the new user to the appropriate groups.
(group(5))
+ Set a password for the new user with passwd. (passwd(1))
+ Create a home directory for this user. (see below, /usr/share/skel)
In general, new users should be created with unique user ids and login
names. Home directories should be owned by that user. Avoid empty pass-
words and blank lines in the password file.
DESCRIPTION
Procedure for adding a new user:
Adding a new user to the password file:
The command to safely modify the password file is vipw. When run as
root this edits the password file after setting the appropriate locks.
Be careful while changing the password file since arbitrary changes can
easily compromise the security of your system. A more detailed descrip-
tion can be obtained from the vipw(8) manual page.
When creating a new user it is probably easiest to copy one of the exist-
ing entries and modify the fields as needed. For a description of the
fields in the password file see the passwd(5) manual page. Here are some
guidelines on how to modify the password entry:
name This must be a unique login name: it must not appear in
/etc/passwd or /etc/aliases. It must not begin with the hyphen
`-' character. It is strongly recommended that is be all low-
er-case, and not contain the dot `.' character, as that tends
to confuse mailers.
password The easiest way to set the password is with the passwd(1) pro-
gram, which is mentioned below. For now, set this field to the
asterisk `*' character to prevent any password from working.
uid A new user should be given a user id that is unique across the
system, and often across a group of systems, since user ids are
used to control file access. One of the simplest way of choos-
ing a user id is to find the maximum id used and add one. For
example, if you started adding users at id 1000, and the high-
est id so far is 1020, the next user will have 1021 as his id.
gid This is where you should set a user's primary group. Addition-
al group membership can be granted by editing the /etc/group
file (see below). Typically, users working on similar projects
will be put in the same groups. For instance, at the Universi-
ty of California, Berkeley, there are groups for system staff,
faculty, graduate students and special groups for large pro-
jects.
Group 0, named wheel, is used to control what users may use su
to gain root privileges. Often, instead of setting a user's
primary group to wheel, the /etc/group file is used to control
access to this privilege. In these cases the primary group is
set to some other group, such as the generic staff or users
group.
class, change, expire
Ignore these field for now. Make the class field empty, the
change set to "0", and the expire field set to "0".
gecos This is where you should place, among other information, the
user's name. For instance, if the user's name is "John Doe",
this field would look like this: "John Doe,,,"
home_dir This field should be set to the location of the user's home di-
rectory. For instance, assuming home directories are located
in /home on your system, this would be set to /home/<username>.
You will probably need to create this directory. See below for
a more detailed explanation on how to create a home directory
and what to put in it.
shell Set this field to the desired shell. See shells(5) for more
information.
Setting the password:
Once the user exists in the password file you can use the passwd utility
to change his password. Executing passwd <username> will prompt you for
the password. If you do not wish to use password authentication for this
user then skip this step. For instance, if you wanted to only allow lo-
gins though ssh RSA authentication then a password would be undesirable.
If you do skip this step make sure that you have set the password to the
asterisk `*' character in the password file. Placing nothing (`') in the
password field would allow this user to login with NO password. This is
probably not what you want.
The chpass, chfn and chsh utilities:
These utilities allow you to change a single user's infomation in a more
user-friendly fasion than vipw. After creating the user with vipw, you
may find it easier to use these instead.
Editing /etc/group:
The simplest thing to do here is to add a user onto an already existing
group. This is done by appending the user's login name to the desired
group line, separated from any other user names with a comma.
For example, to add a user named "Joe" to the "staff" group you would
change the line that looks like this:
staff:*:20:root
to look like this:
staff:*:20:root,Joe
Be careful of who you add to group 0, since the su utility uses this list
to determine who is allowed to gain root privileges.
For more information see group(5) and su(1).
Create the home directory:
After you have created the user in the password file you will probably
need to create a home directory for him. You will probably want to copy
skeletal configuration files from /usr/share/skel to give new users some
help getting started. Finally you want to set the ownership and permis-
sions on the directory and files.
Assuming that you have set the home directory in the password file, here
are the steps you will want to take:
mkdir ~$username
cp /usr/share/skel/dot.profile ~$username/.profile
cp /usr/share/skel/dot.login ~$username/.login
cp /usr/share/skel/dot.mailrc ~$username/.mailrc
cp /usr/share/skel/dot.cshrc ~$username/.cshrc
cp /usr/share/skel/dot.rhosts ~$username/.rhosts
chown -R $username:$usergroup ~$username
chmod -R 700 ~$username
chmod 755 ~$username
(If you set the username and usergroup environment variables you can cut
and paste this list of steps.)
See cp(1), chown(8), chmod(1) and mkdir(1) for more information about
these commands.
SEE ALSO
vipw(8), passwd(1), group(5), passwd(5),
chpass(1), chfn(1), chsh(1),
pwd_mkdb(8), finger(1), aliases(5),
chown(8), chmod(1), mkdir(1), cp(1), man(1)
For many useful programs, including ssh and addnerd (a utility for adding
users), see the NetBSD packages collection. Information about packages
can be found at
http://www.netbsd.org/Documentation/software/packages.html
FILES
/etc/passwd the system password file
/etc/group the system group file
/usr/share/skel/* skeletal login directory
BUGS
User information should (and eventually will) be stored elsewhere.
NetBSD 1.4 January 23, 1999 3
Powered by man-cgi (2024-03-20).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.