Slackware Linux Essentials
Prev		Next

Chapter 12 Essential System +Administration

+ +

Table of Contents
12.1 Users and +Groups
12.2 Users and Groups, the Hard +Way
12.3 Shutting Down Properly

+ +

Whoa whoa whoa whoa whoa.... I know what you're thinking. “I'm not a system +administrator! I don't even want to be a system administrator!”

+ +

Fact is, you are the administrator of any computers for which you have the root password. This might be your desktop box with one or two +users, or it might be a big server with several hundred. Regardless, you'll need to know +how to manage users, and how to shut down the system safely. These tasks seem simple, but +they have some quirks to keep in mind.

+ +

12.1 +Users and Groups

+ +

As mentioned in Chapter 8, you shouldn't normally use your +system logged in as root. Instead, you should create a normal +user account for everyday use, and use the root account only for system administration +tasks. To create a user, you can either use the tools supplied with Slackware, or you can +edit the password files by hand.

+ +

12.1.1 Supplied Scripts

+ +

The easiest way to manage users and groups is with the supplied scripts and programs. +Slackware includes the programs adduser, userdel(8), chfn(1), chsh(1), and passwd(1) for dealing with +users. The commands groupadd(8), groupdel(8), and groupmod(8) are for +dealing with groups. With the exception of chfn, chsh, and passwd, these programs are +generally only run as root, and are therefore located in /usr/sbin. chfn, chsh, and passwd can be run by anyone, and +are located in /usr/bin.

+ +

Users can be added with the adduser program. We'll start out +by going through the whole procedure, showing all the questions that are asked and a +brief description of what everything means. The default answer is in the brackets, and +can be chosen for almost all the questions, unless you really want to change +something.

+ + + + + +

+# adduser
+Login name for new user []: jellyd
+

+ +

This is the name that the user will use to login. Traditionally, login names are eight +characters or fewer, and all lowercase characters. (You may use more than eight +characters, or use digits, but avoid doing so unless you have a fairly important +reason.)

+ +

You can also provide the login name as an argument on the command line:

+ + + + + +

+# adduser jellyd
+

+ +

In either case, after providing the login name, adduser will prompt for the user +ID:

+ + + + + +

+User ID ('UID') [ defaults to next available ]:
+

+ +

The user ID (UID) is how ownerships are really determined in Linux. Each user has a +unique number, starting at 1000 in Slackware. You can pick a UID for the new user, or you +can just let adduser assign the user the next free one.

+ + + + + +

+Initial group [users]:
+

+ +

All users are placed into the users group by default. You +might want to place the new user into a different group, but it is not recommended unless +you know what you're doing.

+ + + + + +

+Additional groups (comma separated) []:
+

+ +

This question allows you to place the new user into additional groups. It is possible +for a user to be in several groups at the same time. This is useful if you have +established groups for things like modifying web site files, playing games, and so on. +For example, some sites define group wheel as the only group +that can use the su command. Or, a default Slackware +installation uses the sys group for users authorized to play +sounds through the internal sound card.

+ + + + + +

+Home directory [/home/jellyd]
+

+ +

Home directories default to being placed under /home. If you +run a very large system, it's possible that you have moved the home directories to a +different location (or to many locations). This step allows you to specify where the +user's home directory will be.

+ + + + + +

+Shell [ /bin/bash ]
+

+ +

bash is the default shell for Slackware Linux, and will be +fine for most people. If your new user comes from a Unix background, they may be familiar +with a different shell. You can change their shell now, or they can change it themselves +later using the chsh command.

+ + + + + +

+Expiry date (YYYY-MM-DD) []:
+

+ +

Accounts can be set up to expire on a specified date. By default, there is no +expiration date. You can change that, if you'd like. This option might be useful for +people running an ISP who might want to make an account expire upon a certain date, +unless they receive the next year's payment.

+ + + + + +

+New account will be created as follows:
+---------------------------------------
+Login name:         jellyd
+UID:                [ Next available ]
+Initial group:      users
+Additional groups:  [ None ]
+Home directory:     /home/jellyd
+Shell:              /bin/bash
+Expiry date:        [ Never ]
+

+ +

This is it... if you want to bail out, hit Control+C. Otherwise, press ENTER to go ahead and +make the account.

+ +

You now see all the information that you've entered about the new account and are +given the opportunity to abort the account creation. If you entered something +incorrectly, you should hit Control+C and +start over. Otherwise, you can hit enter and the account +will be made.

+ + + + + +

+Creating new account...
+
+Changing the user information for jellyd
+Enter the new value, or press return for the default
+        Full Name []: Jeremy
+        Room Number []: Smith 130
+        Work Phone []:
+        Home Phone []:
+        Other []:
+

+ +

All of this information is optional. You don't have to enter any of this if you don't +want to, and the user can change it at any time using chfn. +However, you might find it helpful to enter at least the full name and a phone number, in +case you need to get in touch with the person later.

