Manual page for ADDUSER(8)
adduser - procedure for adding new users
DESCRIPTION
To add an account for a new user, the system
administrator (or super-user):
-
- Create an entry for the new user in the system password files.
- Create a home directory for the user,
and change ownership so the new user owns that directory.
- Optionally set up skeletal dot files for the new user
(.cshrc,
.login,
.profile...).
- If the account is on a system running the
Network Information Service
(NIS),
take additional measures.
USAGE
Making an Entry in the Password File
To add an entry for the new login name on a local host, first edit the
/etc/passwd
file
-- inserting a line for the new user.
This must be done with the
password file locked, for instance, by using
vipw.8
and the insertion must be made above the line containing the
string:
+::0:0:::
This line indicates that additional accounts can be found
in the
NIS
service.
To add an entry for the new login name into the
NIS
service,
add an identical line to the file
/etc/passwd
on the
NIS
master server, and run
make.1
in the directory
/var/yp
(see
ypmake.8
for details) to propagate the change.
The new user is assigned a group and user
ID
number
(GID
and
UID
respectively).
UIDs
should be unique for each user and
consistent across the
NFS
domain, since they control access to files.
GIDs
need not be unique.
Typically, users working on similar projects will assigned to the same
group. The system staff is group 10 for historical reasons,
and the super-user is in this group.
An entry for a new user
francine
would look like this:
francine::235:20:& Featherstonehaugh:/usr/francine:/bin/csh
Fields in each password-file entry are delimited by colons, and have
the following meanings:
-
- Login name
(francine).
The login name is limited to eight characters in length.
- Encrypted password or the string
##name
if encrypted passwords are stored
in the password adjunct file.
Typically, if passwords are to be stored in
the main password file, this field is left empty, so
no password is needed when the user first logs in.
If security demands a password, it should be assigned by running
passwd.1
immediately after exiting the editor. The number of significant
characters in a password is eight. (See
passwd.1
- User
ID.
The
UID
is a number which identifies that user uniquely in the system.
Files owned by the user have this number stored in
their data blocks, and commands such as
ls (1V)
(see
ls.1v
use it to look up the owner's login name.
For this reason, you cannot
randomly change this number. See
passwd.5
for more information.
- Group
ID.
The
GID
number identifies the group to which
the user belongs by default (although the user may belong to
additional groups as well). All files that the user creates have this
number stored in their data blocks, and commands such as
ls.1v
(see
ls.1v
use it to look up the group name. Group names and assignments
are listed in the file
/etc/group
(which is described in
group.5
or in the
NIS
group map.
- This field is called the
GCOS
field (from earlier implementation of the
operating system) and is traditionally used to hold the user's full name.
Some installations have other information encoded in this field.
From this information we can tell that Francine's real name is
`Francine Featherstonehaugh'.
The
&
in the entry is shorthand for the user's
login name.
- User's home directory.
This is the directory in which that user is
``positioned'' when they log in.
- Initial shell which this user will see on login.
If this field is empty,
sh.1
is used as the initial shell.
An entry for a new user
francine
would look like this:
francine:::::lo:ad,+dw
Fields in each password adjunct file entry
are delimited by colons, and have
the following meanings:
-
- Login name
(francine).
This name must match the login name in the password file.
- Encrypted password. Typically, this field is left empty when
adding the line using the editor.
passwd.1
should be run immediately after exiting the editor.
- The next three fields are
the minimum label, the maximum label, and the default label.
These fields should be left empty,
since they are reserved for future use.
- The next two fields are for
the always-audit flags and the never-audit flags.
Always-audit flags specify which events
are guaranteed to be audited for that user.
Never-audit flags specify which events
are guaranteed not to be audited for that user.
For a description of audit flags, see
audit_data.5
Making a Home Directory
As shown in the password file entry above, the name of Francine's home
directory is to be
/usr/francine.
This directory must be created using
mkdir.1
and Francine must be given ownership of it using
chown.8
in order for her profile files to be read and executed, and to
have control over access to it by other users:
-
example# mkdir /usr/francine
example# /usr/etc/chown francine /usr/francine
If running under
NFS,
the
mkdir.1
and
chown.8
commands must be performed on the
NFS
server.
Setting Up Skeletal Profile Files
New users often need assistance in setting up their profile
files to initialize the terminal properly, configure their
search path, and perform other desired functions at startup.
Providing them with skeletal profile files saves time
and interruptions for both the new user and the system administrator.
Such files as
.profile
(if they use
/usr/bin/sh
as the shell), or
.cshrc
and
.login
(if they use
/usr/bin/csh
as the shell),
can include commands that are performed automatically at each
login, or whenever a shell is invoked, such as
tset.1
The ownership of these files must be changed to belong to the
new user, either by running
su.1v
before making copies, or by using
chown.8
FILES
- /etc/passwd
-
password file
- /etc/security/passwd.adjunct
-
- /etc/group
-
group file
- /etc/yp/src/passwd
-
- ~/.cshrc
-
- ~/.login
-
- ~/.profile
-
SEE ALSO
csh.1
ls.1v
make.1
mkdir.1
passwd.1
sh.1
su.1v
tset.1
audit.2
audit_control.5
audit_data.5
passwd.adjunct.5
group.5
passwd.5
passwd.adjunct.5
audit.8
auditd.8
chown.8
vipw.8
ypmake.8
[a manual with the abbreviation ADMIN]
NOTES
The Network Information Service
(NIS)
was formerly known as Sun Yellow Pages
(YP).
The functionality of the two remains the same;
only the name has changed.
Created by unroff & hp-tools.
© somebody (See intro for details). All Rights Reserved.
Last modified 11/5/97