Adding New Users
Adding new users can only be done by a user with superuser privileges.
Normally adding new users is handled by means of a script or utility (called
useradd, or adduser ...) Users can be added manually but on a production
system, you should use the utility programs since they will handle tasks
such as locking the passwd file while it is modified.
It is a valuable exercise to go through the process of adding users manually
on a practice system; this provides a solid understanding of the files that
control each aspect of a user account giving you the knowledge required to
prevent or troubleshoot any problems.
On Floppix (of course), users must be added manually.
When new users are added, you must modify the file /etc/passwd and possibly
/etc/group. Be careful when you modify these files; a mistake could mean
either that no-one can access your system or that everyone has root access
to your system.
In Debian, each new user is added with their own group; for example, if samiam
is added as a user and a group called samiam would be setup with samiam as
the only member.
User id's are allocated as follows:
uid 0 - reserved for the superuser
uid 1-99 - reserved for administrative accounts
Debian starts assigning new userids at 1000
Add a new user called samiam following these steps
Edit /etc/passwd and add an entry for the samiam user. Put this line at the
end of the file.
samiam : the username
* : the password (you cannot login using this password; the * prevents anyone
from logging as samiam until the account is completely setup)
1003 : the userid
1003 : the groupid (this does not have to be the same as the uid)
Dr. Suess : the real name
/home/samiam : the home directory
/bin/bash : the login shell
Edit /etc/group and add an entry for the samiam group at the end of the file.
The line should be:
samiam : the groupname
* : the group password (for security reasons, group passwords should not
1003 : the groupid
the fourth field is left empty. For multiuser groups, this field would be
a list of the users in the group separated by commas.
Create a home directory for samiam; this directory should be /home/samiam.
Copy the system configuration files from /etc/skel to the home directory.
Note: there are files in /etc/skel .
Change the ownership so that the home directory and all of its contents are
owned by samiam. The commands are:
chown -R samiam /home/samiam
chgrp -R samiam /home/samiam
The -R parameter changes the owner (or group) of the directory and everything
stored in that directory.
Check the permissions on the /home/samiam and its contents. Samiam must have
rwx permissions on his home directory; the world should not have any
Change the password. ( passwd samiam )
If you want to fill in the rest of the gecos data ( chfn samiam
Now that you have created the account, switch to console 2 and make sure
that you can login as samiam.
If you cannot login as samiam, check the entries in /etc/passwd and /etc/group.
Once you can login, you should also check that:
you are in the directory /home/samiam
the .bash_profile executed properly (the screen should be blue)
you can create a newfile in this directory (there is not much point in giving
a user a home directory if they cannot store files in it)
Experiment with the samiam account
Edit /etc/passwd and put a * at the beginning of the password field for samiam.
Switch to another console and try to login as samiam. What happens?
answer: samiam should not be able to login; the account is temporarily
Edit /etc/passwd and delete the * you inserted. Switch to another console
and try to login as samiam. What happens?
answer: You should be able to login again.
Edit /etc/passwd, delete the password field for samiam and then login as
samiam. What happens?
answer: You should be able to login without getting a password
Edit /etc/passwd, change the home directory for samiam to /tmp and then login
as samiam. What happens?
answer: Samiam's home directory is now /tmp.
Edit /etc/passwd, change the login shell for samiam to /usr/bin/flin and
then login as samiam. What happens?
answer: Samiam's login shell is now flin.
Edit /etc/passwd, change the login shell for samiam to /usr/bin/passwd and
then login as samiam. What happens?
answer: samiam can only change his password, he does not get a login
Edit /etc/passwd, change the login shell for samiam to /bin/true and then
login as samiam. What happens?
answer: samiam gets only get the motd (message of the day) and his
mail status. He does not get a login shell.
What will happen if you change samiam's login shell to /bin/ls? Test your
answer to see if you are correct.
Edit /etc/passwd, change the login shell for samiam to /bin/bash, change
the gid for samiam to 100 and then login as samiam. Use touch to create a
new file. What group does the file belong in?
Edit /etc/passwd, change the uid for samiam to 0 and then login as samiam.
How can you test to see if samiam has superuser privileges? Is samiam now
a superuser account?
Setup an account for iamsam that is ftp only (iamsam can ftp but cannot
To get ftp access, the iamsam account must satisfy 3 conditions:
iamsam must have an entry in /etc/passwd with a non-null password
iamsam cannot be listed in the file /etc/ftpaccess (this file lists all of
the users who do NOT have ftp access)
iamsam must have a valid login shell as listed in /etc/shells
Starting with the shell, make iamsam's login shell /bin/true . Edit /etc/shells
to include /bin/true as a valid login shell.
Make sure that iamsam is not listed in /etc/ftpaccess.
Create an account for iamsam following the steps used to create the samiam
account. Make sure that you use a unique username, uid, groupname, gid, and
home directory. Make sure that the login shell is /bin/true so that iamsam
will not have shell access.