+ + + + + +

+Changing password for jellyd
+Enter the new password (minimum of 5, maximum of 127 characters)
+Please use a combination of upper and lower case letters and numbers.
+New password:
+Re-enter new password:
+Password changed.
+
+Account setup complete.
+

+ +

You'll have to enter a password for the new user. Generally, if the new user is not +physically present at this point, you'll just pick some default password and tell the +user to change it to something more secure.

+ +

+ + + + + +

Choosing a Password: Having a +secure password is the first line of defense against getting cracked. You do not want to +have an easily guessed password, because that makes it easier for someone to break into +your system. Ideally, a secure password would be a random string of characters, including +upper and lowercase letters, numbers, and random characters. (A tab character might not +be a wise choice, depending on what kinds of computers you'll be logging in from.) There +are many software packages that can generate random passwords for you; search the +Internet for these utilities.

+ +

In general, just use common sense: don't pick a password that is someone's birthday, a +common phrase, something found on your desk, or anything that is easily associated with +you. A password like “secure1” or any other password you see in print or +online is also bad.

+ +

Removing users is not difficult at all. Just run userdel with +the name of the account to remove. You should verify that the user is not logged in, and +that no processes are running as that user. Also, remember that once you've deleted the +user, all of that user's password information is gone permanently.

+ + + + + +

+# userdel jellyd
+

+ +

This command removes that annoying jellyd user from your +system. Good riddance! :) The user is removed from the /etc/passwd, /etc/shadow, and /etc/group files, but doesn't remove the user's home directory.

+ +

If you'd wanted to remove the home directory as well, you would instead use this +command:

+ + + + + +

+# userdel -r jellyd
+

+ +

Temporarily disabling an account will be covered in the next section on passwords, +since a temporary change involves changing the user's password. Changing other account +information is covered in Section 12.1.3.

+ +

The programs to add and remove groups are very simple. groupadd will just add another entry to the /etc/group file with a unique group ID, while groupdel will remove the specified group. It is up to you to edit +/etc/group to add users to a specific group. For example, to +add a group called cvs:

+ + + + + +

+# groupadd cvs
+

+ +

And to remove it:

+ + + + + +

+# groupdel cvs
+

+ +

12.1.2 Changing Passwords

+ +

The passwd program changes passwords by modifying the /etc/shadow file. This file holds all the passwords for the system +in an encrypted format. In order to change your own password, you would type:

+ + + + + +

+% passwd
+Changing password for chris
+Old password:
+Enter the new password (minumum of 5, maximum of 127 characters)
+Please use a combination of upper and lower case letters and numbers.
+New password:
+

+ +

As you can see, you are prompted to enter your old password. It won't appear on the +screen as you type it, just like when you log in. Then, you are prompted to enter the new +password. passwd performs a lot of checks on your new password, +and it will complain if your new password doesn't pass its checks. You can ignore its +warnings if you want. You will be prompted to enter your new password a second time for +confirmation.

+ +

If you are root, you can also change another user's +password:

+ + + + + +

+# passwd ted
+

+ +

You will then have to go through the same procedure as above, except that you won't +have to enter the user's old password. (One of the many benefits of being root...)

+ +

If needed, you can also temporarily disable an account, and reenable it at a later +time if needed. Both disabling an account and reenabling an account can be done with passwd. To disable an account, do the following as root:

+ + + + + +

+# passwd -l david
+

+ +

This will change david's password to something that can never match any encrypted +value. You would reenable the account by using:

+ + + + + +

+# passwd -u david
+

+ +

Now, david's account is back to normal. Disabling an account might be useful if the +user doesn't play by the rules you've set up on your system, or if they've exported a +very large copy of xeyes(1) to your X desktop.

+ +

12.1.3 Changing User Information

+ +

There are two pieces of information that users can change at any time: their shell and +their finger information. Slackware Linux uses chsh (change +shell) and chfn (change finger) to modify these values.

+ +

A user can pick any shell that is listed in the /etc/shells +file. For most people, /bin/bash will do just fine. Others might +be familiar with a shell found on their system at work or school and want to use what +they already know. To change your shell, use chsh:

+ + + + + +

+% chsh
+Password:
+Changing the login shell for chris
+Enter the new value, or press return for the default
+        Login Shell [/bin/bash]:
+

+ +

After entering your password, enter the full path to the new shell. Make sure that +it's listed in the /etc/shells(5) file first. The root user can also change any user's shell by running chsh with a username as the argument.

+ +

The finger information is the optional information such as your full name, phone +numbers, and room number. This can be changed using chfn, and +follows the same procedure as it did during account creation. As usual, root can change anyone's finger information.