Linux Administrator Manual (7) - Manage User Accounts
Http://www.lelew.com/ 2004-05-10 13:05:14
This chapter explains how to generate a new user account, how to modify the account's properties, how to delete an account. Different Linux systems have different tools. What is an account? When a computer is used, it usually needs to distinguish the user, for example, make the personal files to personalize. This is also important if the computer is only used for one person. Therefore, each user gives a separate username, which is used to log in. There are more users in addition to the name. An account is all files, resources, and information belonging to this user. This belongs to the bank. In a commercial system, each account is usually related to some money, and these money relies on the user's use of the system that is flowing off at different speeds. For example, the disk space may have a daily price per MB, and the processing time may have a price per second. Creating a user Linux core does not only depend on the user. Each user uses a single integer identification, User ID or UID, because the number is more easier than the text name to the computer. A separate database other than the core gives each User ID, namely UserName. This database also contains some other information. To generate a user, you need to add information about the user 's information to the user database and give him a home directory. Training users, it is also necessary to establish a suitable initialization environment. Most Linux Distributions have programs that generate accounts and there are multiple. Adduser and Useradd are 2 of them; there may be a tool for GUI. Whatever the program, the result is that there is little if any manual work to be done. Even if the details are many and intricate, these programs make everything seem trivial. However, section 8.2.4 describes how to do it by hand. / ETC / Passwd and other information file UNIX systems The basic user database is a text file, / etc / passwd (called password file), which lists all valid usernames and its related information. Each user of the file is divided into: Separated 7 domain: username encrypted format password digital user ID full-name or account Other instructions, other instructions, other instructions, login shell (running program, running) Details The format is described in Passwd (5). Any user in the system can read the portrait file, so they can get the names of other users. That is, anyone can get a password (second domain). The password file encrypts the password, so the profit should be no problem. However, encryption is cracked, especially when passwords are relatively simple (for example, too short, or can be found in the dictionary). Therefore, the password is not good in the password file. Many Linux systems have shadow password Shadow Passwords files. This method exists in another file / etc / shadow in the password, and this file is only root read. The / etc / passwd file has only one Special Marker in the second domain. Any Program That Needs To Verify A User is setuid, then you can access the shadow password file. And only the normal procedures of other domains in the password file cannot be obtained. Number of users and group IDs Most systems do no matter what the numbers and group IDs, but if all systems must use the same UID and GID if all network file systems (NFSs) are used. Because NFS is also authenticated with UID. If NFS is not used, you can automatically obtain the UID of the account generating tool. If you use NFS, you must use a mechanism to synchronize account information. One method is to use NIS systems (see [Kir]).
Initial Environment: / etc / skel When the new user's home directory is generated, use the / etc / skel directory initialization. System administrators can generate files in / etc / skel to provide users with a good default environment. For example, generating a /etc/skel/.profile setting Editor environment variable, providing a friendly editor for new users. However, it is generally best to keep / etc / skel as small as possible because IT Will Be next to impossible to update existing users' files. For example, if the name of the friendly editor changes, all existing users must edit their .profile. System administrators can automate with a Script, but may still destroy certain users' files. As long as it is possible, it is best to put global settings in the global file, such as / etc / profile. This can be upgraded to avoid destroying the user's own settings. Manually created the user to create a new user by editing / etc / passwd with VIPW (8), adding a new line for new users. Pay attention to the syntax. Don't edit directly with the editor! VIPW locks this file, other commands cannot be updated now. The setting the password field is "*", which cannot be logged in. Similarly, if you want to create a new group, edit / etc / group with Vigr. Use MKDIR to generate the user's home directory. Copy the files in / etc / skel to your new home directory. Modify the owner and permissions with Chown and Chmod. The -r option is most useful. The Correct Permissions Vary a Little from One Site to Another, But Usually The Following Commands Do The Right Thing: CD / Home / Newusername Chown -R UserName.Group. Chmod -r GO = U, Go-W. Chmod Go =. Passwd (1) Sets the password. The last step sets the full password, this account can be used. You should not have the password before all other things, otherwise this user may not allow you to log in to while You're still copying the files. Sometimes you need to create a Dummy account that is not used by anyone, for example, create an anonymous FTP server (Such anyone can download files from it, there is no need to get an account), you must generate an account called FTP. This is usually not required to set the password of the next step. Moreover, it is best not to set it, so no one can use this account unless it becomes root, because root can turn into any user. Changing the user attribute has several commands that change the different attributes of the account (ie / etc / passwd): CHFN changes the full name. Chsh change login shell. Passwd changes the password. Super users can change the properties of any account with these passwords. Ordinary users can only change their accounts of their accounts. Sometimes it may be necessary to make these commands are not available to ordinary users (CHMOD), such as in a large environment. Other tasks need to be done manually. For example, change the username, you need to edit / etc / passwd (remember: with VIPW). Similarly, to add or remove the user to more groups, you need to edit / etc / group (Vigr). This task is less, it takes care: For example, change the username, email can't reach this user unless you also generate a mail alias at the same time.
