FLOPPIX Home | FAQ | Download | Labs | ToC | Back |  Next 

Adding New Users


Notes:

  1. Adding new users can only be done by a user with superuser privileges.
     
  2. Normally adding new users is handled by means of a script or utility (called useradd, or adduser ...) Users can be added manually but on a production system, you should use the utility programs since they will handle tasks such as locking the passwd file while it is modified.

    It is a valuable exercise to go through the process of adding users manually on a practice system; this provides a solid understanding of the files that control each aspect of a user account giving you the knowledge required to prevent or troubleshoot any problems.

    On Floppix (of course), users must be added manually.
     

  3. When new users are added, you must modify the file /etc/passwd and possibly /etc/group. Be careful when you modify these files; a mistake could mean either that no-one can access your system or that everyone has root access to your system.
     
  4. In Debian, each new user is added with their own group; for example, if samiam is added as a user and a group called samiam would be setup with samiam as the only member.
     
  5. User id's are allocated as follows:


Exercises:

Add a new user called samiam following these steps

  1. Edit /etc/passwd and add an entry for the samiam user. Put this line at the end of the file.
    samiam:*:1003:1003:DrSuess:/home/samiam:/bin/bash
    Interpretation:
  2. Edit /etc/group and add an entry for the samiam group at the end of the file. The line should be:
    samiam:*:1003:
    Interpretation:
  3. Create a home directory for samiam; this directory should be /home/samiam.
     
  4. Copy the system configuration files from /etc/skel to the home directory. Note: there are files in /etc/skel .
     
  5. Change the ownership so that the home directory and all of its contents are owned by samiam. The commands are:
    chown -R samiam /home/samiam
    chgrp -R samiam /home/samiam

    The -R parameter changes the owner (or group) of the directory and everything stored in that directory.
     
  6. Check the permissions on the /home/samiam and its contents. Samiam must have rwx permissions on his home directory; the world should not have any permissions.
     
  7. Change the password. ( passwd samiam )
     
  8. If you want to fill in the rest of the gecos data ( chfn samiam )
     
  9. Now that you have created the account, switch to console 2 and make sure that you can login as samiam.
     
  10. If you cannot login as samiam, check the entries in /etc/passwd and /etc/group. Once you can login, you should also check that:

Experiment with the samiam account

  1. Edit /etc/passwd and put a * at the beginning of the password field for samiam. Switch to another console and try to login as samiam. What happens?
    answer: samiam should not be able to login; the account is temporarily disabled
     
  2. Edit /etc/passwd and delete the * you inserted. Switch to another console and try to login as samiam. What happens?
    answer: You should be able to login again.
     
  3. Edit /etc/passwd, delete the password field for samiam and then login as samiam. What happens?
    answer: You should be able to login without getting a password prompt.
     
  4. Edit /etc/passwd, change the home directory for samiam to /tmp and then login as samiam. What happens?
    answer: Samiam's home directory is now /tmp.
     
  5. Edit /etc/passwd, change the login shell for samiam to /usr/bin/flin and then login as samiam. What happens?
    answer: Samiam's login shell is now flin.
     
  6. Edit /etc/passwd, change the login shell for samiam to /usr/bin/passwd and then login as samiam. What happens?
    answer: samiam can only change his password, he does not get a login shell.
     
  7. Edit /etc/passwd, change the login shell for samiam to /bin/true and then login as samiam. What happens?
    answer: samiam gets only get the motd (message of the day) and his mail status. He does not get a login shell.
     
  8. What will happen if you change samiam's login shell to /bin/ls? Test your answer to see if you are correct.
     
  9. Edit /etc/passwd, change the login shell for samiam to /bin/bash, change the gid for samiam to 100 and then login as samiam. Use touch to create a new file. What group does the file belong in?
    answer: users
     
  10. Edit /etc/passwd, change the uid for samiam to 0 and then login as samiam. How can you test to see if samiam has superuser privileges? Is samiam now a superuser account?
    answer: yes.

Setup an account for iamsam that is ftp only (iamsam can ftp but cannot login)

  1. To get ftp access, the iamsam account must satisfy 3 conditions:
  2. Starting with the shell, make iamsam's login shell /bin/true . Edit /etc/shells to include /bin/true as a valid login shell.
     
  3. Make sure that iamsam is not listed in /etc/ftpaccess.
     
  4. Create an account for iamsam following the steps used to create the samiam account. Make sure that you use a unique username, uid, groupname, gid, and home directory. Make sure that the login shell is /bin/true so that iamsam will not have shell access.

Copyright © L.M.MacEwan
FLOPPIX Home | FAQ | Download | Labs | ToC | Back |  Next