Slackware Linux Essentials
Prev		Next

Chapter 12 Essential System -Administration

- -

Table of Contents
12.1 Users and -Groups
12.2 Users and Groups, the Hard -Way
12.3 Shutting Down Properly

- -

Whoa whoa whoa whoa whoa.... I know what you're thinking. “I'm not a system -administrator! I don't even want to be a system administrator!”

- -

Fact is, you are the administrator of any computers for which you have the root password. This might be your desktop box with one or two -users, or it might be a big server with several hundred. Regardless, you'll need to know -how to manage users, and how to shut down the system safely. These tasks seem simple, but -they have some quirks to keep in mind.

- -

12.1 -Users and Groups

- -

As mentioned in Chapter 8, you shouldn't normally use your -system logged in as root. Instead, you should create a normal -user account for everyday use, and use the root account only for system administration -tasks. To create a user, you can either use the tools supplied with Slackware, or you can -edit the password files by hand.

- -

12.1.1 Supplied Scripts

- -

The easiest way to manage users and groups is with the supplied scripts and programs. -Slackware includes the programs adduser, userdel(8), chfn(1), chsh(1), and passwd(1) for dealing with -users. The commands groupadd(8), groupdel(8), and groupmod(8) are for -dealing with groups. With the exception of chfn, chsh, and passwd, these programs are -generally only run as root, and are therefore located in /usr/sbin. chfn, chsh, and passwd can be run by anyone, and -are located in /usr/bin.

- -

Users can be added with the adduser program. We'll start out -by going through the whole procedure, showing all the questions that are asked and a -brief description of what everything means. The default answer is in the brackets, and -can be chosen for almost all the questions, unless you really want to change -something.

- - - - - -

-# adduser
-Login name for new user []: jellyd
-

- -

This is the name that the user will use to login. Traditionally, login names are eight -characters or fewer, and all lowercase characters. (You may use more than eight -characters, or use digits, but avoid doing so unless you have a fairly important -reason.)

- -

You can also provide the login name as an argument on the command line:

- - - - - -

-# adduser jellyd
-

- -

In either case, after providing the login name, adduser will prompt for the user -ID:

- - - - - -

-User ID ('UID') [ defaults to next available ]:
-

- -

The user ID (UID) is how ownerships are really determined in Linux. Each user has a -unique number, starting at 1000 in Slackware. You can pick a UID for the new user, or you -can just let adduser assign the user the next free one.

- - - - - -

-Initial group [users]:
-

- -

All users are placed into the users group by default. You -might want to place the new user into a different group, but it is not recommended unless -you know what you're doing.

- - - - - -

-Additional groups (comma separated) []:
-

- -

This question allows you to place the new user into additional groups. It is possible -for a user to be in several groups at the same time. This is useful if you have -established groups for things like modifying web site files, playing games, and so on. -For example, some sites define group wheel as the only group -that can use the su command. Or, a default Slackware -installation uses the sys group for users authorized to play -sounds through the internal sound card.

- - - - - -

-Home directory [/home/jellyd]
-

- -

Home directories default to being placed under /home. If you -run a very large system, it's possible that you have moved the home directories to a -different location (or to many locations). This step allows you to specify where the -user's home directory will be.

- - - - - -

-Shell [ /bin/bash ]
-

- -

bash is the default shell for Slackware Linux, and will be -fine for most people. If your new user comes from a Unix background, they may be familiar -with a different shell. You can change their shell now, or they can change it themselves -later using the chsh command.

- - - - - -

-Expiry date (YYYY-MM-DD) []:
-

- -

Accounts can be set up to expire on a specified date. By default, there is no -expiration date. You can change that, if you'd like. This option might be useful for -people running an ISP who might want to make an account expire upon a certain date, -unless they receive the next year's payment.

- - - - - -

-New account will be created as follows:
----------------------------------------
-Login name:         jellyd
-UID:                [ Next available ]
-Initial group:      users
-Additional groups:  [ None ]
-Home directory:     /home/jellyd
-Shell:              /bin/bash
-Expiry date:        [ Never ]
-

- -

This is it... if you want to bail out, hit Control+C. Otherwise, press ENTER to go ahead and -make the account.

- -

You now see all the information that you've entered about the new account and are -given the opportunity to abort the account creation. If you entered something -incorrectly, you should hit Control+C and -start over. Otherwise, you can hit enter and the account -will be made.

- - - - - -

-Creating new account...
-
-Changing the user information for jellyd
-Enter the new value, or press return for the default
-        Full Name []: Jeremy
-        Room Number []: Smith 130
-        Work Phone []:
-        Home Phone []:
-        Other []:
-

- -

All of this information is optional. You don't have to enter any of this if you don't -want to, and the user can change it at any time using chfn. -However, you might find it helpful to enter at least the full name and a phone number, in -case you need to get in touch with the person later.

