Unit 5 – User
Administration
Randy Marchany
VA Tech Computing
Center
Understanding the Login
Procedure
 Multiple ways of logging into the system
– telnet – cleartext – not recommended
– ssh – encrypted – highly recommended
• Ssh clients available on VTNET CD for PC/MAC
 User information is parsed from
/etc/passwd file at login and the base
environment variables are set.
Understanding the Login
Procedure
 Base environment variables
– HOME – location of your home directory
– LOGNAME – your login name (userid)
– PATH – default search path for commands
– SHELL – default shell
– MAIL – location of your email directory
– TZ – time zone specification
/etc/password, /etc/shadow
 These files are the critical files that contain
all of the user information for your system
 /etc/passwd is world readable, /etc/shadow
is readable by root only. Why?
– /etc/shadow contains the encrypted password
string for each userid. There are password
cracking programs that will use this encrypted
string to brute force guess the userid password.
/etc/passwd Format
 7 fields
 Userid:Password string:UID:GID:Name
field:home directory location:default shell
 Userid – the login id of the user account
 Password string – a marker X, in older
Unix systems this is where the encrypted
password string would have been stored.
/etc/passwd Format
 UID – unique number that identifies the userid.
The OS uses this NOT the username to identify
an account.
 GID – unique number identifying the group the
userid belongs to.
 Name field – name of the account owner
 Home directory location – where the default
home directory for this userid is located.
 Default shell – the default shell activated upon
logging into the system
The UID/GID Pair
 The UID must be unique between userids.
 You can have multiple usernames
associated with the same UID. Solaris will
treat all of them as the same userid.
 UID 0 is root. There should be only 1
account with this UID.
 UIDs must be unique across systems.
Adding Users
 Admintool is the main GUI that handles
user management.
 useradd command adds a new user.
 Command line:
– useradd –d dir –u uid –s shell
–g group –c comment username
– These are the most common flags but there are
others. See the man page.
Modifying Users
 Admintool is the preferred method.
 /usr/sbin/usermod is the command line
version.
 Command line:
– /usr/sbin/usermod –u uid –g group –s
shell userid
– There are more flags but these are the most
common ones used.
Deleting Users
 Admintool is the preferred method
 The userdel command deletes a user from
the system and modifies /etc/passwd,
/etc/group, /etc/shadow appropriately.
 Command line:
– /usr/sbin/userdel –r userid
– The –r option deletes the user’s home
directory.
Adding/modifying Groups
 Admintool GUI is the first choice.
 groupadd command creates a new group.
 Command line:
– /usr/sbin/groupadd –g gid
groupname
 Modifying the group via command line
– /usr/sbin/groupmod –g gid –n
name group
Deleting Groups
 Admintool is the preferred method (duh!)
 The groupdel command deletes a group
from the system.
 Command line:
– /usr/sbin/groupdel group
Setting Up the User
Environment
 System initialization files define
environment variables when a user shell is
started.
 2 types
– System – sets environment variable for
everyone on the system
– User – sets the environment variable for a
single user only
Setting Up the User
Environment
 System initialization files are executed first when
the user logs in.
– Bourne shell: /etc/profile
– Korn shell: /etc/profile
– C shell: /etc/.login
 User initialization files are executed next.
– Bourne shell: $HOME/.profile
– Korn shell: $HOME/.profile
– C shell: $HOME/.cshrc, $HOME/.login
Setting Up the User
Environment
 Default /etc/profile and /etc/.login files
check quotas, print the MOTD, and check
for email (“You have Mail”).
 If $HOME/.hushlogin exists, the MOTD is
not printed.
 You can add any other system wide
commands to these files.
The .profile file
 Each user can make changes to their
.profile or .cshrc or .login files.
 The user customizes their environment by
adding or deleting commands from these
files.
 The most common variable is the PATH
command. This defines the search order for
your commands.
The /etc/profile file
 This file sets the default permissions for
files (umask command).
 It prints out the MOTD. The MOTD is
stored in /etc/motd with additional
information in /etc/issue.
 It can be used to set the environment for
third party software such as Arcinfo or any
other GIS software.
The /etc/skel files
 Templates that are used to create the user
initialization files are stored in /etc/skel.
 Bourne and Korn shells use the template
/etc/skel/local.profile.
 C shell uses the templates /etc/skel/local.cshrc
and /etc/skel/local.login.
 These templates are modified based on the
information provided by useradd and the copies
are moved to the user home directories. They are
renamed to .profile, .login and .cshrc as needed.
The /etc/skel files
 You can modify these templates to ensure
your customizations are placed in all user
environments.
 Sun recommends you create a new
directory to contain your site specific files.
 Make the changes in these files and copy
them to the user directories.
 I must admit that I don’t do this.