- - - - - -

-Changing password for jellyd
-Enter the new password (minimum of 5, maximum of 127 characters)
-Please use a combination of upper and lower case letters and numbers.
-New password:
-Re-enter new password:
-Password changed.
-
-Account setup complete.
-

- -

You'll have to enter a password for the new user. Generally, if the new user is not -physically present at this point, you'll just pick some default password and tell the -user to change it to something more secure.

- -

- - - - - -

Choosing a Password: Having a -secure password is the first line of defense against getting cracked. You do not want to -have an easily guessed password, because that makes it easier for someone to break into -your system. Ideally, a secure password would be a random string of characters, including -upper and lowercase letters, numbers, and random characters. (A tab character might not -be a wise choice, depending on what kinds of computers you'll be logging in from.) There -are many software packages that can generate random passwords for you; search the -Internet for these utilities.

- -

In general, just use common sense: don't pick a password that is someone's birthday, a -common phrase, something found on your desk, or anything that is easily associated with -you. A password like “secure1” or any other password you see in print or -online is also bad.

- -

Removing users is not difficult at all. Just run userdel with -the name of the account to remove. You should verify that the user is not logged in, and -that no processes are running as that user. Also, remember that once you've deleted the -user, all of that user's password information is gone permanently.

- - - - - -

-# userdel jellyd
-

- -

This command removes that annoying jellyd user from your -system. Good riddance! :) The user is removed from the /etc/passwd, /etc/shadow, and /etc/group files, but doesn't remove the user's home directory.

- -

If you'd wanted to remove the home directory as well, you would instead use this -command:

- - - - - -

-# userdel -r jellyd
-

- -

Temporarily disabling an account will be covered in the next section on passwords, -since a temporary change involves changing the user's password. Changing other account -information is covered in Section 12.1.3.

- -

The programs to add and remove groups are very simple. groupadd will just add another entry to the /etc/group file with a unique group ID, while groupdel will remove the specified group. It is up to you to edit -/etc/group to add users to a specific group. For example, to -add a group called cvs:

- - - - - -

-# groupadd cvs
-

- -

And to remove it:

- - - - - -

-# groupdel cvs
-

- -

12.1.2 Changing Passwords

- -

The passwd program changes passwords by modifying the /etc/shadow file. This file holds all the passwords for the system -in an encrypted format. In order to change your own password, you would type:

- - - - - -

-% passwd
-Changing password for chris
-Old password:
-Enter the new password (minumum of 5, maximum of 127 characters)
-Please use a combination of upper and lower case letters and numbers.
-New password:
-

- -

As you can see, you are prompted to enter your old password. It won't appear on the -screen as you type it, just like when you log in. Then, you are prompted to enter the new -password. passwd performs a lot of checks on your new password, -and it will complain if your new password doesn't pass its checks. You can ignore its -warnings if you want. You will be prompted to enter your new password a second time for -confirmation.

- -

If you are root, you can also change another user's -password:

- - - - - -

-# passwd ted
-

- -

You will then have to go through the same procedure as above, except that you won't -have to enter the user's old password. (One of the many benefits of being root...)

- -

If needed, you can also temporarily disable an account, and reenable it at a later -time if needed. Both disabling an account and reenabling an account can be done with passwd. To disable an account, do the following as root:

- - - - - -

-# passwd -l david
-

- -

This will change david's password to something that can never match any encrypted -value. You would reenable the account by using:

- - - - - -

-# passwd -u david
-

- -

Now, david's account is back to normal. Disabling an account might be useful if the -user doesn't play by the rules you've set up on your system, or if they've exported a -very large copy of xeyes(1) to your X desktop.

- -

12.1.3 Changing User Information

- -

There are two pieces of information that users can change at any time: their shell and -their finger information. Slackware Linux uses chsh (change -shell) and chfn (change finger) to modify these values.

- -

A user can pick any shell that is listed in the /etc/shells -file. For most people, /bin/bash will do just fine. Others might -be familiar with a shell found on their system at work or school and want to use what -they already know. To change your shell, use chsh:

- - - - - -

-% chsh
-Password:
-Changing the login shell for chris
-Enter the new value, or press return for the default
-        Login Shell [/bin/bash]:
-

- -

After entering your password, enter the full path to the new shell. Make sure that -it's listed in the /etc/shells(5) file first. The root user can also change any user's shell by running chsh with a username as the argument.

- -

The finger information is the optional information such as your full name, phone -numbers, and room number. This can be changed using chfn, and -follows the same procedure as it did during account creation. As usual, root can change anyone's finger information.